Endre søk
Begrens søket
123 1 - 50 of 111
RefereraExporteraLink til resultatlisten
Permanent link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Treff pr side
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sortering
  • Standard (Relevans)
  • Forfatter A-Ø
  • Forfatter Ø-A
  • Tittel A-Ø
  • Tittel Ø-A
  • Type publikasjon A-Ø
  • Type publikasjon Ø-A
  • Eldste først
  • Nyeste først
  • Skapad (Eldste først)
  • Skapad (Nyeste først)
  • Senast uppdaterad (Eldste først)
  • Senast uppdaterad (Nyeste først)
  • Disputationsdatum (tidligste først)
  • Disputationsdatum (siste først)
  • Standard (Relevans)
  • Forfatter A-Ø
  • Forfatter Ø-A
  • Tittel A-Ø
  • Tittel Ø-A
  • Type publikasjon A-Ø
  • Type publikasjon Ø-A
  • Eldste først
  • Nyeste først
  • Skapad (Eldste først)
  • Skapad (Nyeste først)
  • Senast uppdaterad (Eldste først)
  • Senast uppdaterad (Nyeste først)
  • Disputationsdatum (tidligste først)
  • Disputationsdatum (siste først)
Merk
Maxantalet träffar du kan exportera från sökgränssnittet är 250. Vid större uttag använd dig av utsökningar.
  • 1. Bjuhr, O.
    et al.
    Segeljakt, K.
    Addibpour, M.
    Heiser, F.
    Lagerström, Robert
    KTH, Skolan för elektroteknik och datavetenskap (EECS), Nätverk och systemteknik.
    Software architecture decoupling at ericsson2017Inngår i: Proceedings - 2017 IEEE International Conference on Software Architecture Workshops, ICSAW 2017: Side Track Proceedings, Institute of Electrical and Electronics Engineers (IEEE), 2017, s. 259-262, artikkel-id 7958500Konferansepaper (Fagfellevurdert)
    Abstract [en]

    In order to evaluate and increase modularity this paper combines a method for visualizing and measuring software architectures and two algorithms for decoupling. The combination is tested on a software system at Ericsson. Our analysis show that the system has one large cluster of components (18% of the system, a Core), all interacting with each other. By employing cluster and dominator analysis we suggest 19 dependencies to be removed in order to decouple the Core. Validating the analysis output with experts at Ericsson six of the suggested dependencies where deemed impossible to remove. By removing the remaining 13 dependencies Ericsson would improve the architecture of their system considerably, e.g. core size would go down to 5%.

  • 2. Blom, Rikard
    et al.
    Korman, Matus
    KTH, Skolan för elektro- och systemteknik (EES), Elkraftteknik.
    Robert, Lagerström
    KTH, Skolan för elektroteknik och datavetenskap (EECS), Nätverk och systemteknik.
    Mathias, Ekstedt
    KTH, Skolan för elektro- och systemteknik (EES), Elkraftteknik.
    Analyzing attack resilience of an advanced meter infrastructure reference model2016Inngår i: Joint Workshop on Cyber-Physical Security and Resilience in Smart Grids (CPSR-SG), IEEE conference proceedings, 2016Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Advanced metering infrastructure (AMI) is a key component of the concept of smart power grids. Although several functional/logical reference models of AMI exist, they are not suited for automated analysis of properties such as cyber security. This paper briefly presents a reference model of AMI that follows a tested and even commercially adopted formalism allowing automated analysis of cyber security. Finally, this paper presents an example cyber security analysis, and discusses its results.

  • 3.
    Buschle, Markus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ullberg, Johan
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Franke, Ulrik
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    A tool for enterprise architecture analysis using the PRM formalism2010Inngår i: CEUR Workshop Proceedings, 2010Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Enterprise architecture advocates model-based decision-making on enterprise-wide information system issues. In order to provide decisionmaking support, enterprise architecture models should not only be descriptive but also enable analysis. This paper presents a software tool, currently under development, for the evaluation of enterprise architecture models. In particular, the paper focuses on how to encode scientific theories so that they can be used for model-based analysis and reasoning under uncertainty. The tool architecture is described, and a case study shows how the tool supports the process of enterprise architecture analysis.

  • 4.
    Buschle, Markus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ullberg, Johan
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Franke, Ulrik
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    A Tool for Enterprise Architecture Analysis Using the PRM Formalism2011Inngår i: INFORMATION SYSTEMS EVOLUTION / [ed] Soffer P; Proper E, 2011, Vol. 72, s. 108-121Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Enterprise architecture advocates for model-based decision-making on enterprise-wide information system issues. In order to provide decision-making support, enterprise architecture models should not only be descriptive but also enable analysis. This paper presents a software tool, currently under development, for the evaluation of enterprise architecture models. In particular, the paper focuses on how to encode scientific theories so that they can be used for model-based analysis and reasoning under uncertainty. The tool architecture is described, and a case study shows how the tool supports the process of enterprise architecture analysis.

  • 5.
    Canat, Mert
    et al.
    KTH, Skolan för elektroteknik och datavetenskap (EECS).
    Català, Nuria
    KTH, Skolan för elektroteknik och datavetenskap (EECS).
    Jourkovski, Alexander
    KTH, Skolan för elektroteknik och datavetenskap (EECS).
    Petrov, Svetlomir
    KTH, Skolan för elektroteknik och datavetenskap (EECS).
    Wellme, Martin
    KTH, Skolan för elektroteknik och datavetenskap (EECS).
    Lagerström, Robert
    KTH, Skolan för elektroteknik och datavetenskap (EECS), Datavetenskap, Nätverk och systemteknik.
    Enterprise Architecture and Agile Development: Friends or Foes?2018Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Nowadays, both agile development and enterprise architecture are often employed in large organizations. However there is still some confusion if these can and should be used together, and there is not much research about the possible interplay. The aim of this study is to bring new knowledge to the field of enterprise architecture and its relation to agile development. Twelve qualitative interviews with professionals in different roles, such as developers and architects, have been carried out. The participants belong to five different companies and the information obtained from them has been used to compare opinions and stated challenges regarding agile and EA. We found that some common opinions among the interviewees are; 1) agile development and enterprise architecture can be combined, 2) there are clear communication problems among architects, different teams, and project owners, and 3) there is a lack of system and application reusability. © 2018 IEEE.

  • 6.
    Ekstedt, Mathias
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Franke, Ulrik
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerstrom, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ullberg, Johan
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Buschle, Markus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    A Tool for Enterprise Architecture Analysis of Maintainability: CSMR 2009, PROCEEDINGS2009Inngår i: EUR CON SFTWR MTNCE REENGR / [ed] Winter A, Knodel J, Los Almitos: IEEE COMPUTER SOC , 2009, s. 327-328Konferansepaper (Fagfellevurdert)
    Abstract [en]

    A tool for Enterprise Architecture analysis using a probabilistic mathematical framework is demonstrated. The Model-View-Controller tool architecture is outlined, before the use of the tool is considered. A sample abstract maintainability model is created, showing the dependence of system maintainability on documentation quality. developer expertise, etc. Finally, a concrete model of an ERP system is discussed.

  • 7.
    Ekstedt, Mathias
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Enterprise Architecture Modeling and Analysis of Quality Attributes: The Multi-Attribute Prediction Language (MAPL)2015Inngår i: Proceedings of the 1st Scandinavian Workshop on the Engineering of Systems-of-Systems (SWESoS 2015) / [ed] Jakob Axelsson, SICS , 2015, s. 10-12Konferansepaper (Annet vitenskapelig)
  • 8.
    Ekstedt, Mathias
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektroteknik och datavetenskap (EECS), Nätverk och systemteknik.
    Gorton, Dan
    Foreseeti AB, Sweden.
    Nydren, Joakim
    Foreseeti AB, Sweden.
    Shahzad, Khurram
    Foreseeti AB, Sweden.
    securiCAD by foreseeti: A CAD tool for enterprise cyber security management2015Inngår i: Proceedings of the 2015 IEEE 19th International Enterprise Distributed Object Computing Conference Workshops and Demonstrations, EDOCW 2015, 2015Konferansepaper (Fagfellevurdert)
    Abstract [en]

    This paper presents a CAD tool for enterprise cyber security management called securiCAD. It is a software developed during ten years of research at KTH Royal Institute of Technology, and it is now being commercialized by foreseeti (a KTH spin-off company). The idea of the tool is similar to CAD tools used when engineers design and test cars, buildings, etc. Specifically, the securiCAD user first models the IT environment, an existing one or one under development, and then securiCAD, using attack graphs, calculates and highlights potential weaknesses and avenues of attacks. The main benefits with securiCAD are; 1) built in security expertise, 2) visualization, 3) holistic security assessments, and 4) scenario comparison (decision-making) capabilities.

  • 9.
    Ekstedt, Mathias
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Närmen, Per
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Chenine, Moustafa
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Setting the Information Systems Goals2007Inngår i: Enterprise Architecture: Models and Analyses for Information Systems Decision Making, Studentlitteratur, 2007, s. 92-152Kapittel i bok, del av antologi (Annet vitenskapelig)
  • 10.
    Elsner, Daniel
    et al.
    TU Munich.
    Khosroshahi, Pouya
    TU Munich.
    MacCormack, Alan
    Harvard.
    Lagerström, Robert
    KTH, Skolan för elektroteknik och datavetenskap (EECS), Nätverk och systemteknik.
    Multivariate Unsupervised Machine Learning for Anomaly Detection in Enterprise Applications2019Konferansepaper (Fagfellevurdert)
  • 11.
    Franke, Ulrik
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Saat, Jan
    Winter, Robert
    Trends in Enterprise Architecture Practice: A Survey2010Inngår i: Lecture Notes in Business Information Processing / [ed] Proper E; Lankhorst MM; Schonherr M; Barjis J; Overbeek S, 2010, Vol. 70, s. 16-29Konferansepaper (Fagfellevurdert)
    Abstract [en]

    In recent years, Enterprise Architecture (EA) has become a discipline for business and IT-system management. While much research focuses on theoretical contributions related to EA, very few studies use statistical tools to analyze empirical data. This paper investigates the actual application of EA, by giving a broad overview of the usage of enterprise architecture in Swedish, German, Austrian and Swiss companies. 162 EA professionals answered a survey originally focusing on the relation between IT/business alignment (ITBA) and EA. The dataset provides answers to questions such as: For how many years have companies been using EA models, tools, processes and roles? How is ITBA in relation to EA perceived at companies? In particular, the survey has investigated quality attributes of EA, related to IT-systems, business and IT governance. One important result is some interesting correlations between how these qualities are prioritized. For example, a high concern for interoperability correlates with a high concern for maintainability.

  • 12.
    Franke, Ulrik
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Höök, David
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    König, Johan
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Närman, Per
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ullberg, Johan
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Gustafsson, Pia
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    EAF(2) - A Framework for Categorizing Enterprise Architecture Frameworks2009Inngår i: SNPD 2009: 10TH ACIS INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, ARTIFICIAL INTELLIGENCES, NETWORKING AND PARALLEL DISTRIBUTED COMPUTING, PROCEEDINGS, LOS ALAMITOS: IEEE COMPUTER SOC , 2009, s. 327-332Konferansepaper (Fagfellevurdert)
    Abstract [en]

    What constitutes an enterprise architecture framework is a contested subject. The contents of present enterprise architecture frameworks thus differ substantially. This paper aims to alleviate the confusion regarding which framework contains what by proposing a meta framework for enterprise architecture frameworks. By using this meta framework, decision makers are able to express their requirements on what their enterprise architecture framework must contain and also to evaluate whether the existing frameworks meets these requirements. An example classification of common EA frameworks illustrates the approach.

  • 13.
    Franke, Ulrik
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ullberg, Johan
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Höök, David
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    König, Johan
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    A formal method for cost and accuracy trade-off analysis in software assessment measures2009Inngår i: RCIS 2009: PROCEEDINGS OF THE IEEE INTERNATIONAL CONFERENCE ON RESEARCH CHALLENGES IN INFORMATION SCIENCE, NEW YORK: IEEE , 2009, s. 295-302Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Creating accurate models of information systems is an important but challenging task. It is generally well understood that such modeling encompasses general scientific issues, but the monetary aspects of the modeling of software systems are not equally well acknowledged. The present paper describes a method using Bayesian networks for optimizing modeling strategies, perceived as a trade-off between these two aspects. Using GeNIe, a graphical tool with the proper Bayesian algorithms implemented, decision support can thus be provided to the modeling process. Specifically, an informed trade-off can be made, based on the modeler's prior knowledge of the predictive power of certain models, combined with his projection of their costs. It is argued that this method might enhance modeling of large and complex software systems in two principal ways: Firstly, by enforcing rigor and making hidden assumptions explicit. Secondly, by enforcing cost awareness even in the early phases of modeling. The method should be used primarily when the choice of modeling can have great economic repercussions.

  • 14.
    Franke, Ulrik
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ullberg, Johan
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Höök, David
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    König, Johan
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    A Method for Choosing Software Assessment Measures using Bayesian Networks and Diagnosis: CSMR 2009, PROCEEDINGS2009Inngår i: 13TH EUROPEAN CONFERENCE ON SOFTWARE MAINTENANCE AND REENGINEERING: CSMR 2009, PROCEEDINGS / [ed] Winter A, Knodel J, LOS ALAMITOS, CA.: IEEE COMPUTER SOC. , 2009, s. 241-245Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Creating accurate models of information systems is an important but challenging task. While the scienti c aspects of such modeling are generally acknowledged, the monetary aspects of the modeling of software systems are not. The present paper describes a Bayesian method for optimizing modeling strategies, perceived as a trade-off between these two aspects. Speci cally, an informed trade-off can be made, based on the modeler's prior knowledge of the predictive power of certain models, combined with her projection of the costs. It is argued that this method enhances modeling of large and complex software systems in two principal ways: Firstly, by enforcing rigor and making hidden assumptions explicit. Secondly, by enforcing cost awareness even in the early phases of modeling. The method should be used primarily when the choice of modeling can have great economic repercussions.

  • 15.
    Franke, Ulrik
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ullberg, Johan
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Decision Support oriented Enterprise Architecture Metamodel Management using Classification Trees2009Inngår i: 2009 13TH ENTERPRISE DISTRIBUTED OBJECT COMPUTING CONFERENCE WORKSHOPS (EDOCW 2009) / [ed] Tosic, V., NEW YORK: IEEE , 2009, s. 328-335Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Models are an integral part of the discipline of Enterprise Architecture (EA). To stay relevant to management decision-making needs, the models need to be based upon suitable metamodels. These metamodels, in turn, need to be properly and continuously maintained. While there exists several methods for metamodel development and maintenance, these typically focus on internal metamodel qualities and metamodel engineering processes, rather than on the actual decision-making needs and their impact on the metamodels used. The present paper employs techniques from information theory and learning classification trees to propose a method for metamodel management based upon the value added by entities and attributes to the decision-making process. This allows for the removal of those metamodel parts that give the least "bang for the bucks" in terms of decision support. The method proposed is illustrated using real data from an ongoing research project on systems modifiability

  • 16.
    Gingnell, Liv
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ericsson, Evelina
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lilliesköld, Joakim
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    A Case Study on Product Development Performance Measurement2012Inngår i: Proceedings of The 2012 International Conference on Innovation, Management and Technology, 2012Konferansepaper (Fagfellevurdert)
    Abstract [en]

    This paper presents a case study that evaluates the performance of the product development performance measurement system used in a Swedish company that is a part of a global corporate group. The study is based on internal documentation and eighteen indepth interviews with stakeholders involved in the product development process. The results from the case study include a description of what metrics that are in use, how these are employed, and its effect on the quality of the performance measurement system. Especially, the importance of having a well-defined process proved to have a major impact on the quality of the performance measurement system in this particular case.

  • 17.
    Gingnell, Liv
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ericsson, Evelina
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lilliesköld, Joakim
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    STRATEGIC PERFORMANCE MEASUREMENT IN PRODUCT DEVELOPMENT: A case study on a Swedish company2012Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Performance evaluation of product development processes is becoming increasingly important as many companies experience tougher competition and shorter product life cycles. This article, based on a case study on a Swedish company investigates the needs and requirements that the company have on a future performance measurement system for product development. The requirements were found to mostly consider cooperation between functions, co-worker motivation and cost-efficient product solutions. These focus areas are common problems in product development since they are addressed in development concepts like Lean Product Development and Design for Six Sigma. Therefore, more research about how they can be supported by performance measurement system for product development would be of interest.

  • 18.
    Gingnell, Liv
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Franke, Ulrik
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ericsson, Evelina
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lilliesköld, Joakim
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Quantifying Success Factors for IT Projects-An Expert-Based Bayesian Model2014Inngår i: Information systems management, ISSN 1058-0530, E-ISSN 1934-8703, Vol. 31, nr 1, s. 21-36Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    Large investments are made annually to develop and maintain IT systems. Successful outcome of IT projects is therefore crucial for the economy. Yet, many IT projects fail completely or are delayed or over budget, or they end up with less functionality than planned. This article describes a Bayesian decision-support model. The model is based on expert elicited data from 51 experts. Using this model, the effect management decisions have upon projects can be estimated beforehand, thus providing decision support for the improvement of IT project performance.

  • 19.
    Hacks, Simon
    et al.
    KTH, Skolan för elektroteknik och datavetenskap (EECS), Datavetenskap, Nätverk och systemteknik.
    Hacks, Alexander
    Universität Duisburg-Essen, Duisburg, Germany.
    Katsikeas, Sotirios
    KTH, Skolan för elektroteknik och datavetenskap (EECS), Datavetenskap, Nätverk och systemteknik.
    Klaer, Benedikt
    Institute for High Voltage Technology, RWTH Aachen University, Aachen, Germany.
    Lagerström, Robert
    KTH, Skolan för elektroteknik och datavetenskap (EECS), Datavetenskap, Nätverk och systemteknik.
    Creating MAL Instances Using ArchiMate on the Example of Attacks on Power Plants and Power Grids2019Inngår i: Proceeding of the 2019 IEEE 23rd International Enterprise Distributed Object Computing Conference (EDOC), IEEE, 2019Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Cyber-attacks on power assets can have disastrous consequences for individuals, regions, and whole nations. In order to respond to these threats, the assessment of power grids' and plants' cyber security can foster a higher degree of safety for the whole infrastructure dependent on power. Hitherto, we propose the use of attack simulations based on system architecture models. To reduce the effort of creating new attack graphs for each system of a given type, domain-specific attack languages may be employed. They codify common attack logics of the considered domain. Previously, MAL (the Meta Attack Language) was proposed, which serves as a framework to develop domain specific attack languages. We extend the tool set of MAL by developing an approach to model security domains in ArchiMate notation. Next, those models are used to create a MAL instance, which reflects the concepts modeled in ArchiMate. These instances serve as input to simulate attacks on certain systems. To show the applicability of our approach, we conduct two case studies in the power domain. On the one hand, we model a thermal power plant and possible attacks on it. On the other hand, we use the attack on the Ukrainian power grid for our case study.

  • 20.
    Heiding, Fredrik
    et al.
    KTH, Skolan för elektroteknik och datavetenskap (EECS), Datavetenskap, Nätverk och systemteknik.
    Omer, Mohammad-Ali
    KTH, Skolan för elektroteknik och datavetenskap (EECS), Datavetenskap, Nätverk och systemteknik.
    Wallström, Andreas
    KTH, Skolan för elektroteknik och datavetenskap (EECS), Datavetenskap, Nätverk och systemteknik.
    Lagerström, Robert
    KTH, Skolan för elektroteknik och datavetenskap (EECS), Datavetenskap, Nätverk och systemteknik.
    Securing IoT devices using Geographic and Continuous Login Blocking: A honeypot study2020Konferansepaper (Fagfellevurdert)
    Abstract [en]

    IoT (Internet of Things) devices have grown exponentially in the last years, both in the sheer number of devices and concerning areas of applications being introduced. Together with this rapid development we are faced with an increased need for IoT Security. Devices that have previously been analogue, such as refrigerators, door locks, and cars are now turning digital and are exposed to the threats posed by an Internet connection. This paper investigates how two existing security features (geographic IP Blocking with GeoIP and rate-limited connections with fail2ban) can be used to enhance the security of IoT devices. We analyze the success of each method by comparing units with and without the security features, collecting and comparing data about the received attacks for both kinds. The result shows that the GeoIP security feature can reduce attacks by roughly 93% and fail2ban by up to 99%. Further work in the field is encouraged to validate our findings, create better GeoIP tools, and to better understand the potential of the security techniques at a larger scale. The security features are implemented in aws instances made to simulate IoT devices, and measured with honeypots and IDSs (Intrusion Detection Systems) that collect data from the received attacks. The research is made as a fundamental work to later be extended by implementing the security features in more devices, such as single board computers that will simulate IoT devies even more accurately.

  • 21.
    Heiser, Franz
    et al.
    Ericsson.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Addibpour, Mattin
    Ericsson.
    Revealing Hidden Structures in Organizational Transformation: A Case Study2015Konferansepaper (Fagfellevurdert)
    Abstract [en]

    EA initiatives are usually spanning the entire enterprise on high level. While, a typical development organization (could be a business unit within a larger enterprise) often has detailed models describing their product, the enterprise architecture on the business unit level is handled in an ad hoc or detached way. However, research shows that there is a tight link between the product architecture and its developing organization. In this paper we have studied an organization within Ericsson, which focuses on the development of large software and hardware products. We have applied the hidden structure method, which is based on the Design Structure Matrix approach, to analyze of organizational transformations. The to-be scenarios are possible alternatives in trying to become more agile and lean. Our analysis shows that one scenario likely increases the complexity of developing the product, while the other two suggestions are both promising to-be scenarios.

  • 22.
    Hjalmarsson, Alexander
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Korman, Matus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Software Migration Project Cost Estimation using COCOMO II and Enterprise Architecture Modeling2013Inngår i: CEUR Workshop Proceedings, 2013, s. 39-48Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Large amounts of software are running on what is considered to be legacy platforms. These systems are often business critical and cannot be phased out without a proper replacement. Migration of these legacy applications can be troublesome due to poor documentation and a changing workforce. Estimating the costof suchprojects is nontrivial. Expert estimationis the most common method, but the method is heavily relying on the experience, knowledge,and intuition of the estimator. The use of a complementary estimation method can increase the accuracy of the assessment. This paper presents a metamodel that combines enterprise architecture modeling concepts with the COCOMO II estimation model. Ourstudy proposes a method combining expert estimation with the metamodel-based approachtoincrease the estimation accuracy. The combination was tested with four project samples at a large Nordic manufacturing company, which resulted in a mean magnitude of relative error of 10%.

  • 23.
    Holm, Hannes
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Buschle, Markus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Automatic data collection for enterprise architecture models2014Inngår i: Software and Systems Modeling, ISSN 1619-1366, E-ISSN 1619-1374, Vol. 13, nr 2, s. 825-841Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    Enterprise Architecture (EA) is an approach used to provide decision support based on organization-wide models. The creation of such models is, however, cumbersome as multiple aspects of an organization need to be considered, making manual efforts time-consuming, and error prone. Thus, the EA approach would be significantly more promising if the data used when creating the models could be collected automatically-a topic not yet properly addressed by either academia or industry. This paper proposes network scanning for automatic data collection and uses an existing software tool for generating EA models (ArchiMate is employed as an example) based on the IT infrastructure of enterprises. While some manual effort is required to make the models fully useful to many practical scenarios (e.g., to detail the actual services provided by IT components), empirical results show that the methodology is accurate and (in its default state) require little effort to carry out.

  • 24.
    Honeth, Nicholas
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Buschle, Markus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sasi, K. K.
    Electrical and Electronics Engineering, Amrita University, Coimbatore India.
    Nithin, S.
    Electrical and Electronics Engineering, Amrita University, Coimbatore India.
    An Extended ArchiMate Metamodel for Microgrid Control System Architectures2012Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Management of various Distributed Energy Resources (DERs) in microgrids requires the integration of heterogeneous control devices and systems. Design and management of such integrated systems would benefit from the application of models that capture structural and functional aspects. These models are important in order to abstract the technical detail for planning and design in order to provide a basis for discussion amongst stakeholders and technical experts. Such models should provide semantics that adequately describe and define these aspects from the electro-technical to the information management perspective during design and implementation. In the discipline of IT management, Enterprise Architecture (EA) is a commonly used approach. The EA approach is typically based on metamodels with ArchiMate being one of the most well known. ArchiMate aims to enable holistic descriptions of businesses and their supporting IT using three layers, namely business, application and technology, from three perspectives, namely information, behavior and structure. While, invaluable for planning and management of large organizational IT, ArchiMate in its original form lacks the descriptive semantics required to specifically capture the high level of systems integration required for electrical process management. This paper proposes an extended ArchiMate metamodel for modeling microgrid components, the control systems, and the management and control of these integrated systems. The paper provides an example of how this can be applied to a proposed microgrid development project.

  • 25.
    Johnson, Pontus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Elkraftteknik.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Elkraftteknik.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Elkraftteknik.
    Automatic Probabilistic Enterprise IT Architecture Modeling: a Dynamic Bayesian Networks Approach2016Inngår i: 2016 IEEE 20TH INTERNATIONAL ENTERPRISE DISTRIBUTED OBJECT COMPUTING WORKSHOP (EDOCW), IEEE, 2016, s. 122-129Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Enterprise architecture modeling and model maintenance are time-consuming and error-prone activities that are typically performed manually. This position paper presents new and innovative ideas on how to automate the modeling of enterprise architectures. We propose to view the problem of modeling as a probabilistic state estimation problem, which is addressed using Dynamic Bayesian Networks (DBN). The proposed approach is described using a motivating example. Sources of machine-readable data about Enterprise Architecture entities are reviewed.

  • 26.
    Johnson, Pontus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Enterprise Information System Management2007Inngår i: Enterprise Architecture: Models and Analyses for Information Systems Decision Making, Studentlitteratur, 2007, s. 54-71Kapittel i bok, del av antologi (Annet vitenskapelig)
  • 27.
    Johnson, Pontus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    The Enterprise and Its Information Systems2007Inngår i: Enterprise Architecture: Models and Analyses for Information Systems Decision Making, Studentlitteratur, 2007, s. 37-52Kapittel i bok, del av antologi (Annet vitenskapelig)
  • 28.
    Johnson, Pontus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Simonsson, Mårten
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Enterprise Architecture at ACME Energy2007Inngår i: Enterprice Architecture: Models and Analyses for Information Systems Decision Making, Studentlitteratur, 2007, s. 293-306Kapittel i bok, del av antologi (Annet vitenskapelig)
  • 29.
    Johnson, Pontus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
     Introduction2007Inngår i: Enterprise Architecture: Models and Analyses for Information Systems Decision Making, Studentlitteratur, 2007, s. 11--36Kapittel i bok, del av antologi (Annet vitenskapelig)
  • 30.
    Johnson, Pontus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Närman, Per
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Gustafsson, Pia
    Selecting Enterprise Architecture Models2007Inngår i: Enterprise Architecture: Models and Analyses for Information Systems Decision Making, Studentlitteratur, 2007, s. 213-239Kapittel i bok, del av antologi (Annet vitenskapelig)
  • 31.
    Johnson, Pontus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Elkraftteknik.
    Gorton, Dan
    Foreseeti, Stockholm, Sweden.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Elkraftteknik.
    Time between vulnerability disclosures: A measure of software product vulnerability2016Inngår i: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 62, s. 278-295Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    Time between vulnerability disclosure (TBVD) for individual analysts is proposed as a meaningful measure of the likelihood of finding a zero-day vulnerability within a given timeframe. Based on publicly available data, probabilistic estimates of the TBVD of various software products are provided. Sixty-nine thousand six hundred forty-six vulnerabilities from the National Vulnerability Database (NVD) and the SecurityFocus Vulnerability Database were harvested, integrated and categorized according to the analysts responsible for their disclosure as well as by the affected software products. Probability distributions were fitted to the TBVD per analyst and product. Among competing distributions, the Gamma distribution demonstrated the best fit, with the shape parameter, k, similar for most products and analysts, while the scale parameter, 8, differed significantly. For forecasting, autoregressive models of the first order were fitted to the TBVD time series for various products. Evaluation demonstrated that forecasting of TBVD on a per product basis was feasible. Products were also characterized by their relative susceptibility to vulnerabilities with impact on confidentiality, integrity and availability respectively. The differences in TBVD between products is significant, e.g. spanning differences of over 500% among the 20 most common software products in our data. Differences are further accentuated by the differing impact, so that, e.g., the mean working time between disclosure of vulnerabilities with a complete impact on integrity (as defined by the Common Vulnerability Scoring System) for Linux (110 days) exceeds that of Windows 7 (6 days) by over 18 times.

  • 32.
    Johnson, Pontus
    et al.
    KTH, Skolan för elektroteknik och datavetenskap (EECS), Datavetenskap, Nätverk och systemteknik.
    Lagerström, Robert
    KTH, Skolan för elektroteknik och datavetenskap (EECS), Datavetenskap, Nätverk och systemteknik.
    Ekstedt, Mathias
    KTH, Skolan för elektroteknik och datavetenskap (EECS), Datavetenskap, Nätverk och systemteknik.
    A Meta Language for Threat Modeling and Attack Simulations2018Inngår i: ACM International Conference Proceeding Series, 2018Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Attack simulations may be used to assess the cyber security of systems. In such simulations, the steps taken by an attacker in order to compromise sensitive system assets are traced, and a time estimate may be computed from the initial step to the compromise of assets of interest. Attack graphs constitute a suitable formalism for the modeling of attack steps and their dependencies, allowing the subsequent simulation. To avoid the costly proposition of building new attack graphs for each system of a given type, domain-specific attack languages may be used. These languages codify the generic attack logic of the considered domain, thus facilitating the modeling, or instantiation, of a specific system in the domain. Examples of possible cyber security domains suitable for domain-specific attack languages are generic types such as cloud systems or embedded systems but may also be highly specialized kinds, e.g. Ubuntu installations; the objects of interest as well as the attack logic will differ significantly between such domains. In this paper, we present the Meta Attack Language (MAL), which may be used to design domain-specific attack languages such as the aforementioned. The MAL provides a formalism that allows the semi-automated generation as well as the efficient computation of very large attack graphs. We declare the formal background to MAL, define its syntax and semantics, exemplify its use with a small domain-specific language and instance model, and report on the computational performance.

  • 33.
    Johnson, Pontus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Elkraftteknik.
    Lagerström, Robert
    KTH, Skolan för elektroteknik och datavetenskap (EECS), Nätverk och systemteknik.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Elkraftteknik.
    Franke, Ulrik
    SICS.
    Can the Common Vulnerability Scoring System be Trusted?: A Bayesian Analysis2018Inngår i: IEEE Transactions on Dependable and Secure Computing, ISSN 1545-5971, E-ISSN 1941-0018, Vol. 15, nr 6, s. 1002-1015, artikkel-id 7797152Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    The Common Vulnerability Scoring System (CVSS) is the state-of-the art system for assessing software vulnerabilities. However, it has been criticized for lack of validity and practitioner relevance. In this paper, the credibility of the CVSS scoring data found in five leading databases – NVD, X-Force, OSVDB, CERT-VN, and Cisco – is assessed. A Bayesian method is used to infer the most probable true values underlying the imperfect assessments of the databases, thus circumventing the problem that ground truth is not known. It is concluded that with the exception of a few dimensions, the CVSS is quite trustworthy. The databases are relatively consistent, but some are better than others. The expected accuracy of each database for a given dimension can be found by marginalizing confusion matrices. By this measure, NVD is the best and OSVDB is the worst of the assessed databases.

  • 34.
    Johnson, Pontus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Elkraftteknik.
    Lagerström, Robert
    KTH, Skolan för elektroteknik och datavetenskap (EECS), Nätverk och systemteknik.
    Franke, U.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Elkraftteknik.
    Modeling and analyzing systems-of-systems in the Multi-Attribute Prediction Language (MAPL)2016Inngår i: Proceedings - 4th International Workshop on Software Engineering for Systems-of-Systems, SESoS 2016, Association for Computing Machinery (ACM), 2016, s. 1-7Konferansepaper (Fagfellevurdert)
    Abstract [en]

    The Multi-Attribute Prediction Language (MAPL), an analysis metamodel for non-functional qualities of systems-ofsystems, is introduced. MAPL features analysis in five nonfunctional areas: service cost, service availability, data accuracy, application coupling, and application size. In addition, MAPL explicitly includes utility modeling to make tradeoffs between the qualities. The paper introduces how each of the five non-functional qualities is modeled and quantitatively analyzed based on the ArchiMate standard for enterprise architecture modeling and the previously published Predictive, Probabilistic Architecture Modeling Framework, building on the well-known UML and OCL formalisms. The main contribution of MAPL lies in combining all five nonfunctional analyses into a single unified framework.

  • 35.
    Johnson, Pontus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Närman, Per
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Simonsson, Marten
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Enterprise architecture analysis with extended influence diagrams2007Inngår i: Information Systems Frontiers, ISSN 1387-3326, E-ISSN 1572-9419, Vol. 9, nr 2-3, s. 163-180Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    The discipline of enterprise architecture advocates the use of models to support decision-making on enterprise-wide information system issues. In order to provide such support, enterprise architecture models should be amenable to analyses of various properties, as e.g. the level of enterprise information security. This paper proposes the use of a formal language to support such analysis. Such a language needs to be able to represent causal relations between, and definitions of, various concepts as well as uncertainty with respect to both concepts and relations. To support decision making properly, the language must also allow the representation of goals and decision alternatives. This paper evaluates a number of languages with respect to these requirements, and selects influence diagrams for further consideration. The influence diagrams are then extended to fully satisfy the requirements. The syntax and semantics of the extended influence diagrams are detailed in the paper, and their use is demonstrated in an example.

  • 36.
    Johnson, Pontus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Närman, Per
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Simonsson, Mårten
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Extended influence diagrams for enterprise architecture analysis2006Inngår i: 10th IEEE International Enterprise Distributed Object Computing Conference, Proceedings, 2006, s. 3-12Konferansepaper (Fagfellevurdert)
    Abstract [en]

    The discipline of enterprise architecture advocates the use of models to support decision-making on enterprise-wide information system issues. In order to provide such support, enterprise architecture models should be amenable to analyses of various properties, as e.g. the level of enterprise information security. This paper proposes the use of a formal language to support such analysis. Such a language needs to be able to represent causal relations between, and definitions of, various concepts as well as uncertainty with respect to both concepts and relations. To support decision-making properly, the language must also allow the representation of goals and decision alternatives. This paper evaluates a number of languages with respect to these requirements, and selects influence diagrams for further consideration. The influence diagrams are then extended to fully satisfy the requirements. The syntax and semantics of the extended influence diagrams are detailed in the paper, and their use is demonstrated in an example.

  • 37.
    Johnson, Pontus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Närman, Per
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Simonsson, Mårten
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Extended Influence Diagrams for System Quality Analysis2007Inngår i: Journal of Software, ISSN 1796-217X, Vol. 2, nr 3, s. 30-42Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    Making major changes in enterprise information systems, such as large IT-investments, often have a significant impact on business operations. Moreover, when deliberating which IT-changes to make, the consequences of choosing a certain scenario may be difficult to grasp. One way to ascertain the quality of IT investment decisions is through the use of methods from decision theory. This paper proposes the use of one such method to facilitate IT-investment decision making, viz. extended influence diagrams. An extended influence diagram is a tool able to completely describe and analyse a decision situation. The applicability of extended influence diagrams is demonstrated at the end of the paper by using an extended influence diagram in combination with the ISO/IEC 9126 software quality characteristics and metrics as means to assist a decision maker in a decision regarding an IT-investment.

  • 38.
    Johnson, Pontus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Närman, Per
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Simonsson, Mårten
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    System Quality Analysis with Extended Influence Diagrams2007Inngår i: CSMR 2007 Workshop and Special Session papers, 2007Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Making major changes in enterprise information systems, such as large IT-investments, often have a significant impact on business operations. Moreover, when deliberating which IT-changes to make, the consequences of choosing a certain scenario may be difficult to grasp. One way to ascertain the quality of IT-investment decisions is through the use of methods from decision theory. This paper proposes the use of one such method to facilitate IT-investment decision making, viz. extended influence diagrams. An extended influence diagram is a tool able to completely desccribe and analyse a decision situation. The applicability of extended influence diagrams is demonstrated at the end of the paper by using an extended influence diagram in combination with the ISO/IEC 9126 software quality metrics as means to assist a decision maker in a decision regarding an IT-investment.

  • 39.
    Johnson, Pontus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Nordström, Lars
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Formalizing analysis of enterprise architecture2007Inngår i: Enterprise Interoperability: New Challenges and Approaches, GODALMING: SPRINGER-VERLAG LONDON LTD , 2007, s. 35-44Konferansepaper (Fagfellevurdert)
  • 40.
    Johnson, Pontus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Elkraftteknik.
    Vernotte, Alexandre
    KTH, Skolan för elektro- och systemteknik (EES), Elkraftteknik.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Elkraftteknik.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Elkraftteknik.
    pwnPr3d: an Attack Graph Driven Probabilistic Threat Modeling Approach2016Inngår i: Availability, Reliability and Security (ARES), 2016 11th International Conference on, IEEE conference proceedings, 2016Konferansepaper (Fagfellevurdert)
    Abstract [en]

    In this paper we introduce pwnPr3d, a probabilistic threat modeling approach for automatic attack graph generation based on network modeling. The aim is to provide stakeholders in organizations with a holistic approach that both provides high-level overview and technical details. Unlike many other threat modeling and attack graph approaches that rely heavily on manual work and security expertise, our language comes with built-in security analysis capabilities. pwnPr3d generates probability distributions over the time to compromise assets.

  • 41.
    Johnson, Pontus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Elkraftteknik.
    Vernotte, Alexandre
    KTH, Skolan för elektro- och systemteknik (EES), Elkraftteknik.
    Gorton, Dan
    Foreseeti AB, Sweden.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Elkraftteknik.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Elkraftteknik.
    Quantitative Information Security Risk Estimation using Probabilistic Attack Graphs2016Inngår i: RISK: International Workshop on Risk Assessment and Risk-driven Testing: 4th International Workshop, RISK 2016, Held in Conjunction with ICTSS 2016, Graz, Austria, October 18, 2016, Revised Selected Papers, Springer, 2016, Vol. 10224, s. 37-52Konferansepaper (Fagfellevurdert)
    Abstract [en]

    This paper proposes an approach, called pwnPr3d, for quantitatively estimating information security risk in ICT systems. Unlike many other risk analysis approaches that rely heavily on manual work and security expertise, this approach comes with built-in security risk analysis capabilities. pwnPr3d combines a network architecture modeling language and a probabilistic inference engine to automatically generate an attack graph, making it possible to identify threats along with the likelihood of these threats exploiting a vulnerability. After defining the value of information assets to their organization with regards to confidentiality, integrity and availability breaches, pwnPr3d allows users to automatically quantify information security risk over time, depending on the possible progression of the attacker. As a result, pwnPr3d provides stakeholders in organizations with a holistic approach that both allows high-level overview and technical details.

  • 42.
    Katsikeas, Sotirios
    et al.
    KTH, Skolan för elektroteknik och datavetenskap (EECS), Nätverk och systemteknik.
    Johnson, Pontus
    KTH, Skolan för elektroteknik och datavetenskap (EECS), Nätverk och systemteknik.
    Hacks, Simon
    Lagerström, Robert
    KTH, Skolan för elektroteknik och datavetenskap (EECS), Nätverk och systemteknik.
    Probabilistic Modeling and Simulation of Vehicular Cyber Attacks: An Application of the Meta Attack Language2019Inngår i: ICISSP 2019 - Proceedings of the 5th International Conference on Information Systems Security and Privacy, SciTePress, 2019, s. 175-182Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Attack simulations are a feasible means to assess the cyber security of systems. The simulations trace the steps taken by an attacker to compromise sensitive system assets. Moreover, they allow to estimate the time conducted by the intruder from the initial step to the compromise of assets of interest. One commonly accepted approach for such simulations are attack graphs, which model the attack steps and their dependencies in a formal way. To reduce the effort of creating new attack graphs for each system of a given type, domain-specific attack languages may be employed. They codify common attack logics of the considered domain. Consequently, they ease the reuse of models and, thus, facilitate the modeling of a specific system in the domain. Previously, MAL (the Meta Attack Language) was proposed, which serves as a framework to develop domain specific attack languages. In this article, we present vehicleLang, a Domain Specific Language (DSL) which can be used to model vehicles with respect to their IT infrastructure and to analyze their weaknesses related to known attacks. To model domain specifics in our language, we rely on existing literature and verify the language using an interview with a domain expert from the automotive industry. To evaluate our results, we perform a Systematic Literature Review (SLR) to identify possible attacks against vehicles. Those attacks serve as a blueprint for test cases checked against the vehicleLang specification.

  • 43.
    Korman, Matus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Modeling Authorization in Enterprise-wide Contexts2015Inngår i: PoEM-SDC 2015: Short and Doctoral Consortium Papers at PoEM 2015: Proceedings of Short and Doctoral Consortium Papers Presented at the 8th IFIP WG 8.1 Working Conference on the Practice of Enterprise Modelling (PoEM 2015) Valencia, Spain, November 10-12, 2015. / [ed] Sergio Espana, Jolita Ralyté, Pnina Soffer, Jelena Zdravkovic, Oscar Pastor, CEUR-WS , 2015, Vol. 1497, s. 81-90Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Authorization and its enforcement, access control, has stood at the beginning of the art and science of information security, and remains being a crucial pillar of secure operation of IT. Dozens of different models of access control have been proposed. Although enterprise architecture as a discipline strives to support the management of IT, support for modeling authorization in enterprises is lacking, both in terms of supporting the variety of individual models nowadays used, and in terms of providing a unified metamodel capable of flexibly expressing configurations of all or most of the models. This study summarizes a number of existing models of access control, proposes an unified metamodel mapped to ArchiMate, and illustrates its use on a selection of simple cases.

  • 44.
    Korman, Matus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Elkraftteknik.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Elkraftteknik.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Elkraftteknik.
    Modeling Enterprise Authorization: A Unified Metamodel and Initial Validation2016Inngår i: Complex Systems Informatics and Modeling Quarterly, ISSN 2255-9922, nr 7, s. 1-24Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    Authorization and its enforcement, access control, have stood at the beginning of the art and science of information security, and remain being crucial pillar of security in the information technology and  enterprises operations. Dozens of different models of access control have been proposed. Although Enterprise Architecture as the discipline strives to support the management of IT, support for modeling access policies in enterprises is often lacking, both in terms of supporting the variety of individual models of access control nowadays used, and in terms of providing a unified ontology capable of flexibly expressing access policies for all or the most of the models.This study summarizes a number of existing models of access control, proposes an unified metamodel mapped to ArchiMate, and illustrates its use on a selection of example scenarios and two cases.

  • 45.
    Korman, Matus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Nätverk och systemteknik.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Nätverk och systemteknik.
    Välja, Margus
    KTH.
    Ekstedt, Mathias
    KTH, Skolan för datavetenskap och kommunikation (CSC).
    Blom, Rikard
    KTH.
    Technology Management through Architecture Reference Models: A Smart Metering Case2016Inngår i: PORTLAND INTERNATIONAL CONFERENCE ON MANAGEMENT OF ENGINEERING AND TECHNOLOGY (PICMET 2016): TECHNOLOGY MANAGEMENT FOR SOCIAL INNOVATION / [ed] Kocaoglu, DF Anderson, TR Daim, TU Kozanoglu, DC Niwa, K Perman, G, IEEE , 2016, s. 2338-2350Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Enterprise architecture (EA) has become an essential part of managing technology in large enterprises. These days, automated analysis of EA is gaining increased attention. That is, using models of business and technology combined in order to analyze aspects such as cyber security, complexity, cost, performance, and availability. However, gathering all information needed and creating models for such analysis is a demanding and costly task. To lower the efforts needed a number of approaches have been proposed, the most common are automatic data collection and reference models. However these approaches are all still very immature and not efficient enough for the discipline, especially when it comes to using the models for analysis and not only for documentation and communication purposes. In this paper we propose a format for representing reference models focusing on analysis. The format is tested with a case in a large European project focusing on security in advanced metering infrastructure. Thus we have, based on the format, created a reference model for smart metering architecture and cyber security analysis. On a theoretical level we discuss the potential impact such a reference model can have.

  • 46.
    Korman, Matus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Elkraftteknik.
    Robert, Lagerström
    KTH, Skolan för elektro- och systemteknik (EES), Elkraftteknik.
    Mathias, Ekstedt
    KTH, Skolan för elektro- och systemteknik (EES), Elkraftteknik.
    Rikard, Blom
    KTH.
    Technology Management through Architecture Reference Models: A Smart Metering Case2016Inngår i: Proceedings of 2016 Portland International Conference on Management of Engineering and Technology, 2016Konferansepaper (Fagfellevurdert)
  • 47.
    Korman, Matus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Nätverk och systemteknik.
    Välja, Margus
    KTH, Skolan för elektro- och systemteknik (EES), Nätverk och systemteknik.
    Björkman, Gunnar
    KTH, Skolan för elektro- och systemteknik (EES), Elkraftteknik.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Nätverk och systemteknik.
    Vernotte, Alexandre
    KTH, Skolan för elektro- och systemteknik (EES), Nätverk och systemteknik.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Nätverk och systemteknik.
    Analyzing the effectiveness of attack countermeasures in a SCADA system2017Inngår i: Proceedings - 2017 2nd Workshop on Cyber-Physical Security and Resilience in Smart Grids, CPSR-SG 2017 (part of CPS Week), Association for Computing Machinery, Inc , 2017, s. 73-78Konferansepaper (Fagfellevurdert)
    Abstract [en]

    The SCADA infrastructure is a key component for power grid operations. Securing the SCADA infrastructure against cyber intrusions is thus vital for a well-functioning power grid. However, the task remains a particular challenge, not the least since not all available security mechanisms are easily deployable in these reliability-critical and complex, multi-vendor environments that host modern systems alongside legacy ones, to support a range of sensitive power grid operations. This paper examines how effective a few countermeasures are likely to be in SCADA environments, including those that are commonly considered out of bounds. The results show that granular network segmentation is a particularly effective countermeasure, followed by frequent patching of systems (which is unfortunately still difficult to date). The results also show that the enforcement of a password policy and restrictive network configuration including whitelisting of devices contributes to increased security, though best in combination with granular network segmentation.

  • 48.
    König, Johan
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Zhu, Kun
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Nordström, Lars
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Mapping the Substation Configuration Language of IEC 61850 to ArchiMate2010Inngår i: Proceedings - IEEE International Enterprise Distributed Object Computing Workshop, EDOC, IEEE , 2010, s. 60-68Konferansepaper (Fagfellevurdert)
    Abstract [en]

    This paper presents a mapping between the Enterprise Architecture framework ArchiMate and the Substation Configuration Language (SCL) of IEC 61850. Enterprise Architecture (EA) is a discipline for managing an enterprise's information system portfolio in relation to the supported business. Metamodels, descriptive models on how to model and one of the core components of EA, can assist stakeholders in many ways, for example in decision-making. Moreover, the power industry is a domain with an augmented reliance on the support of information systems. IEC 61850 is a standard for the design of Substation Automation (SA) systems and provides a vendor independent framework for interoperability by defining communication networks and functions. The SCL is a descriptive language in IEC 61850 on the configuration of substation Intelligent Electronic Devices (IED) which describes the structure together with physical components and their relating functions. By using SCL, which models the architecture of SA systems, and mapping it to ArchiMate, stakeholders are assisted in understanding their SA system and its architecture. The mapping is intended to support the integration of SA systems applying IEC 61850 into the enterprise architecture. The mapping is demonstrated with an example applying the mapping to a SA configuration based on SCL.

  • 49.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Analyzing System Maintainability using Enterprise Architecture Models2007Inngår i: Proceedings of the Second Workshop on Trends in Enterprise Architecture Research (TEAR 2007) / [ed] Marc M. Lankhorst and Pontus Johnson, Telematica Instituut , 2007, s. 31-39Konferansepaper (Fagfellevurdert)
    Abstract [en]

    A fast and continuously changing business environment demands flexible software systems easy to modify and maintain. Due to the extent of interconnection between systems and the internal quality of each system many IT-decision makers find it difficult predicting the effort of making changes to their systems. To aid IT-decision makers in making better decisions regarding what modifications to make to their systems, this paper proposes extended influence diagrams and enterprise architecture models for maintainability analysis. A framework for assessing maintainability using enterprise architecture models is presented and the approach is illustrated by a fictional example decision situation.

  • 50.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Analyzing System Maintainability using Enterprise Architecture Models2007Inngår i: Journal of Enterprise Architecture, ISSN 2166-6768, Vol. 3, nr 4, s. 33-41Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    A fast and continuously changing business environment demands flexible softwaresystems easy to modify and maintain. Due to the extent of interconnection betweensystems and the internal quality of each system many IT decision-makers find it difficultpredicting the effort of making changes to their systems. To aid IT-decision makers inmaking better decisions regarding what modifications to make to their systems, thisarticle proposes extended influence diagrams and enterprise architecture models formaintainability analysis. A framework for assessing maintainability using enterprisearchitecture models is presented and the approach is illustrated by a fictional exampledecision situation.

123 1 - 50 of 111
RefereraExporteraLink til resultatlisten
Permanent link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf