Change search
Refine search result
12 1 - 50 of 95
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the 'Create feeds' function.
  • 1. Bjuhr, O.
    et al.
    Segeljakt, K.
    Addibpour, M.
    Heiser, F.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Electric Power and Energy Systems.
    Software architecture decoupling at ericsson2017In: Proceedings - 2017 IEEE International Conference on Software Architecture Workshops, ICSAW 2017: Side Track Proceedings, Institute of Electrical and Electronics Engineers (IEEE), 2017, p. 259-262, article id 7958500Conference paper (Refereed)
    Abstract [en]

    In order to evaluate and increase modularity this paper combines a method for visualizing and measuring software architectures and two algorithms for decoupling. The combination is tested on a software system at Ericsson. Our analysis show that the system has one large cluster of components (18% of the system, a Core), all interacting with each other. By employing cluster and dominator analysis we suggest 19 dependencies to be removed in order to decouple the Core. Validating the analysis output with experts at Ericsson six of the suggested dependencies where deemed impossible to remove. By removing the remaining 13 dependencies Ericsson would improve the architecture of their system considerably, e.g. core size would go down to 5%.

  • 2.
    Blom, Rikard
    et al.
    KTH.
    Korman, Matus
    KTH, School of Electrical Engineering (EES), Electric Power and Energy Systems.
    Robert, Lagerström
    KTH, School of Electrical Engineering (EES), Electric Power and Energy Systems.
    Mathias, Ekstedt
    KTH, School of Electrical Engineering (EES), Electric Power and Energy Systems.
    Analyzing attack resilience of an advanced meter infrastructure reference model2016In: Joint Workshop on Cyber-Physical Security and Resilience in Smart Grids (CPSR-SG), IEEE conference proceedings, 2016Conference paper (Refereed)
    Abstract [en]

    Advanced metering infrastructure (AMI) is a key component of the concept of smart power grids. Although several functional/logical reference models of AMI exist, they are not suited for automated analysis of properties such as cyber security. This paper briefly presents a reference model of AMI that follows a tested and even commercially adopted formalism allowing automated analysis of cyber security. Finally, this paper presents an example cyber security analysis, and discusses its results.

  • 3.
    Buschle, Markus
    et al.
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Ullberg, Johan
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Franke, Ulrik
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Sommestad, Teodor
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    A tool for enterprise architecture analysis using the PRM formalism2010In: CEUR Workshop Proceedings, 2010Conference paper (Refereed)
    Abstract [en]

    Enterprise architecture advocates model-based decision-making on enterprise-wide information system issues. In order to provide decisionmaking support, enterprise architecture models should not only be descriptive but also enable analysis. This paper presents a software tool, currently under development, for the evaluation of enterprise architecture models. In particular, the paper focuses on how to encode scientific theories so that they can be used for model-based analysis and reasoning under uncertainty. The tool architecture is described, and a case study shows how the tool supports the process of enterprise architecture analysis.

  • 4.
    Buschle, Markus
    et al.
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Ullberg, Johan
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Franke, Ulrik
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Sommestad, Teodor
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    A Tool for Enterprise Architecture Analysis Using the PRM Formalism2011In: INFORMATION SYSTEMS EVOLUTION / [ed] Soffer P; Proper E, 2011, Vol. 72, p. 108-121Conference paper (Refereed)
    Abstract [en]

    Enterprise architecture advocates for model-based decision-making on enterprise-wide information system issues. In order to provide decision-making support, enterprise architecture models should not only be descriptive but also enable analysis. This paper presents a software tool, currently under development, for the evaluation of enterprise architecture models. In particular, the paper focuses on how to encode scientific theories so that they can be used for model-based analysis and reasoning under uncertainty. The tool architecture is described, and a case study shows how the tool supports the process of enterprise architecture analysis.

  • 5.
    Ekstedt, Mathias
    et al.
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Franke, Ulrik
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Johnson, Pontus
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Lagerstrom, Robert
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Sommestad, Teodor
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Ullberg, Johan
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Buschle, Markus
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    A Tool for Enterprise Architecture Analysis of Maintainability: CSMR 2009, PROCEEDINGS2009In: EUR CON SFTWR MTNCE REENGR / [ed] Winter A, Knodel J, Los Almitos: IEEE COMPUTER SOC , 2009, p. 327-328Conference paper (Refereed)
    Abstract [en]

    A tool for Enterprise Architecture analysis using a probabilistic mathematical framework is demonstrated. The Model-View-Controller tool architecture is outlined, before the use of the tool is considered. A sample abstract maintainability model is created, showing the dependence of system maintainability on documentation quality. developer expertise, etc. Finally, a concrete model of an ERP system is discussed.

  • 6.
    Ekstedt, Mathias
    et al.
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Johnson, Pontus
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Enterprise Architecture Modeling and Analysis of Quality Attributes: The Multi-Attribute Prediction Language (MAPL)2015In: Proceedings of the 1st Scandinavian Workshop on the Engineering of Systems-of-Systems (SWESoS 2015) / [ed] Jakob Axelsson, SICS , 2015, p. 10-12Conference paper (Other academic)
  • 7.
    Ekstedt, Mathias
    et al.
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Johnson, Pontus
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Gorton, Dan
    Foreseeti AB, Sweden.
    Nydren, Joakim
    Foreseeti AB, Sweden.
    Shahzad, Khurram
    Foreseeti AB, Sweden.
    securiCAD by foreseeti: A CAD tool for enterprise cyber security management2015In: Proceedings of the 2015 IEEE 19th International Enterprise Distributed Object Computing Conference Workshops and Demonstrations, EDOCW 2015, IEEE , 2015Conference paper (Refereed)
    Abstract [en]

    This paper presents a CAD tool for enterprise cyber security management called securiCAD. It is a software developed during ten years of research at KTH Royal Institute of Technology, and it is now being commercialized by foreseeti (a KTH spin-off company). The idea of the tool is similar to CAD tools used when engineers design and test cars, buildings, etc. Specifically, the securiCAD user first models the IT environment, an existing one or one under development, and then securiCAD, using attack graphs, calculates and highlights potential weaknesses and avenues of attacks. The main benefits with securiCAD are; 1) built in security expertise, 2) visualization, 3) holistic security assessments, and 4) scenario comparison (decision-making) capabilities.

  • 8.
    Ekstedt, Mathias
    et al.
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Närmen, Per
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Johnson, Pontus
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Chenine, Moustafa
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Setting the Information Systems Goals2007In: Enterprise Architecture: Models and Analyses for Information Systems Decision Making, Studentlitteratur, 2007, p. 92-152Chapter in book (Other academic)
  • 9.
    Franke, Ulrik
    et al.
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Ekstedt, Mathias
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Saat, Jan
    Winter, Robert
    Trends in Enterprise Architecture Practice: A Survey2010In: Lecture Notes in Business Information Processing / [ed] Proper E; Lankhorst MM; Schonherr M; Barjis J; Overbeek S, 2010, Vol. 70, p. 16-29Conference paper (Refereed)
    Abstract [en]

    In recent years, Enterprise Architecture (EA) has become a discipline for business and IT-system management. While much research focuses on theoretical contributions related to EA, very few studies use statistical tools to analyze empirical data. This paper investigates the actual application of EA, by giving a broad overview of the usage of enterprise architecture in Swedish, German, Austrian and Swiss companies. 162 EA professionals answered a survey originally focusing on the relation between IT/business alignment (ITBA) and EA. The dataset provides answers to questions such as: For how many years have companies been using EA models, tools, processes and roles? How is ITBA in relation to EA perceived at companies? In particular, the survey has investigated quality attributes of EA, related to IT-systems, business and IT governance. One important result is some interesting correlations between how these qualities are prioritized. For example, a high concern for interoperability correlates with a high concern for maintainability.

  • 10.
    Franke, Ulrik
    et al.
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Höök, David
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    König, Johan
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Närman, Per
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Ullberg, Johan
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Gustafsson, Pia
    Ekstedt, Mathias
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    EAF(2) - A Framework for Categorizing Enterprise Architecture Frameworks2009In: SNPD 2009: 10TH ACIS INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, ARTIFICIAL INTELLIGENCES, NETWORKING AND PARALLEL DISTRIBUTED COMPUTING, PROCEEDINGS, LOS ALAMITOS: IEEE COMPUTER SOC , 2009, p. 327-332Conference paper (Refereed)
    Abstract [en]

    What constitutes an enterprise architecture framework is a contested subject. The contents of present enterprise architecture frameworks thus differ substantially. This paper aims to alleviate the confusion regarding which framework contains what by proposing a meta framework for enterprise architecture frameworks. By using this meta framework, decision makers are able to express their requirements on what their enterprise architecture framework must contain and also to evaluate whether the existing frameworks meets these requirements. An example classification of common EA frameworks illustrates the approach.

  • 11.
    Franke, Ulrik
    et al.
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Johnson, Pontus
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Ullberg, Johan
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Höök, David
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Ekstedt, Mathias
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    König, Johan
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    A formal method for cost and accuracy trade-off analysis in software assessment measures2009In: RCIS 2009: PROCEEDINGS OF THE IEEE INTERNATIONAL CONFERENCE ON RESEARCH CHALLENGES IN INFORMATION SCIENCE, NEW YORK: IEEE , 2009, p. 295-302Conference paper (Refereed)
    Abstract [en]

    Creating accurate models of information systems is an important but challenging task. It is generally well understood that such modeling encompasses general scientific issues, but the monetary aspects of the modeling of software systems are not equally well acknowledged. The present paper describes a method using Bayesian networks for optimizing modeling strategies, perceived as a trade-off between these two aspects. Using GeNIe, a graphical tool with the proper Bayesian algorithms implemented, decision support can thus be provided to the modeling process. Specifically, an informed trade-off can be made, based on the modeler's prior knowledge of the predictive power of certain models, combined with his projection of their costs. It is argued that this method might enhance modeling of large and complex software systems in two principal ways: Firstly, by enforcing rigor and making hidden assumptions explicit. Secondly, by enforcing cost awareness even in the early phases of modeling. The method should be used primarily when the choice of modeling can have great economic repercussions.

  • 12.
    Franke, Ulrik
    et al.
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Johnson, Pontus
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Ullberg, Johan
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Höök, David
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Ekstedt, Mathias
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    König, Johan
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    A Method for Choosing Software Assessment Measures using Bayesian Networks and Diagnosis: CSMR 2009, PROCEEDINGS2009In: 13TH EUROPEAN CONFERENCE ON SOFTWARE MAINTENANCE AND REENGINEERING: CSMR 2009, PROCEEDINGS / [ed] Winter A, Knodel J, LOS ALAMITOS, CA.: IEEE COMPUTER SOC. , 2009, p. 241-245Conference paper (Refereed)
    Abstract [en]

    Creating accurate models of information systems is an important but challenging task. While the scienti c aspects of such modeling are generally acknowledged, the monetary aspects of the modeling of software systems are not. The present paper describes a Bayesian method for optimizing modeling strategies, perceived as a trade-off between these two aspects. Speci cally, an informed trade-off can be made, based on the modeler's prior knowledge of the predictive power of certain models, combined with her projection of the costs. It is argued that this method enhances modeling of large and complex software systems in two principal ways: Firstly, by enforcing rigor and making hidden assumptions explicit. Secondly, by enforcing cost awareness even in the early phases of modeling. The method should be used primarily when the choice of modeling can have great economic repercussions.

  • 13.
    Franke, Ulrik
    et al.
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Ullberg, Johan
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Sommestad, Teodor
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Johnson, Pontus
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Decision Support oriented Enterprise Architecture Metamodel Management using Classification Trees2009In: 2009 13TH ENTERPRISE DISTRIBUTED OBJECT COMPUTING CONFERENCE WORKSHOPS (EDOCW 2009) / [ed] Tosic, V., NEW YORK: IEEE , 2009, p. 328-335Conference paper (Refereed)
    Abstract [en]

    Models are an integral part of the discipline of Enterprise Architecture (EA). To stay relevant to management decision-making needs, the models need to be based upon suitable metamodels. These metamodels, in turn, need to be properly and continuously maintained. While there exists several methods for metamodel development and maintenance, these typically focus on internal metamodel qualities and metamodel engineering processes, rather than on the actual decision-making needs and their impact on the metamodels used. The present paper employs techniques from information theory and learning classification trees to propose a method for metamodel management based upon the value added by entities and attributes to the decision-making process. This allows for the removal of those metamodel parts that give the least "bang for the bucks" in terms of decision support. The method proposed is illustrated using real data from an ongoing research project on systems modifiability

  • 14.
    Gingnell, Liv
    et al.
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Ericsson, Evelina
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Lilliesköld, Joakim
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    A Case Study on Product Development Performance Measurement2012In: Proceedings of The 2012 International Conference on Innovation, Management and Technology, 2012Conference paper (Refereed)
    Abstract [en]

    This paper presents a case study that evaluates the performance of the product development performance measurement system used in a Swedish company that is a part of a global corporate group. The study is based on internal documentation and eighteen indepth interviews with stakeholders involved in the product development process. The results from the case study include a description of what metrics that are in use, how these are employed, and its effect on the quality of the performance measurement system. Especially, the importance of having a well-defined process proved to have a major impact on the quality of the performance measurement system in this particular case.

  • 15.
    Gingnell, Liv
    et al.
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Ericsson, Evelina
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Lilliesköld, Joakim
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    STRATEGIC PERFORMANCE MEASUREMENT IN PRODUCT DEVELOPMENT: A case study on a Swedish company2012Conference paper (Refereed)
    Abstract [en]

    Performance evaluation of product development processes is becoming increasingly important as many companies experience tougher competition and shorter product life cycles. This article, based on a case study on a Swedish company investigates the needs and requirements that the company have on a future performance measurement system for product development. The requirements were found to mostly consider cooperation between functions, co-worker motivation and cost-efficient product solutions. These focus areas are common problems in product development since they are addressed in development concepts like Lean Product Development and Design for Six Sigma. Therefore, more research about how they can be supported by performance measurement system for product development would be of interest.

  • 16.
    Gingnell, Liv
    et al.
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Franke, Ulrik
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Ericsson, Evelina
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Lilliesköld, Joakim
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Quantifying Success Factors for IT Projects-An Expert-Based Bayesian Model2014In: Information systems management, ISSN 1058-0530, E-ISSN 1934-8703, Vol. 31, no 1, p. 21-36Article in journal (Refereed)
    Abstract [en]

    Large investments are made annually to develop and maintain IT systems. Successful outcome of IT projects is therefore crucial for the economy. Yet, many IT projects fail completely or are delayed or over budget, or they end up with less functionality than planned. This article describes a Bayesian decision-support model. The model is based on expert elicited data from 51 experts. Using this model, the effect management decisions have upon projects can be estimated beforehand, thus providing decision support for the improvement of IT project performance.

  • 17.
    Heiser, Franz
    et al.
    Ericsson.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Addibpour, Mattin
    Ericsson.
    Revealing Hidden Structures in Organizational Transformation: A Case Study2015Conference paper (Refereed)
    Abstract [en]

    EA initiatives are usually spanning the entire enterprise on high level. While, a typical development organization (could be a business unit within a larger enterprise) often has detailed models describing their product, the enterprise architecture on the business unit level is handled in an ad hoc or detached way. However, research shows that there is a tight link between the product architecture and its developing organization. In this paper we have studied an organization within Ericsson, which focuses on the development of large software and hardware products. We have applied the hidden structure method, which is based on the Design Structure Matrix approach, to analyze of organizational transformations. The to-be scenarios are possible alternatives in trying to become more agile and lean. Our analysis shows that one scenario likely increases the complexity of developing the product, while the other two suggestions are both promising to-be scenarios.

  • 18.
    Hjalmarsson, Alexander
    et al.
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Korman, Matus
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Software Migration Project Cost Estimation using COCOMO II and Enterprise Architecture Modeling2013In: CEUR Workshop Proceedings, 2013, p. 39-48Conference paper (Refereed)
    Abstract [en]

    Large amounts of software are running on what is considered to be legacy platforms. These systems are often business critical and cannot be phased out without a proper replacement. Migration of these legacy applications can be troublesome due to poor documentation and a changing workforce. Estimating the costof suchprojects is nontrivial. Expert estimationis the most common method, but the method is heavily relying on the experience, knowledge,and intuition of the estimator. The use of a complementary estimation method can increase the accuracy of the assessment. This paper presents a metamodel that combines enterprise architecture modeling concepts with the COCOMO II estimation model. Ourstudy proposes a method combining expert estimation with the metamodel-based approachtoincrease the estimation accuracy. The combination was tested with four project samples at a large Nordic manufacturing company, which resulted in a mean magnitude of relative error of 10%.

  • 19.
    Holm, Hannes
    et al.
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Buschle, Markus
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Ekstedt, Mathias
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Automatic data collection for enterprise architecture models2014In: Software and Systems Modeling, ISSN 1619-1366, E-ISSN 1619-1374, Vol. 13, no 2, p. 825-841Article in journal (Refereed)
    Abstract [en]

    Enterprise Architecture (EA) is an approach used to provide decision support based on organization-wide models. The creation of such models is, however, cumbersome as multiple aspects of an organization need to be considered, making manual efforts time-consuming, and error prone. Thus, the EA approach would be significantly more promising if the data used when creating the models could be collected automatically-a topic not yet properly addressed by either academia or industry. This paper proposes network scanning for automatic data collection and uses an existing software tool for generating EA models (ArchiMate is employed as an example) based on the IT infrastructure of enterprises. While some manual effort is required to make the models fully useful to many practical scenarios (e.g., to detail the actual services provided by IT components), empirical results show that the methodology is accurate and (in its default state) require little effort to carry out.

  • 20.
    Honeth, Nicholas
    et al.
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Buschle, Markus
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Sasi, K. K.
    Electrical and Electronics Engineering, Amrita University, Coimbatore India.
    Nithin, S.
    Electrical and Electronics Engineering, Amrita University, Coimbatore India.
    An Extended ArchiMate Metamodel for Microgrid Control System Architectures2012Conference paper (Refereed)
    Abstract [en]

    Management of various Distributed Energy Resources (DERs) in microgrids requires the integration of heterogeneous control devices and systems. Design and management of such integrated systems would benefit from the application of models that capture structural and functional aspects. These models are important in order to abstract the technical detail for planning and design in order to provide a basis for discussion amongst stakeholders and technical experts. Such models should provide semantics that adequately describe and define these aspects from the electro-technical to the information management perspective during design and implementation. In the discipline of IT management, Enterprise Architecture (EA) is a commonly used approach. The EA approach is typically based on metamodels with ArchiMate being one of the most well known. ArchiMate aims to enable holistic descriptions of businesses and their supporting IT using three layers, namely business, application and technology, from three perspectives, namely information, behavior and structure. While, invaluable for planning and management of large organizational IT, ArchiMate in its original form lacks the descriptive semantics required to specifically capture the high level of systems integration required for electrical process management. This paper proposes an extended ArchiMate metamodel for modeling microgrid components, the control systems, and the management and control of these integrated systems. The paper provides an example of how this can be applied to a proposed microgrid development project.

  • 21.
    Johnson, Pontus
    et al.
    KTH, School of Electrical Engineering (EES), Electric power and energy systems.
    Ekstedt, Mathias
    KTH, School of Electrical Engineering (EES), Electric power and energy systems.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Electric power and energy systems.
    Automatic Probabilistic Enterprise IT Architecture Modeling: a Dynamic Bayesian Networks Approach2016In: 2016 IEEE 20TH INTERNATIONAL ENTERPRISE DISTRIBUTED OBJECT COMPUTING WORKSHOP (EDOCW), IEEE, 2016, p. 122-129Conference paper (Refereed)
    Abstract [en]

    Enterprise architecture modeling and model maintenance are time-consuming and error-prone activities that are typically performed manually. This position paper presents new and innovative ideas on how to automate the modeling of enterprise architectures. We propose to view the problem of modeling as a probabilistic state estimation problem, which is addressed using Dynamic Bayesian Networks (DBN). The proposed approach is described using a motivating example. Sources of machine-readable data about Enterprise Architecture entities are reviewed.

  • 22.
    Johnson, Pontus
    et al.
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Ekstedt, Mathias
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Enterprise Information System Management2007In: Enterprise Architecture: Models and Analyses for Information Systems Decision Making, Studentlitteratur, 2007, p. 54-71Chapter in book (Other academic)
  • 23.
    Johnson, Pontus
    et al.
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Ekstedt, Mathias
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    The Enterprise and Its Information Systems2007In: Enterprise Architecture: Models and Analyses for Information Systems Decision Making, Studentlitteratur, 2007, p. 37-52Chapter in book (Other academic)
  • 24.
    Johnson, Pontus
    et al.
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Ekstedt, Mathias
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Simonsson, Mårten
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Enterprise Architecture at ACME Energy2007In: Enterprice Architecture: Models and Analyses for Information Systems Decision Making, Studentlitteratur, 2007, p. 293-306Chapter in book (Other academic)
  • 25.
    Johnson, Pontus
    et al.
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Ekstedt, Mathias
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Sommestad, Teodor
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
     Introduction2007In: Enterprise Architecture: Models and Analyses for Information Systems Decision Making, Studentlitteratur, 2007, p. 11--36Chapter in book (Other academic)
  • 26.
    Johnson, Pontus
    et al.
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Ekstedt, Mathias
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Närman, Per
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Gustafsson, Pia
    Selecting Enterprise Architecture Models2007In: Enterprise Architecture: Models and Analyses for Information Systems Decision Making, Studentlitteratur, 2007, p. 213-239Chapter in book (Other academic)
  • 27.
    Johnson, Pontus
    et al.
    KTH, School of Electrical Engineering (EES), Electric power and energy systems.
    Gorton, Dan
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Electric power and energy systems.
    Ekstedt, Mathias
    KTH, School of Electrical Engineering (EES), Electric power and energy systems.
    Time between vulnerability disclosures: A measure of software product vulnerability2016In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 62, p. 278-295Article in journal (Refereed)
    Abstract [en]

    Time between vulnerability disclosure (TBVD) for individual analysts is proposed as a meaningful measure of the likelihood of finding a zero-day vulnerability within a given timeframe. Based on publicly available data, probabilistic estimates of the TBVD of various software products are provided. Sixty-nine thousand six hundred forty-six vulnerabilities from the National Vulnerability Database (NVD) and the SecurityFocus Vulnerability Database were harvested, integrated and categorized according to the analysts responsible for their disclosure as well as by the affected software products. Probability distributions were fitted to the TBVD per analyst and product. Among competing distributions, the Gamma distribution demonstrated the best fit, with the shape parameter, k, similar for most products and analysts, while the scale parameter, 8, differed significantly. For forecasting, autoregressive models of the first order were fitted to the TBVD time series for various products. Evaluation demonstrated that forecasting of TBVD on a per product basis was feasible. Products were also characterized by their relative susceptibility to vulnerabilities with impact on confidentiality, integrity and availability respectively. The differences in TBVD between products is significant, e.g. spanning differences of over 500% among the 20 most common software products in our data. Differences are further accentuated by the differing impact, so that, e.g., the mean working time between disclosure of vulnerabilities with a complete impact on integrity (as defined by the Common Vulnerability Scoring System) for Linux (110 days) exceeds that of Windows 7 (6 days) by over 18 times.

  • 28.
    Johnson, Pontus
    et al.
    KTH, School of Electrical Engineering and Computer Science (EECS), Network and Systems engineering.
    Lagerström, Robert
    KTH, School of Electrical Engineering and Computer Science (EECS), Network and Systems engineering.
    Ekstedt, Mathias
    KTH, School of Electrical Engineering and Computer Science (EECS), Network and Systems engineering.
    A Meta Language for Threat Modeling and Attack Simulations2018Conference paper (Refereed)
  • 29.
    Johnson, Pontus
    et al.
    KTH, School of Electrical Engineering (EES), Electric Power and Energy Systems.
    Lagerström, Robert
    KTH, School of Electrical Engineering and Computer Science (EECS), Network and Systems engineering.
    Ekstedt, Mathias
    KTH, School of Electrical Engineering (EES), Electric Power and Energy Systems.
    Franke, Ulrik
    SICS.
    Can the Common Vulnerability Scoring System be Trusted?: A Bayesian Analysis2016In: IEEE Transactions on Dependable and Secure Computing, ISSN 1545-5971, E-ISSN 1941-0018Article in journal (Refereed)
    Abstract [en]

    The Common Vulnerability Scoring System (CVSS) is the state-of-the art system for assessing software vulnerabilities. However, it has been criticized for lack of validity and practitioner relevance. In this paper, the credibility of the CVSS scoring data found in five leading databases – NVD, X-Force, OSVDB, CERT-VN, and Cisco – is assessed. A Bayesian method is used to infer the most probable true values underlying the imperfect assessments of the databases, thus circumventing the problem that ground truth is not known. It is concluded that with the exception of a few dimensions, the CVSS is quite trustworthy. The databases are relatively consistent, but some are better than others. The expected accuracy of each database for a given dimension can be found by marginalizing confusion matrices. By this measure, NVD is the best and OSVDB is the worst of the assessed databases.

  • 30.
    Johnson, Pontus
    et al.
    KTH, School of Electrical Engineering (EES), Electric power and energy systems.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Electric power and energy systems.
    Franke, U.
    Ekstedt, Mathias
    KTH, School of Electrical Engineering (EES), Electric power and energy systems.
    Modeling and analyzing systems-of-systems in the Multi-Attribute Prediction Language (MAPL)2016In: Proceedings - 4th International Workshop on Software Engineering for Systems-of-Systems, SESoS 2016, Association for Computing Machinery (ACM), 2016, p. 1-7Conference paper (Refereed)
    Abstract [en]

    The Multi-Attribute Prediction Language (MAPL), an analysis metamodel for non-functional qualities of systems-ofsystems, is introduced. MAPL features analysis in five nonfunctional areas: service cost, service availability, data accuracy, application coupling, and application size. In addition, MAPL explicitly includes utility modeling to make tradeoffs between the qualities. The paper introduces how each of the five non-functional qualities is modeled and quantitatively analyzed based on the ArchiMate standard for enterprise architecture modeling and the previously published Predictive, Probabilistic Architecture Modeling Framework, building on the well-known UML and OCL formalisms. The main contribution of MAPL lies in combining all five nonfunctional analyses into a single unified framework.

  • 31.
    Johnson, Pontus
    et al.
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Närman, Per
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Simonsson, Marten
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Enterprise architecture analysis with extended influence diagrams2007In: Information Systems Frontiers, ISSN 1387-3326, E-ISSN 1572-9419, Vol. 9, no 2-3, p. 163-180Article in journal (Refereed)
    Abstract [en]

    The discipline of enterprise architecture advocates the use of models to support decision-making on enterprise-wide information system issues. In order to provide such support, enterprise architecture models should be amenable to analyses of various properties, as e.g. the level of enterprise information security. This paper proposes the use of a formal language to support such analysis. Such a language needs to be able to represent causal relations between, and definitions of, various concepts as well as uncertainty with respect to both concepts and relations. To support decision making properly, the language must also allow the representation of goals and decision alternatives. This paper evaluates a number of languages with respect to these requirements, and selects influence diagrams for further consideration. The influence diagrams are then extended to fully satisfy the requirements. The syntax and semantics of the extended influence diagrams are detailed in the paper, and their use is demonstrated in an example.

  • 32.
    Johnson, Pontus
    et al.
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Närman, Per
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Simonsson, Mårten
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Extended influence diagrams for enterprise architecture analysis2006In: 10th IEEE International Enterprise Distributed Object Computing Conference, Proceedings, 2006, p. 3-12Conference paper (Refereed)
    Abstract [en]

    The discipline of enterprise architecture advocates the use of models to support decision-making on enterprise-wide information system issues. In order to provide such support, enterprise architecture models should be amenable to analyses of various properties, as e.g. the level of enterprise information security. This paper proposes the use of a formal language to support such analysis. Such a language needs to be able to represent causal relations between, and definitions of, various concepts as well as uncertainty with respect to both concepts and relations. To support decision-making properly, the language must also allow the representation of goals and decision alternatives. This paper evaluates a number of languages with respect to these requirements, and selects influence diagrams for further consideration. The influence diagrams are then extended to fully satisfy the requirements. The syntax and semantics of the extended influence diagrams are detailed in the paper, and their use is demonstrated in an example.

  • 33.
    Johnson, Pontus
    et al.
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Närman, Per
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Simonsson, Mårten
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Extended Influence Diagrams for System Quality Analysis2007In: Journal of Software, ISSN 1796-217X, Vol. 2, no 3, p. 30-42Article in journal (Refereed)
    Abstract [en]

    Making major changes in enterprise information systems, such as large IT-investments, often have a significant impact on business operations. Moreover, when deliberating which IT-changes to make, the consequences of choosing a certain scenario may be difficult to grasp. One way to ascertain the quality of IT investment decisions is through the use of methods from decision theory. This paper proposes the use of one such method to facilitate IT-investment decision making, viz. extended influence diagrams. An extended influence diagram is a tool able to completely describe and analyse a decision situation. The applicability of extended influence diagrams is demonstrated at the end of the paper by using an extended influence diagram in combination with the ISO/IEC 9126 software quality characteristics and metrics as means to assist a decision maker in a decision regarding an IT-investment.

  • 34.
    Johnson, Pontus
    et al.
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Närman, Per
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Simonsson, Mårten
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    System Quality Analysis with Extended Influence Diagrams2007In: CSMR 2007 Workshop and Special Session papers, 2007Conference paper (Refereed)
    Abstract [en]

    Making major changes in enterprise information systems, such as large IT-investments, often have a significant impact on business operations. Moreover, when deliberating which IT-changes to make, the consequences of choosing a certain scenario may be difficult to grasp. One way to ascertain the quality of IT-investment decisions is through the use of methods from decision theory. This paper proposes the use of one such method to facilitate IT-investment decision making, viz. extended influence diagrams. An extended influence diagram is a tool able to completely desccribe and analyse a decision situation. The applicability of extended influence diagrams is demonstrated at the end of the paper by using an extended influence diagram in combination with the ISO/IEC 9126 software quality metrics as means to assist a decision maker in a decision regarding an IT-investment.

  • 35.
    Johnson, Pontus
    et al.
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Nordström, Lars
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Formalizing analysis of enterprise architecture2007In: Enterprise Interoperability: New Challenges and Approaches, GODALMING: SPRINGER-VERLAG LONDON LTD , 2007, p. 35-44Conference paper (Refereed)
  • 36.
    Johnson, Pontus
    et al.
    KTH, School of Electrical Engineering (EES), Electric Power and Energy Systems.
    Vernotte, Alexandre
    KTH, School of Electrical Engineering (EES), Electric Power and Energy Systems.
    Ekstedt, Mathias
    KTH, School of Electrical Engineering (EES), Electric Power and Energy Systems.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Electric Power and Energy Systems.
    pwnPr3d: an Attack Graph Driven Probabilistic Threat Modeling Approach2016In: Availability, Reliability and Security (ARES), 2016 11th International Conference on, IEEE conference proceedings, 2016Conference paper (Refereed)
    Abstract [en]

    In this paper we introduce pwnPr3d, a probabilistic threat modeling approach for automatic attack graph generation based on network modeling. The aim is to provide stakeholders in organizations with a holistic approach that both provides high-level overview and technical details. Unlike many other threat modeling and attack graph approaches that rely heavily on manual work and security expertise, our language comes with built-in security analysis capabilities. pwnPr3d generates probability distributions over the time to compromise assets.

  • 37.
    Johnson, Pontus
    et al.
    KTH, School of Electrical Engineering (EES), Electric Power and Energy Systems.
    Vernotte, Alexandre
    KTH, School of Electrical Engineering (EES), Electric Power and Energy Systems.
    Gorton, Dan
    Foreseeti AB, Sweden.
    Ekstedt, Mathias
    KTH, School of Electrical Engineering (EES), Electric Power and Energy Systems.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Electric Power and Energy Systems.
    Quantitative Information Security Risk Estimation using Probabilistic Attack Graphs2016In: RISK: International Workshop on Risk Assessment and Risk-driven Testing: 4th International Workshop, RISK 2016, Held in Conjunction with ICTSS 2016, Graz, Austria, October 18, 2016, Revised Selected Papers, Springer, 2016, Vol. 10224, p. 37-52Conference paper (Refereed)
    Abstract [en]

    This paper proposes an approach, called pwnPr3d, for quantitatively estimating information security risk in ICT systems. Unlike many other risk analysis approaches that rely heavily on manual work and security expertise, this approach comes with built-in security risk analysis capabilities. pwnPr3d combines a network architecture modeling language and a probabilistic inference engine to automatically generate an attack graph, making it possible to identify threats along with the likelihood of these threats exploiting a vulnerability. After defining the value of information assets to their organization with regards to confidentiality, integrity and availability breaches, pwnPr3d allows users to automatically quantify information security risk over time, depending on the possible progression of the attacker. As a result, pwnPr3d provides stakeholders in organizations with a holistic approach that both allows high-level overview and technical details.

  • 38.
    Korman, Matus
    et al.
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Ekstedt, Mathias
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Modeling Authorization in Enterprise-wide Contexts2015In: PoEM-SDC 2015: Short and Doctoral Consortium Papers at PoEM 2015: Proceedings of Short and Doctoral Consortium Papers Presented at the 8th IFIP WG 8.1 Working Conference on the Practice of Enterprise Modelling (PoEM 2015) Valencia, Spain, November 10-12, 2015. / [ed] Sergio Espana, Jolita Ralyté, Pnina Soffer, Jelena Zdravkovic, Oscar Pastor, CEUR-WS , 2015, Vol. 1497, p. 81-90Conference paper (Refereed)
    Abstract [en]

    Authorization and its enforcement, access control, has stood at the beginning of the art and science of information security, and remains being a crucial pillar of secure operation of IT. Dozens of different models of access control have been proposed. Although enterprise architecture as a discipline strives to support the management of IT, support for modeling authorization in enterprises is lacking, both in terms of supporting the variety of individual models nowadays used, and in terms of providing a unified metamodel capable of flexibly expressing configurations of all or most of the models. This study summarizes a number of existing models of access control, proposes an unified metamodel mapped to ArchiMate, and illustrates its use on a selection of simple cases.

  • 39.
    Korman, Matus
    et al.
    KTH, School of Electrical Engineering (EES), Electric Power and Energy Systems. KTH, School of Electrical Engineering and Computer Science (EECS), Network and Systems engineering.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Electric Power and Energy Systems. KTH, School of Electrical Engineering and Computer Science (EECS), Network and Systems engineering.
    Ekstedt, Mathias
    KTH, School of Electrical Engineering (EES), Electric Power and Energy Systems. KTH, School of Electrical Engineering and Computer Science (EECS), Network and Systems engineering.
    Modeling Enterprise Authorization: A Unified Metamodel and Initial Validation2016In: Complex Systems Informatics and Modeling Quarterly, ISSN 2255-9922, no 7, p. 1-24Article in journal (Refereed)
    Abstract [en]

    Authorization and its enforcement, access control, have stood at the beginning of the art and science of information security, and remain being crucial pillar of security in the information technology and  enterprises operations. Dozens of different models of access control have been proposed. Although Enterprise Architecture as the discipline strives to support the management of IT, support for modeling access policies in enterprises is often lacking, both in terms of supporting the variety of individual models of access control nowadays used, and in terms of providing a unified ontology capable of flexibly expressing access policies for all or the most of the models.This study summarizes a number of existing models of access control, proposes an unified metamodel mapped to ArchiMate, and illustrates its use on a selection of example scenarios and two cases.

  • 40.
    Korman, Matus
    et al.
    KTH, School of Electrical Engineering (EES), Electric Power and Energy Systems.
    Robert, Lagerström
    KTH, School of Electrical Engineering (EES), Electric Power and Energy Systems.
    Mathias, Ekstedt
    KTH, School of Electrical Engineering (EES), Electric Power and Energy Systems.
    Rikard, Blom
    KTH.
    Technology Management through Architecture Reference Models: A Smart Metering Case2016In: Proceedings of 2016 Portland International Conference on Management of Engineering and Technology, 2016Conference paper (Refereed)
  • 41.
    Korman, Matus
    et al.
    KTH, School of Electrical Engineering (EES), Network and Systems engineering.
    Välja, Margus
    KTH, School of Electrical Engineering (EES), Network and Systems engineering.
    Björkman, Gunnar
    KTH, School of Electrical Engineering (EES), Electric Power and Energy Systems.
    Ekstedt, Mathias
    KTH, School of Electrical Engineering (EES), Network and Systems engineering.
    Vernotte, Alexandre
    KTH, School of Electrical Engineering (EES), Network and Systems engineering.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Network and Systems engineering.
    Analyzing the effectiveness of attack countermeasures in a SCADA system2017In: Proceedings - 2017 2nd Workshop on Cyber-Physical Security and Resilience in Smart Grids, CPSR-SG 2017 (part of CPS Week), Association for Computing Machinery, Inc , 2017, p. 73-78Conference paper (Refereed)
    Abstract [en]

    The SCADA infrastructure is a key component for power grid operations. Securing the SCADA infrastructure against cyber intrusions is thus vital for a well-functioning power grid. However, the task remains a particular challenge, not the least since not all available security mechanisms are easily deployable in these reliability-critical and complex, multi-vendor environments that host modern systems alongside legacy ones, to support a range of sensitive power grid operations. This paper examines how effective a few countermeasures are likely to be in SCADA environments, including those that are commonly considered out of bounds. The results show that granular network segmentation is a particularly effective countermeasure, followed by frequent patching of systems (which is unfortunately still difficult to date). The results also show that the enforcement of a password policy and restrictive network configuration including whitelisting of devices contributes to increased security, though best in combination with granular network segmentation.

  • 42.
    König, Johan
    et al.
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Zhu, Kun
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Nordström, Lars
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Ekstedt, Mathias
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Mapping the Substation Configuration Language of IEC 61850 to ArchiMate2010In: Proceedings - IEEE International Enterprise Distributed Object Computing Workshop, EDOC, IEEE , 2010, p. 60-68Conference paper (Refereed)
    Abstract [en]

    This paper presents a mapping between the Enterprise Architecture framework ArchiMate and the Substation Configuration Language (SCL) of IEC 61850. Enterprise Architecture (EA) is a discipline for managing an enterprise's information system portfolio in relation to the supported business. Metamodels, descriptive models on how to model and one of the core components of EA, can assist stakeholders in many ways, for example in decision-making. Moreover, the power industry is a domain with an augmented reliance on the support of information systems. IEC 61850 is a standard for the design of Substation Automation (SA) systems and provides a vendor independent framework for interoperability by defining communication networks and functions. The SCL is a descriptive language in IEC 61850 on the configuration of substation Intelligent Electronic Devices (IED) which describes the structure together with physical components and their relating functions. By using SCL, which models the architecture of SA systems, and mapping it to ArchiMate, stakeholders are assisted in understanding their SA system and its architecture. The mapping is intended to support the integration of SA systems applying IEC 61850 into the enterprise architecture. The mapping is demonstrated with an example applying the mapping to a SA configuration based on SCL.

  • 43.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Analyzing System Maintainability using Enterprise Architecture Models2007In: Proceedings of the Second Workshop on Trends in Enterprise Architecture Research (TEAR 2007) / [ed] Marc M. Lankhorst and Pontus Johnson, Telematica Instituut , 2007, p. 31-39Conference paper (Refereed)
    Abstract [en]

    A fast and continuously changing business environment demands flexible software systems easy to modify and maintain. Due to the extent of interconnection between systems and the internal quality of each system many IT-decision makers find it difficult predicting the effort of making changes to their systems. To aid IT-decision makers in making better decisions regarding what modifications to make to their systems, this paper proposes extended influence diagrams and enterprise architecture models for maintainability analysis. A framework for assessing maintainability using enterprise architecture models is presented and the approach is illustrated by a fictional example decision situation.

  • 44.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Analyzing System Maintainability using Enterprise Architecture Models2007In: Journal of Enterprise Architecture, ISSN 2166-6768, Vol. 3, no 4, p. 33-41Article in journal (Refereed)
    Abstract [en]

    A fast and continuously changing business environment demands flexible softwaresystems easy to modify and maintain. Due to the extent of interconnection betweensystems and the internal quality of each system many IT decision-makers find it difficultpredicting the effort of making changes to their systems. To aid IT-decision makers inmaking better decisions regarding what modifications to make to their systems, thisarticle proposes extended influence diagrams and enterprise architecture models formaintainability analysis. A framework for assessing maintainability using enterprisearchitecture models is presented and the approach is illustrated by a fictional exampledecision situation.

  • 45.
    Lagerström, Robert
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Enterprise Systems Modifiability Analysis: An Enterprise Architecture Modeling Approach for Decision Making2010Doctoral thesis, comprehensive summary (Other academic)
    Abstract [en]

    Contemporary enterprises depend to great extent on software systems. During the past decades the number of systems has been constantly increasing and these systems have become more integrated with one another. This has lead to a growing complexity in managing software systems and their environment. At the same time business environments today need to progress and change rapidly to keep up with evolving markets. As the business processes change, the systems need to be modified in order to continue supporting the processes.

    The complexity increase and growing demand for rapid change makes the management of enterprise systems a very important issue. In order to achieve effective and efficient management, it is essential to be able to analyze the system modifiability (i.e. estimate the future change cost). This is addressed in the thesis by employing architectural models. The contribution of this thesis is a method for software system modifiability analysis using enterprise architecture models. The contribution includes an enterprise architecture analysis formalism, a modifiability metamodel (i.e. a modeling language), and a method for creating metamodels. The proposed approach allows IT-decision makers to model and analyze change projects. By doing so, high-quality decision support regarding change project costs is received.

    This thesis is a composite thesis consisting of five papers and an introduction. Paper A evaluatesa number of analysis formalisms and proposes extended influence diagrams to be employed for enterprise architecture analysis. Paper B presents the first version of the modifiability metamodel. InPaper C, a method for creating enterprise architecture metamodels is proposed. This method aims to be general, i.e. can be employed for other IT-related quality analyses such as interoperability, security, and availability. The paper does however use modifiability as a running case. The second version of the modifiability metamodel for change project cost estimation is fully described in Paper D. Finally, Paper E validates the proposed method and metamodel by surveying 110 experts and studying 21 change projects at four large Nordic companies. The validation indicates that the method and metamodel are useful, contain the right set of elements and provide good estimation capabilities.

  • 46.
    Lagerström, Robert
    et al.
    KTH, School of Electrical Engineering (EES), Electric Power and Energy Systems.
    Addibpour, Mattin
    Ericsson.
    Heiser, Franz
    Ericsson.
    Product Feature Prioritization using the Hidden Structure Method: A Practical Case at Ericsson2016Conference paper (Refereed)
  • 47.
    Lagerström, Robert
    et al.
    KTH, School of Electrical Engineering (EES), Electric Power and Energy Systems. Harvard Business School, United States.
    Baldwin, C.
    MacCormack, A.
    Sturtevant, D.
    Doolan, L.
    Exploring the relationship between architecture coupling and software vulnerabilities2017In: 9th International Symposium on Engineering Secure Software and Systems, ESSoS 2017, Springer, 2017, Vol. 10379, p. 53-69Conference paper (Refereed)
    Abstract [en]

    Employing software metrics, such as size and complexity, for predicting defects has been given a lot of attention over the years and proven very useful. However, the few studies looking at software architecture and vulnerabilities are limited in scope and findings. We explore the relationship between software vulnerabilities and component metrics (like code churn and cyclomatic complexity), as well as architecture coupling metrics (direct, indirect, and cyclic coupling). Our case is based on the Google Chromium project, an open source project that has not been studied for this topic yet. Our findings show a strong relationship between vulnerabilities and both component level metrics and architecture coupling metrics. 68% of the files associated with a vulnerability are cyclically coupled, compared to 43% of the non-vulnerable files. Our best regression model is a combination of low commenting, high code churn, high direct fan-out within the main cyclic group, and high direct fan-in outside of the main cyclic group.

  • 48.
    Lagerström, Robert
    et al.
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Baldwin, Carliss
    Harvard Business School.
    MacCormack, Alan
    Harvard Business School.
    Visualizing and Measuring Software Portfolio Architecture: A Power Utility Case2015In: Journal of Modern Project Management, ISSN 2317-3963, E-ISSN 1747-0862, Vol. 3, no 2, p. 114-121Article in journal (Refereed)
    Abstract [en]

    In this paper, we test a Design Structure Matrix (DSM) based method for visualizing and measuring software portfolio architectures. Our data is drawn from a power utility company, comprising 192 software applications with 614 dependencies between them.  We show that the architecture of this system can be classified as a “core-periphery” system, meaning it contains a single large dominant cluster of interconnected components (the “Core”) representing 40% of the system. The system has a propagation cost of 44% and architecture flow through of 93%. This case and these findings add another piece of the puzzle suggesting that the method could be effective in uncovering the hidden structure in software portfolio architectures.

  • 49.
    Lagerström, Robert
    et al.
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Baldwin, Carliss
    Harvard Business School.
    MacCormack, Alan
    Harvard Business School.
    Aier, Stephan
    University of St Gallen.
    Visualizing and Measuring Enterprise Application Architecture: An Exploratory Telecom Case2014In: 2014 47th Hawaii International Conference on System Sciences, HICSS, IEEE Computer Society, 2014, p. 3847-3856Conference paper (Refereed)
    Abstract [en]

    We test a method for visualizing and measuring enterprise application architectures. The method was designed and previously used to reveal the hidden internal architectural structure of software applications. The focus of this paper is to test if it can also uncover new facts about the applications and their relationships in an enterprise architecture, i.e., if the method can reveal the hidden external structure between software applications. Our test uses data from a large international telecom company. In total, we analyzed 103 applications and 243 dependencies. Results show that the enterprise application structure can be classified as a core-periphery architecture with a propagation cost of 25%, core size of 34%, and architecture flow through of 64%. These findings suggest that the method could be effective in uncovering the hidden structure of an enterprise application architecture.

  • 50.
    Lagerström, Robert
    et al.
    KTH, School of Electrical Engineering (EES), Industrial Information and Control Systems.
    Baldwin, Carliss
    Harvard Business School.
    MacCormack, Alan
    Harvard Business School.
    Dreyfus, David
    Boston University.
    Visualizing and Measuring Enterprise Architecture: An Exploratory BioPharma Case2013In: The 6th IFIP WG 8.1 working conference on the Practice of Enterprise Modeling (PoEM), 2013, p. 9-23Conference paper (Refereed)
    Abstract [en]

    We test a method for visualizing and measuring enterprise application architectures. The method was designed and previously used to reveal the hidden internal architectural structure of software applications. The focus of this paper is to test if it can also uncover new facts about the applications and their relationships in an enterprise architecture, i.e., if the method can reveal the hidden external structure between software applications. Our test uses data from a large international telecom company. In total, we analyzed 103 applications and 243 dependencies. Results show that the enterprise application structure can be classified as a core-periphery architecture with a propagation cost of 25%, core size of 34%, and architecture flow through of 64%. These findings suggest that the method could be effective in uncovering the hidden structure of an enterprise application architecture.

12 1 - 50 of 95
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf