Ändra sökning
Länk till posten
Permanent länk

Direktlänk
BETA
Alternativa namn
Publikationer (10 of 86) Visa alla publikationer
Johnson, P., Lagerström, R., Ekstedt, M. & Franke, U. (2018). Can the Common Vulnerability Scoring System be Trusted?: A Bayesian Analysis. IEEE Transactions on Dependable and Secure Computing, 15(6), 1002-1015, Article ID 7797152.
Öppna denna publikation i ny flik eller fönster >>Can the Common Vulnerability Scoring System be Trusted?: A Bayesian Analysis
2018 (Engelska)Ingår i: IEEE Transactions on Dependable and Secure Computing, ISSN 1545-5971, E-ISSN 1941-0018, Vol. 15, nr 6, s. 1002-1015, artikel-id 7797152Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

The Common Vulnerability Scoring System (CVSS) is the state-of-the art system for assessing software vulnerabilities. However, it has been criticized for lack of validity and practitioner relevance. In this paper, the credibility of the CVSS scoring data found in five leading databases – NVD, X-Force, OSVDB, CERT-VN, and Cisco – is assessed. A Bayesian method is used to infer the most probable true values underlying the imperfect assessments of the databases, thus circumventing the problem that ground truth is not known. It is concluded that with the exception of a few dimensions, the CVSS is quite trustworthy. The databases are relatively consistent, but some are better than others. The expected accuracy of each database for a given dimension can be found by marginalizing confusion matrices. By this measure, NVD is the best and OSVDB is the worst of the assessed databases.

Ort, förlag, år, upplaga, sidor
IEEE Press, 2018
Nyckelord
cyber security, software vulnerability, CVSS, information security
Nationell ämneskategori
Datorsystem
Identifikatorer
urn:nbn:se:kth:diva-200695 (URN)10.1109/TDSC.2016.2644614 (DOI)000449980000008 ()2-s2.0-85056520813 (Scopus ID)
Forskningsfinansiär
EU, FP7, Sjunde ramprogrammet, 607109Myndigheten för samhällsskydd och beredskap, MSB , 2015-6986StandUp
Anmärkning

QC 20170202

Tillgänglig från: 2017-02-01 Skapad: 2017-02-01 Senast uppdaterad: 2019-03-12Bibliografiskt granskad
Välja, M., Korman, M. & Lagerström, R. (2017). A study on software vulnerabilities and weaknesses of embedded systems in power networks. In: Proceedings - 2017 2nd Workshop on Cyber-Physical Security and Resilience in Smart Grids, CPSR-SG 2017 (part of CPS Week): . Paper presented at 2nd Workshop on Cyber-Physical Security and Resilience in Smart Grids, CPSR-SG 2017, 21 April 2017 (pp. 47-52). Association for Computing Machinery, Inc
Öppna denna publikation i ny flik eller fönster >>A study on software vulnerabilities and weaknesses of embedded systems in power networks
2017 (Engelska)Ingår i: Proceedings - 2017 2nd Workshop on Cyber-Physical Security and Resilience in Smart Grids, CPSR-SG 2017 (part of CPS Week), Association for Computing Machinery, Inc , 2017, s. 47-52Konferensbidrag (Refereegranskat)
Abstract [en]

In this paper we conduct an empirical study with the purpose of identifying common software weaknesses of embedded devices used as part of industrial control systems in power grids. The data is gathered about the devices and software of 6 companies, ABB, General Electric, Schneider Electric, Schweitzer Engineering Laboratories, Siemens and Wind River. The study uses data from the manufacturersfi online databases, NVD, CWE and ICS CERT. We identified that the most common problems that were reported are related to the improper input validation, cryptographic issues, and programming errors.

Ort, förlag, år, upplaga, sidor
Association for Computing Machinery, Inc, 2017
Nyckelord
Cyber security, Power networks, Software vulnerability CVSS, Electric network analysis, Electric power transmission networks, Embedded systems, Intelligent control, Laboratories, Network security, Smart power grids, Cryptographic issues, Engineering laboratories, Industrial control systems, Programming errors, Schneider electrics, Software vulnerabilities, Electric power system control
Nationell ämneskategori
Datorsystem
Identifikatorer
urn:nbn:se:kth:diva-216531 (URN)10.1145/3055386.3055397 (DOI)2-s2.0-85019013078 (Scopus ID)9781450349789 (ISBN)
Konferens
2nd Workshop on Cyber-Physical Security and Resilience in Smart Grids, CPSR-SG 2017, 21 April 2017
Anmärkning

QC 20171128

Tillgänglig från: 2017-11-28 Skapad: 2017-11-28 Senast uppdaterad: 2017-11-28Bibliografiskt granskad
Korman, M., Välja, M., Björkman, G., Ekstedt, M., Vernotte, A. & Lagerström, R. (2017). Analyzing the effectiveness of attack countermeasures in a SCADA system. In: Proceedings - 2017 2nd Workshop on Cyber-Physical Security and Resilience in Smart Grids, CPSR-SG 2017 (part of CPS Week): . Paper presented at 2nd Workshop on Cyber-Physical Security and Resilience in Smart Grids, CPSR-SG 2017, 21 April 2017 (pp. 73-78). Association for Computing Machinery, Inc
Öppna denna publikation i ny flik eller fönster >>Analyzing the effectiveness of attack countermeasures in a SCADA system
Visa övriga...
2017 (Engelska)Ingår i: Proceedings - 2017 2nd Workshop on Cyber-Physical Security and Resilience in Smart Grids, CPSR-SG 2017 (part of CPS Week), Association for Computing Machinery, Inc , 2017, s. 73-78Konferensbidrag (Refereegranskat)
Abstract [en]

The SCADA infrastructure is a key component for power grid operations. Securing the SCADA infrastructure against cyber intrusions is thus vital for a well-functioning power grid. However, the task remains a particular challenge, not the least since not all available security mechanisms are easily deployable in these reliability-critical and complex, multi-vendor environments that host modern systems alongside legacy ones, to support a range of sensitive power grid operations. This paper examines how effective a few countermeasures are likely to be in SCADA environments, including those that are commonly considered out of bounds. The results show that granular network segmentation is a particularly effective countermeasure, followed by frequent patching of systems (which is unfortunately still difficult to date). The results also show that the enforcement of a password policy and restrictive network configuration including whitelisting of devices contributes to increased security, though best in combination with granular network segmentation.

Ort, förlag, år, upplaga, sidor
Association for Computing Machinery, Inc, 2017
Nyckelord
Cyber security, SCADA system, Security controls, Threat modeling, Vulnerability assessment, Electric power system security, Electric power transmission networks, Legacy systems, SCADA systems, Smart power grids, Multi-vendor environment, Network configuration, Network segmentation, Power grid operations, Vulnerability assessments, Network security
Nationell ämneskategori
Datorsystem
Identifikatorer
urn:nbn:se:kth:diva-216532 (URN)10.1145/3055386.3055393 (DOI)2-s2.0-85019036296 (Scopus ID)9781450349789 (ISBN)
Konferens
2nd Workshop on Cyber-Physical Security and Resilience in Smart Grids, CPSR-SG 2017, 21 April 2017
Anmärkning

QC 20171128

Tillgänglig från: 2017-11-28 Skapad: 2017-11-28 Senast uppdaterad: 2017-11-28Bibliografiskt granskad
Lagerström, R., Johnson, P. & Ekstedt, M. (2017). Automatic Design of Secure Enterprise Architecture. In: Halle, S Dijkman, R Lapalme, J (Ed.), Proceedings of the 2017 IEEE 21st International Enterprise Distributed Object Computing Conference Workshops and Demonstrations (EDOCW 2017): . Paper presented at 21st IEEE International Enterprise Distributed Object Computing Conference (EDOC), OCT 10-13, 2017, Quebec City, CANADA (pp. 65-70). Institute of Electrical and Electronics Engineers (IEEE)
Öppna denna publikation i ny flik eller fönster >>Automatic Design of Secure Enterprise Architecture
2017 (Engelska)Ingår i: Proceedings of the 2017 IEEE 21st International Enterprise Distributed Object Computing Conference Workshops and Demonstrations (EDOCW 2017) / [ed] Halle, S Dijkman, R Lapalme, J, Institute of Electrical and Electronics Engineers (IEEE), 2017, s. 65-70Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

Architecture models mainly have three functions; 1) document, 2) analyze, and 3) improve the system under consideration. All three functions have suffered from being time-consuming and expensive, mainly due to being manual processes in need of hard to find expertise. Recent work has however automated both the data collection and the analysis. In order for enterprise architecture modeling to finally become free of manual labor the design function also needs to be automated. In this position paper we propose the Automatic Designer. A solution that employs machine learning techniques to realize the design of (near) optimal architecture solutions. This particular implementation is focused on security analysis, but could easily be extended to other topics.

Ort, förlag, år, upplaga, sidor
Institute of Electrical and Electronics Engineers (IEEE), 2017
Serie
IEEE International Enterprise Distributed Object Computing Conference Workshops-EDOCW, ISSN 2325-6583
Nationell ämneskategori
Annan data- och informationsvetenskap
Identifikatorer
urn:nbn:se:kth:diva-220665 (URN)10.1109/EDOCW.2017.19 (DOI)000417417800011 ()2-s2.0-85043595735 (Scopus ID)978-1-5386-1568-3 (ISBN)
Konferens
21st IEEE International Enterprise Distributed Object Computing Conference (EDOC), OCT 10-13, 2017, Quebec City, CANADA
Anmärkning

QC 20191009

Tillgänglig från: 2017-12-29 Skapad: 2017-12-29 Senast uppdaterad: 2019-10-09Bibliografiskt granskad
Vernotte, A., Johnson, P., Ekstedt, M. & Lagerström, R. (2017). In-Depth Modeling of the UNIX Operating System for Architectural Cyber Security Analysis. In: Halle, S Dijkman, R Lapalme, J (Ed.), PROCEEDINGS OF THE 2017 IEEE 21ST INTERNATIONAL ENTERPRISE DISTRIBUTED OBJECT COMPUTING CONFERENCE WORKSHOPS AND DEMONSTRATIONS (EDOCW 2017): . Paper presented at 21st IEEE International Enterprise Distributed Object Computing Conference (EDOC), OCT 10-13, 2017, Quebec City, CANADA (pp. 127-136). Institute of Electrical and Electronics Engineers (IEEE)
Öppna denna publikation i ny flik eller fönster >>In-Depth Modeling of the UNIX Operating System for Architectural Cyber Security Analysis
2017 (Engelska)Ingår i: PROCEEDINGS OF THE 2017 IEEE 21ST INTERNATIONAL ENTERPRISE DISTRIBUTED OBJECT COMPUTING CONFERENCE WORKSHOPS AND DEMONSTRATIONS (EDOCW 2017) / [ed] Halle, S Dijkman, R Lapalme, J, Institute of Electrical and Electronics Engineers (IEEE), 2017, s. 127-136Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

ICT systems have become an integral part of business and life. At the same time, these systems have become extremely complex. In such systems exist numerous vulnerabilities waiting to be exploited by potential threat actors. pwnPr3d is a novel modelling approach that performs automated architectural analysis with the objective of measuring the cyber security of the modeled architecture. Its integrated modelling language allows users to model software and hardware components with great level of details. To illustrate this capability, we present in this paper the metamodel of UNIX, operating systems being the core of every software and every IT system. After describing the main UNIX constituents and how they have been modelled, we illustrate how the modelled OS integrates within pwnPr3d's rationale by modelling the spreading of a self-replicating malware inspired by WannaCry.

Ort, förlag, år, upplaga, sidor
Institute of Electrical and Electronics Engineers (IEEE), 2017
Serie
IEEE International Enterprise Distributed Object Computing Conference Workshops-EDOCW, ISSN 2325-6583
Nationell ämneskategori
Datorsystem
Identifikatorer
urn:nbn:se:kth:diva-220666 (URN)10.1109/EDOCW.2017.26 (DOI)000417417800020 ()2-s2.0-85043606711 (Scopus ID)978-1-5386-1568-3 (ISBN)
Konferens
21st IEEE International Enterprise Distributed Object Computing Conference (EDOC), OCT 10-13, 2017, Quebec City, CANADA
Forskningsfinansiär
EU, FP7, Sjunde ramprogrammet, 607109Myndigheten för samhällsskydd och beredskap, MSB
Anmärkning

QC 20180108

Tillgänglig från: 2018-01-08 Skapad: 2018-01-08 Senast uppdaterad: 2019-09-23
Välja, M., Korman, M., Lagerström, R., Franke, U. & Ekstedt, M. (2016). Automated Architecture Modeling for Enterprise Technology Management Using Principles from Data Fusion: A Security Analysis Case. In: Kocaoglu, DF Anderson, TR Daim, TU Kozanoglu, DC Niwa, K Perman, G (Ed.), PORTLAND INTERNATIONAL CONFERENCE ON MANAGEMENT OF ENGINEERING AND TECHNOLOGY (PICMET 2016): TECHNOLOGY MANAGEMENT FOR SOCIAL INNOVATION. Paper presented at Portland International Conference on Management of Engineering and Technology (PICMET), SEP 04-08, 2016, Honolulu, HI (pp. 14-22). IEEE
Öppna denna publikation i ny flik eller fönster >>Automated Architecture Modeling for Enterprise Technology Management Using Principles from Data Fusion: A Security Analysis Case
Visa övriga...
2016 (Engelska)Ingår i: PORTLAND INTERNATIONAL CONFERENCE ON MANAGEMENT OF ENGINEERING AND TECHNOLOGY (PICMET 2016): TECHNOLOGY MANAGEMENT FOR SOCIAL INNOVATION / [ed] Kocaoglu, DF Anderson, TR Daim, TU Kozanoglu, DC Niwa, K Perman, G, IEEE , 2016, s. 14-22Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

Architecture models arc used in enterprise management for decision support. These decisions range from designing processes to planning for the appropriate supporting technology. It is unreasonable for an existing enterprise to completely reinvent itself. Incremental changes are in most cases a more resource efficient tactic. Thus, for planning organizational changes, models of the current practices and systems need to be created. For mid-sized to large organizations this can be an enormous task when executed manually. Fortunately, there's a lot of data available from different sources within an enterprise that can be used for populating such models. The data are however almost always heterogeneous and usually only representing fragmented views of certain aspects. In order to merge such data and obtaining a unified view of the enterprise a suitable methodology is needed. In this paper we address this problem of creating enterprise architecture models from heterogeneous data. The paper proposes a novel approach that combines methods from the fields of data fusion and data warehousing. The approach is tested using a modeling language focusing on cyber security analysis in a study of a lab setup mirroring a small power utility's IT environment.

Ort, förlag, år, upplaga, sidor
IEEE, 2016
Serie
Portland International Conference on Management of Engineering and Technology, ISSN 2159-5100
Nationell ämneskategori
Data- och informationsvetenskap
Identifikatorer
urn:nbn:se:kth:diva-242720 (URN)10.1109/PICMET.2016.7806662 (DOI)000403104500002 ()2-s2.0-85016195766 (Scopus ID)
Konferens
Portland International Conference on Management of Engineering and Technology (PICMET), SEP 04-08, 2016, Honolulu, HI
Anmärkning

QC 20190220

Tillgänglig från: 2019-02-20 Skapad: 2019-02-20 Senast uppdaterad: 2019-09-19
Lagerström, R., Addibpour, M. & Heiser, F. (2016). Product Feature Prioritization using the Hidden Structure Method: A Practical Case at Ericsson. In: : . Paper presented at Portland International Center for Management of Engineering and Technology (PICMET) conference (pp. 2308-2315).
Öppna denna publikation i ny flik eller fönster >>Product Feature Prioritization using the Hidden Structure Method: A Practical Case at Ericsson
2016 (Engelska)Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

In this paper, we present a case were we employ the Hidden Structure method to product feature prioritization at Ericsson. The method extends the more common Design Structure Matrix (DSM) approach that has been used in technology management (e.g. project management and systems engineering) for quite some time in order to model complex systems and processes. The hidden structure method focuses on analyzing a DSM based on coupling and modularity theory, and it has been used in a number of software architecture and software portfolio cases. In previous work by the authors the method was tested on organization transformation at Ericsson, however this is the first time it has been employed in the domain of product feature prioritization. Today, at Ericsson, features are prioritized based on a business case approach where each feature is handled isolated from other features and the main focus is customer or market-based requirements. By employing the hidden structure method we show that features are heavily dependent on each other in a complex network, thus they should not be treated as isolated islands. These dependencies need to be considered when prioritizing features in order to save time and money, as well as increase end customer satisfaction.

Nationell ämneskategori
Datorsystem
Identifikatorer
urn:nbn:se:kth:diva-200699 (URN)10.1109/PICMET.2016.7806519 (DOI)000403104502016 ()2-s2.0-85016211407 (Scopus ID)
Konferens
Portland International Center for Management of Engineering and Technology (PICMET) conference
Anmärkning

QC 20191001

Tillgänglig från: 2017-02-01 Skapad: 2017-02-01 Senast uppdaterad: 2019-10-02Bibliografiskt granskad
Johnson, P., Vernotte, A., Ekstedt, M. & Lagerström, R. (2016). pwnPr3d: an Attack Graph Driven Probabilistic Threat Modeling Approach. In: Availability, Reliability and Security (ARES), 2016 11th International Conference on: . Paper presented at International Conference on Availability, Reliability and Security (ARES). IEEE conference proceedings
Öppna denna publikation i ny flik eller fönster >>pwnPr3d: an Attack Graph Driven Probabilistic Threat Modeling Approach
2016 (Engelska)Ingår i: Availability, Reliability and Security (ARES), 2016 11th International Conference on, IEEE conference proceedings, 2016Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

In this paper we introduce pwnPr3d, a probabilistic threat modeling approach for automatic attack graph generation based on network modeling. The aim is to provide stakeholders in organizations with a holistic approach that both provides high-level overview and technical details. Unlike many other threat modeling and attack graph approaches that rely heavily on manual work and security expertise, our language comes with built-in security analysis capabilities. pwnPr3d generates probability distributions over the time to compromise assets.

Ort, förlag, år, upplaga, sidor
IEEE conference proceedings, 2016
Nyckelord
:Threat Modeling; Network Security; Attack Graphs
Nationell ämneskategori
Datorsystem
Identifikatorer
urn:nbn:se:kth:diva-200698 (URN)10.1109/ARES.2016.77 (DOI)000391214400034 ()2-s2.0-85015304142 (Scopus ID)
Konferens
International Conference on Availability, Reliability and Security (ARES)
Anmärkning

QC 20170202

Tillgänglig från: 2017-02-01 Skapad: 2017-02-01 Senast uppdaterad: 2019-09-23
Johnson, P., Vernotte, A., Gorton, D., Ekstedt, M. & Lagerström, R. (2016). Quantitative Information Security Risk Estimation using Probabilistic Attack Graphs. In: RISK: International Workshop on Risk Assessment and Risk-driven Testing: 4th International Workshop, RISK 2016, Held in Conjunction with ICTSS 2016, Graz, Austria, October 18, 2016, Revised Selected Papers. Paper presented at 4th International Workshop on Risk Assessment and Risk Driven Quality Assurance, RISK 2016 held in conjunction with 28th International Conference on Testing Software and Systems, ICTSS 2016, Graz, Austria, 18 October 2016 through 18 October 2016 (pp. 37-52). Springer, 10224
Öppna denna publikation i ny flik eller fönster >>Quantitative Information Security Risk Estimation using Probabilistic Attack Graphs
Visa övriga...
2016 (Engelska)Ingår i: RISK: International Workshop on Risk Assessment and Risk-driven Testing: 4th International Workshop, RISK 2016, Held in Conjunction with ICTSS 2016, Graz, Austria, October 18, 2016, Revised Selected Papers, Springer, 2016, Vol. 10224, s. 37-52Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

This paper proposes an approach, called pwnPr3d, for quantitatively estimating information security risk in ICT systems. Unlike many other risk analysis approaches that rely heavily on manual work and security expertise, this approach comes with built-in security risk analysis capabilities. pwnPr3d combines a network architecture modeling language and a probabilistic inference engine to automatically generate an attack graph, making it possible to identify threats along with the likelihood of these threats exploiting a vulnerability. After defining the value of information assets to their organization with regards to confidentiality, integrity and availability breaches, pwnPr3d allows users to automatically quantify information security risk over time, depending on the possible progression of the attacker. As a result, pwnPr3d provides stakeholders in organizations with a holistic approach that both allows high-level overview and technical details.

Ort, förlag, år, upplaga, sidor
Springer, 2016
Serie
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), ISSN 0302-9743 ; 10224
Nationell ämneskategori
Datorsystem
Identifikatorer
urn:nbn:se:kth:diva-200700 (URN)10.1007/978-3-319-57858-3_4 (DOI)000426090100004 ()2-s2.0-85018370233 (Scopus ID)9783319578576 (ISBN)
Konferens
4th International Workshop on Risk Assessment and Risk Driven Quality Assurance, RISK 2016 held in conjunction with 28th International Conference on Testing Software and Systems, ICTSS 2016, Graz, Austria, 18 October 2016 through 18 October 2016
Forskningsfinansiär
Myndigheten för samhällsskydd och beredskap, MSB EU, FP7, Sjunde ramprogrammet, 607109
Anmärkning

QC 20171030

Tillgänglig från: 2017-02-01 Skapad: 2017-02-01 Senast uppdaterad: 2019-09-23
Korman, M., Lagerström, R., Välja, M., Ekstedt, M. & Blom, R. (2016). Technology Management through Architecture Reference Models: A Smart Metering Case. In: Kocaoglu, DF Anderson, TR Daim, TU Kozanoglu, DC Niwa, K Perman, G (Ed.), PORTLAND INTERNATIONAL CONFERENCE ON MANAGEMENT OF ENGINEERING AND TECHNOLOGY (PICMET 2016): TECHNOLOGY MANAGEMENT FOR SOCIAL INNOVATION. Paper presented at Portland International Conference on Management of Engineering and Technology (PICMET), SEP 04-08, 2016, Honolulu, HI (pp. 2338-2350). IEEE
Öppna denna publikation i ny flik eller fönster >>Technology Management through Architecture Reference Models: A Smart Metering Case
Visa övriga...
2016 (Engelska)Ingår i: PORTLAND INTERNATIONAL CONFERENCE ON MANAGEMENT OF ENGINEERING AND TECHNOLOGY (PICMET 2016): TECHNOLOGY MANAGEMENT FOR SOCIAL INNOVATION / [ed] Kocaoglu, DF Anderson, TR Daim, TU Kozanoglu, DC Niwa, K Perman, G, IEEE , 2016, s. 2338-2350Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

Enterprise architecture (EA) has become an essential part of managing technology in large enterprises. These days, automated analysis of EA is gaining increased attention. That is, using models of business and technology combined in order to analyze aspects such as cyber security, complexity, cost, performance, and availability. However, gathering all information needed and creating models for such analysis is a demanding and costly task. To lower the efforts needed a number of approaches have been proposed, the most common are automatic data collection and reference models. However these approaches are all still very immature and not efficient enough for the discipline, especially when it comes to using the models for analysis and not only for documentation and communication purposes. In this paper we propose a format for representing reference models focusing on analysis. The format is tested with a case in a large European project focusing on security in advanced metering infrastructure. Thus we have, based on the format, created a reference model for smart metering architecture and cyber security analysis. On a theoretical level we discuss the potential impact such a reference model can have.

Ort, förlag, år, upplaga, sidor
IEEE, 2016
Serie
Portland International Conference on Management of Engineering and Technology, ISSN 2159-5100
Nationell ämneskategori
Data- och informationsvetenskap
Identifikatorer
urn:nbn:se:kth:diva-242722 (URN)10.1109/PICMET.2016.7806518 (DOI)000403104502019 ()
Konferens
Portland International Conference on Management of Engineering and Technology (PICMET), SEP 04-08, 2016, Honolulu, HI
Anmärkning

QC 20190219

Tillgänglig från: 2019-02-19 Skapad: 2019-02-19 Senast uppdaterad: 2019-09-19
Organisationer
Identifikatorer
ORCID-id: ORCID iD iconorcid.org/0000-0003-3089-3885

Sök vidare i DiVA

Visa alla publikationer