kth.sePublications
Change search
Link to record
Permanent link

Direct link
Publications (10 of 186) Show all publications
Katsikeas, S., Rencelj Ling, E., Johnsson, P. & Ekstedt, M. (2024). Empirical evaluation of a threat modeling language as a cybersecurity assessment tool. Computers & security (Print), 140, Article ID 103743.
Open this publication in new window or tab >>Empirical evaluation of a threat modeling language as a cybersecurity assessment tool
2024 (English)In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 140, article id 103743Article in journal (Refereed) Published
Abstract [en]

The complexity of ICT infrastructures is continuously increasing, presenting a formidable challenge in safeguarding them against cyber attacks. In light of escalating cyber threats and limited availability of expert resources, organizations must explore more efficient approaches to assess their resilience and undertake proactive measures. Threat modeling is an effective approach for assessing the cyber resilience of ICT systems. One method is to utilize Attack Graphs, which visually represent the steps taken by adversaries during an attack. Previously, MAL (the Meta Attack Language) was proposed, which serves as a framework for developing Domain-Specific Languages (DSLs) and generating Attack Graphs for modeled infrastructures. coreLang is a MAL-based threat modeling language that utilizes such Attack Graphs to enable attack simulations and security assessments for the generic ICT domain. Developing domain-specific languages for threat modeling and attack simulations provides a powerful approach for conducting security assessments of infrastructures. However, ensuring the correctness of these modeling languages raises a separate research question. In this study we conduct an empirical experiment aiming to falsify such a domain-specific threat modeling language. The potential inability to falsify the language through our empirical testing would lead to its corroboration, strengthening our belief in its validity within the parameters of our study. The outcomes of this approach indicated that, on average, the assessments generated by attack simulations outperformed those of human experts. Additionally, both human experts and simulations exhibited significantly superior performance compared to random guessers in their assessments. While specific human experts occasionally achieved better assessments for particular questions in the experiments, the efficiency of simulation-generated assessments surpasses that of human domain experts.

Place, publisher, year, edition, pages
Elsevier BV, 2024
Keywords
Cyber attack simulations, Cyber security, Domain experts, Domain-specific threat modeling language, Empirical language evaluation
National Category
Computer Sciences Computer Systems
Identifiers
urn:nbn:se:kth:diva-343486 (URN)10.1016/j.cose.2024.103743 (DOI)2-s2.0-85184028408 (Scopus ID)
Note

QC 20240215

Available from: 2024-02-15 Created: 2024-02-15 Last updated: 2024-02-15Bibliographically approved
Ling, E. & Ekstedt, M. (2023). A threat modeling language for generating attack graphs of substation automation systems. International Journal of Critical Infrastructure Protection, 100601-100601, Article ID 100601.
Open this publication in new window or tab >>A threat modeling language for generating attack graphs of substation automation systems
2023 (English)In: International Journal of Critical Infrastructure Protection, ISSN 1874-5482, E-ISSN 2212-2087, p. 100601-100601, article id 100601Article in journal (Refereed) Published
Abstract [en]

The substation automation system consists of many different complex assets and data flows. The system is also often externally connected to allow for remote management. The complexity and remote access to the substation automation system makes it vulnerable to cyber attacks. It also makes it difficult to assess the overall security of the system. One method of assessing the potential threats against a system is threat modeling. In this paper we create a language for producing threat models specifically for the substation automation systems. We focus on the method used to create the language where we review industry designs, build the language based on existing languages and consider attack scenarios from a literature study. Finally we present the language, model two different attack scenarios and generate attack graphs from the threat models.

Place, publisher, year, edition, pages
Elsevier BV, 2023
Keywords
Cyber security, Vulnerability analysis, Threat modeling language, Attack graph, Substation automation systems
National Category
Computer Systems
Research subject
Industrial Information and Control Systems
Identifiers
urn:nbn:se:kth:diva-325113 (URN)10.1016/j.ijcip.2023.100601 (DOI)000969500100001 ()2-s2.0-85151270761 (Scopus ID)
Note

QC 20230516

Available from: 2023-04-02 Created: 2023-04-02 Last updated: 2023-05-16Bibliographically approved
Balliu, M., Baudry, B., Bobadilla, S., Ekstedt, M., Monperrus, M., Ron Arteaga, J., . . . Wittlinger, M. (2023). Challenges of Producing Software Bill of Materials for Java. IEEE Security and Privacy, 21(6), 12-23
Open this publication in new window or tab >>Challenges of Producing Software Bill of Materials for Java
Show others...
2023 (English)In: IEEE Security and Privacy, ISSN 1540-7993, E-ISSN 1558-4046, Vol. 21, no 6, p. 12-23Article in journal (Refereed) Published
Abstract [en]

Software bills of materials (SBOMs) promise to become the backbone of software supply chain hardening. We deep-dive into six tools and the SBOMs they produce for complex open source Java projects, revealing challenges regarding the accurate production and usage of SBOMs.

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE), 2023
Keywords
Java, Software, Production, Supply chain management, Standards, Bills of materials, Software reliability
National Category
Software Engineering
Identifiers
urn:nbn:se:kth:diva-343925 (URN)10.1109/MSEC.2023.3302956 (DOI)001107292700005 ()2-s2.0-85170551424 (Scopus ID)
Funder
Swedish Foundation for Strategic Research, CHAINS
Note

QC 20240314

Available from: 2024-03-05 Created: 2024-03-05 Last updated: 2024-03-14Bibliographically approved
Rencelj Ling, E. & Ekstedt, M. (2023). Estimating Time-To-Compromise for Industrial Control System Attack Techniques Through Vulnerability Data. SN Computer Science, 4(3)
Open this publication in new window or tab >>Estimating Time-To-Compromise for Industrial Control System Attack Techniques Through Vulnerability Data
2023 (English)In: SN Computer Science, ISSN 2661-8907, Vol. 4, no 3Article in journal (Refereed) Published
Abstract [en]

When protecting the Industrial Control Systems against cyber attacks, it is important to have as much information as possible to allocate defensive resources properly. In this paper we estimate the Time-To-Compromise of different Industrial Control Systems attack techniques by MITRE ATT&CK. The Time-To-Compromise is estimated using an equation that takes into consideration the vulnerability data that exists for a specific asset and category of vulnerability. The vulnerability data is derived from an Industrial Control Systems specific vulnerability dataset. As a result, we present the mapping of the attack techniques to assets and categories of vulnerability, which makes it possible to apply specific vulnerabilities to the technique. We also present the method of how to estimate the Time-To-Compromise of the techniques and finally the values of Time-To-Compromise. After mapping the attack techniques to assets and category of vulnerability we are able to estimate the Time-To-Compromise and discuss its trustworthiness.

Place, publisher, year, edition, pages
Springer Nature, 2023
Keywords
Cyber security, Vulnerability analysis, Threat modeling language, Attack graph, Substation automation systems
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
urn:nbn:se:kth:diva-325645 (URN)10.1007/s42979-023-01750-z (DOI)2-s2.0-85152776609 (Scopus ID)
Note

QC 20230419

Available from: 2023-04-11 Created: 2023-04-11 Last updated: 2023-06-08Bibliographically approved
Balliu, M., Baudry, B., Bobadilla, S., Ekstedt, M., Monperrus, M., Ron Arteaga, J., . . . Wittlinger, M. (2023). Software Bill of Materials in Java. In: SCORED 2023 - Proceedings of the 2023 Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses: . Paper presented at 2nd Edition of the ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, SCORED 2023, Copenhagen, Denmark, Nov 30 2023 (pp. 75-76). Association for Computing Machinery (ACM)
Open this publication in new window or tab >>Software Bill of Materials in Java
Show others...
2023 (English)In: SCORED 2023 - Proceedings of the 2023 Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, Association for Computing Machinery (ACM) , 2023, p. 75-76Conference paper, Published paper (Refereed)
Abstract [en]

Modern software applications are virtually never built entirely in-house. As a matter of fact, they reuse many third-party dependencies, which form the core of their software supply chain [1]. The large number of dependencies in an application has turned into a major challenge for both security and reliability. For example, to compromise a high-value application, malicious actors can choose to attack a less well-guarded dependency of the project [2]. Even when there is no malicious intent, bugs can propagate through the software supply chain and cause breakages in applications. Gathering accurate, upto- date information about all dependencies included in an application is, therefore, of vital importance.

Place, publisher, year, edition, pages
Association for Computing Machinery (ACM), 2023
Keywords
sbom, software supply chain
National Category
Computer Sciences Computer Systems
Identifiers
urn:nbn:se:kth:diva-341683 (URN)10.1145/3605770.3625207 (DOI)001123143300012 ()2-s2.0-85180010428 (Scopus ID)
Conference
2nd Edition of the ACM Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses, SCORED 2023, Copenhagen, Denmark, Nov 30 2023
Note

Part of proceedings ISBN 9798400702631

QC 20231229

Available from: 2023-12-29 Created: 2023-12-29 Last updated: 2024-01-22Bibliographically approved
Widel, W., Hacks, S., Ekstedt, M., Johnson, P. & Lagerström, R. (2023). The meta attack language-a formal description. Computers & security (Print), 130, 103284, Article ID 103284.
Open this publication in new window or tab >>The meta attack language-a formal description
Show others...
2023 (English)In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 130, p. 103284-, article id 103284Article in journal (Refereed) Published
Abstract [en]

Nowadays, IT infrastructures are involved in making innumerable aspects of our lives convenient, starting with water or energy distribution systems, and ending with e-commerce solutions and online banking services. In the worst case, cyberattacks on such infrastructures can paralyze whole states and lead to losses in terms of both human lives and money.One of the approaches to increase security of IT infrastructures relies on modeling possible ways of compromising them by potential attackers. To facilitate creation and reusability of such models, domain specific languages (DSLs) can be created. Ideally, a user will employ a DSL for modeling their infrastruc-ture of interest, with the domain-specific threats and attack logic being already encoded in the DSL by the domain experts.The Meta Attack Language (MAL) has been introduced previously as a meta-DSL for development of security-oriented DSLs. In this work, we define formally the syntax and a semantics of MAL to ease a common understanding of MAL's functionalities and enable reference implementations on different tech-nical platforms. It's applicability for modeling and analysis of security of IT infrastructures is illustrated with an example.

Place, publisher, year, edition, pages
Elsevier BV, 2023
Keywords
Threat modeling, Attack simulation, Attack graphs, Domain specific language
National Category
Reliability and Maintenance Computer Systems
Identifiers
urn:nbn:se:kth:diva-329957 (URN)10.1016/j.cose.2023.103284 (DOI)001001451200001 ()2-s2.0-85156202278 (Scopus ID)
Note

QC 20230626

Available from: 2023-06-26 Created: 2023-06-26 Last updated: 2023-06-26Bibliographically approved
Ekstedt, M., Afzal, Z., Mukherjee, P., Hacks, S. & Lagerström, R. (2023). Yet another cybersecurity risk assessment framework. International Journal of Information Security, 22(6), 1713-1729
Open this publication in new window or tab >>Yet another cybersecurity risk assessment framework
Show others...
2023 (English)In: International Journal of Information Security, ISSN 1615-5262, E-ISSN 1615-5270, Vol. 22, no 6, p. 1713-1729Article in journal (Refereed) Published
Abstract [en]

IT systems pervade our society more and more, and we become heavily dependent on them. At the same time, these systems are increasingly targeted in cyberattacks, making us vulnerable. Enterprise and cybersecurity responsibles face the problem of defining techniques that raise the level of security. They need to decide which mechanism provides the most efficient defense with limited resources. Basically, the risks need to be assessed to determine the best cost-to-benefit ratio. One way to achieve this is through threat modeling; however, threat modeling is not commonly used in the enterprise IT risk domain. Furthermore, the existing threat modeling methods have shortcomings. This paper introduces a metamodel-based approach named Yet Another Cybersecurity Risk Assessment Framework (Yacraf). Yacraf aims to enable comprehensive risk assessment for organizations with more decision support. The paper includes a risk calculation formalization and also an example showing how an organization can use and benefit from Yacraf.

Place, publisher, year, edition, pages
Springer Nature, 2023
Keywords
Attack tree, Enterprise IT risk, Risk assessment, Threat modeling
National Category
Computer Sciences Computer Systems
Identifiers
urn:nbn:se:kth:diva-338542 (URN)10.1007/s10207-023-00713-y (DOI)001027329600001 ()2-s2.0-85164669184 (Scopus ID)
Note

QC 20231108

Available from: 2023-11-08 Created: 2023-11-08 Last updated: 2023-11-08Bibliographically approved
Fahlander, P., Ekstedt, M., Mukherjee, P. & Dwivedi, A. K. (2022). Containment Strategy Formalism in a Probabilistic Threat Modelling Framework. In: Paolo Mori, Gabriele Lenzini, Steven Furnell (Ed.), Proceedings of the 8th international conference on information systems security and privacy (ICISSP): . Paper presented at 8th International Conference on Information Systems Security and Privacy (ICISSP), Virtual/Online, 9-11 February, 2022 (pp. 108-120). Scitepress, 1
Open this publication in new window or tab >>Containment Strategy Formalism in a Probabilistic Threat Modelling Framework
2022 (English)In: Proceedings of the 8th international conference on information systems security and privacy (ICISSP) / [ed] Paolo Mori, Gabriele Lenzini, Steven Furnell, Scitepress , 2022, Vol. 1, p. 108-120Conference paper, Published paper (Refereed)
Abstract [en]

Foreseeing, mitigating and preventing cyber-attacks is more important than ever before. Advances in the field of probabilistic threat modelling can help organisations understand their own resilience profile against cyber-attacks. Previous research has proposed MAL, a meta language for capturing the attack logic of a considered domain and running attack simulations in a model that depicts the defended IT-infrastructure. While this modality is already somewhat established for proposing general threat mitigation actions, less is known about how to model containment strategies in the event that penetration already has occurred. The problem is a fundamental gap between predominant threat models in cyber-security research and containment in the incident response lifecycle. This paper presents a solution to the problem by summarizing a methodology for reasoning about containment strategies in MAL-based threat models.

Place, publisher, year, edition, pages
Scitepress, 2022
Series
Proceedings of the 8th International Conference on Information Systems Security and Privacy 2022, ISSN 2184-4356
Keywords
Threat Analysis, MAL, Containment strategies, Simulated Annealing
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kth:diva-310910 (URN)10.5220/0010823800003120 (DOI)000818770500009 ()2-s2.0-85176317924 (Scopus ID)
Conference
8th International Conference on Information Systems Security and Privacy (ICISSP), Virtual/Online, 9-11 February, 2022
Projects
SOCCRATES
Funder
Security Link, 833481
Note

Part of proceedings: ISBN 978-989-758-553-1

QC 20220419

QC 20220708

Available from: 2022-04-11 Created: 2022-04-11 Last updated: 2023-11-23Bibliographically approved
Kraft, O., Pohl, O., Hager, U., Heussen, K., Muller, N., Afzal, Z., . . . Kubis, A. (2022). Development and Implementation of a Holistic Flexibility Market Architecture. In: 2022 IEEE Power and Energy Society Innovative Smart Grid Technologies Conference, ISGT 2022: . Paper presented at 2022 IEEE Power and Energy Society Innovative Smart Grid Technologies Conference, ISGT 2022, 24 April 2022 through 28 April 2022. Institute of Electrical and Electronics Engineers (IEEE)
Open this publication in new window or tab >>Development and Implementation of a Holistic Flexibility Market Architecture
Show others...
2022 (English)In: 2022 IEEE Power and Energy Society Innovative Smart Grid Technologies Conference, ISGT 2022, Institute of Electrical and Electronics Engineers (IEEE) , 2022Conference paper, Published paper (Refereed)
Abstract [en]

The demand for increasing flexibility use in power systems is stressed by the changing grid utilization. Making use of largely untapped flexibility potential is possible through novel flexibility markets. Different approaches for these markets are being developed and vary considering their handling of transaction schemes and relation of participating entities. This paper delivers the conceptual development of a holistic system architecture for the realization of an interregional flexibility market, which targets a market based congestion management in the transmission and distribution system through trading between system operators and flexibility providers. The framework combines a market mechanism with the required supplements like appropriate control algorithms for emergency situations, cyber-physical system monitoring and cyber-security assessment. The resulting methods are being implemented and verified in a remote-power-hardware-in-the-loop setup coupling a real world low voltage grid with a geographically distant real time simulation using state of the art control system applications with an integration of the aforementioned architecture components. 

Place, publisher, year, edition, pages
Institute of Electrical and Electronics Engineers (IEEE), 2022
Keywords
control algorithms, cyber-physical monitoring, cyber-security, flexibility, local markets, Commerce, Computer architecture, Cybersecurity, Electric power system control, Electric power transmission networks, Embedded systems, Changing grids, Conceptual development, Cybe-physical monitoring, Cyber physicals, Cyber security, Grid utilization, Market architectures, Power, Cyber Physical System
National Category
Electrical Engineering, Electronic Engineering, Information Engineering
Identifiers
urn:nbn:se:kth:diva-326194 (URN)10.1109/ISGT50606.2022.9817470 (DOI)2-s2.0-85134895726 (Scopus ID)
Conference
2022 IEEE Power and Energy Society Innovative Smart Grid Technologies Conference, ISGT 2022, 24 April 2022 through 28 April 2022
Note

QC 20230502

Available from: 2023-05-02 Created: 2023-05-02 Last updated: 2023-05-02Bibliographically approved
Rencelj Ling, E. & Ekstedt, M. (2022). Estimating the Time-To-Compromise of Exploiting Industrial Control System Vulnerabilities. In: Proceedings of the 8th International Conference on Information Systems Security and Privacy - ICISSP: . Paper presented at 8th International Conference on Information Systems Security and Privacy - ICISSP, Online/Virtual, 9-11 February 2022 (pp. 96-107). Scitepress, Vol. 1 - 978-989-758-553-1
Open this publication in new window or tab >>Estimating the Time-To-Compromise of Exploiting Industrial Control System Vulnerabilities
2022 (English)In: Proceedings of the 8th International Conference on Information Systems Security and Privacy - ICISSP, Scitepress , 2022, Vol. Vol. 1 - 978-989-758-553-1, p. 96-107Conference paper, Published paper (Refereed)
Abstract [en]

The metric Time-To-Compromise (TTC) can be used for estimating the time taken for an attacker to compromise a component or a system. The TTC helps to identify the most critical attacks, which is useful when allocating resources for strengthening the cyber security of a system. In this paper we describe our updated version of the original definition of TTC. The updated version is specifically developed for the Industrial Control Systems domain. The Industrial Control Systems are essential for our society since they are a big part of producing, for example, electricity and clean water. Therefore, it is crucial that we keep these systems secure from cyberattacks. We align the method of estimating the TTC to Industrial Control Systems by updating the original definition’s parameters and use a vulnerability dataset specific for the domain. The new definition is evaluated by comparing estimated Time-To-Compromise values for Industrial Control System attack scenarios to previous research results. 

Place, publisher, year, edition, pages
Scitepress, 2022
Keywords
Industrial Control System, Time-To-Compromise, Cyber Security, Vulnerabilities
National Category
Computer and Information Sciences
Research subject
Information and Communication Technology
Identifiers
urn:nbn:se:kth:diva-310220 (URN)10.5220/0010817400003120 (DOI)000818770500008 ()
Conference
8th International Conference on Information Systems Security and Privacy - ICISSP, Online/Virtual, 9-11 February 2022
Funder
SweGRIDS - Swedish Centre for Smart Grids and Energy Storage
Note

Part of proceedings: ISBN 978-989-758-553-1

QC 20220401

Available from: 2022-03-24 Created: 2022-03-24 Last updated: 2022-07-07Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0003-3922-9606

Search in DiVA

Show all publications