Endre søk
Begrens søket
1 - 47 of 47
RefereraExporteraLink til resultatlisten
Permanent link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Treff pr side
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sortering
  • Standard (Relevans)
  • Forfatter A-Ø
  • Forfatter Ø-A
  • Tittel A-Ø
  • Tittel Ø-A
  • Type publikasjon A-Ø
  • Type publikasjon Ø-A
  • Eldste først
  • Nyeste først
  • Skapad (Eldste først)
  • Skapad (Nyeste først)
  • Senast uppdaterad (Eldste først)
  • Senast uppdaterad (Nyeste først)
  • Disputationsdatum (tidligste først)
  • Disputationsdatum (siste først)
  • Standard (Relevans)
  • Forfatter A-Ø
  • Forfatter Ø-A
  • Tittel A-Ø
  • Tittel Ø-A
  • Type publikasjon A-Ø
  • Type publikasjon Ø-A
  • Eldste først
  • Nyeste først
  • Skapad (Eldste først)
  • Skapad (Nyeste først)
  • Senast uppdaterad (Eldste først)
  • Senast uppdaterad (Nyeste først)
  • Disputationsdatum (tidligste først)
  • Disputationsdatum (siste først)
Merk
Maxantalet träffar du kan exportera från sökgränssnittet är 250. Vid större uttag använd dig av utsökningar.
  • 1.
    Björkman, Gunnar
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Hadeli, Hadeli
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Zhu, Kun
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Chenine, Moustafa
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    SCADA system architectures2010Annet (Annet vitenskapelig)
    Abstract [en]

    The aim of deliverable 2.3 in the VIKING is to catalogue architecture patterns or reference architectures, i.e. commonly deployed solutions, for SCADA systems. These patterns are represented as a set of descriptions that capture the vast majority of SCADA systems’ architecture on a high level. The patterns developed in this report focus on: - Software services in SCADA systems and software services which SCADA systems exchange data with. - Data flows among these services. - How services are placed in different security zones (network zones). The purpose of the SCADA architecture patterns is to clarify how SCADA systems are commonly designed by employing a stringent model framework. Internal in the project the SCADA patterns will be used to develop SCADA system design models that reflect some typical systems deployed in industry. These models will be used in other work packages and deliverables in the VIKING project.

  • 2.
    Björkman, Gunnar
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Nordström, Lars
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Information system architectures in electrical distribution utilities2010Inngår i: Proceedings of the 9th Nordic Electricity Distribution and Asset Management Conference, 2010Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Computerized control systems have been used in many years to supervise and control power distribution. These systems, which often are referred to as SCADA (Supervisory Control And Data Acquisition) systems, have in recent been more and more interconnected to other systems in recent years. In modern utilities various kinds of data are exchanged between the distribution management systems and the administrative systems located in the office network. For example are operational statistics, trouble reports and switch orders often communicated between the office systems and the systems inside the control center. This paper desccribes a survey over state-of-practice architectures in electrical distribution utilities. A set of system-services have been identified together with the interfaces that typically exists between these services. How these services are located within different zones within utilities is also identified. The set services, the data flows, and the location of these has been reviewed and validated by vendors of SCADA systems in the electric utility industry.

  • 3. Buckl, S.
    et al.
    Franke, Ulrik
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Holschke, O.
    Matthes, F.
    Schweda, C. M.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ullberg, Johan
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    A pattern-based approach to quantitative enterprise architecture analysis2009Inngår i: 15th Americas Conference on Information Systems 2009, AMCIS 2009, 2009, s. 2314-2324Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Enterprise Architecture (EA) management involves tasks that substantially contribute to the operations of an enterprise, and to its sustainable market presence. One important aspect of this is the availability of services to customers. However, the increasing interconnectedness of systems with other systems and with business processes makes it difficult to get a clear view on change impacts and dependency structures. While management level decision makers need this information to make sound decisions, EA models often do not include quality attributes (such as availability), and very rarely provide quantitative means to assess them. We address these shortcomings by augmenting an information model for EA modeling with concepts from Probabilistic Relational Models, thus enabling quantitative analysis. A sample business case is evaluated as an example of the technique, showing how decision makers can benefit from information on availability impacts on enterprise business services.

  • 4.
    Buschle, Markus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Holm, Hannes
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Shahzad, Khurram
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    A tool for automatic enterprise architecture modeling2011Inngår i: Proceedings of the CAiSE Forum 2011, 2011, s. 25-32Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Enterprise architecture is an approach which aim to provide decision support based on organization-wide models. The creation of these models is however cumbersome as multiple aspects of an organization need to be considered. The Enterprise Architecture approach would be significantly less demanding if data used to create the models could be collected automatically. This paper illustrates how a vulnerability scanner can be utilized for data collection in order to automatically create enterprise architecture models. We show how this approach can be realized by extending an earlier presented Enterprise Architecture tool. An example is provided through a case study applying the tool on a real network.

  • 5.
    Buschle, Markus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Holm, Hannes
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Shahzad, Khurram
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    A Tool for automatic Enterprise Architecture modeling2012Inngår i: IS Olympics: Information Systems in a Diverse World, Springer, 2012, s. 1-15Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Enterprise Architecture is an approach which aims to provide decision support based on organization-wide models. The creation of these models is however cumbersome as multiple aspects of an organization need to be considered. The Enterprise Architecture approach would be significantly less demanding if data used to create the models could be collected automatically. This paper illustrates how a vulnerability scanner can be utilized for data collection in order to automatically create Enterprise Architecture models, especially covering infrastructure aspects. We show how this approach can be realized by extending an earlier presented Enterprise Architecture tool. An example is provided through a case study applying the tool on a real network.

  • 6.
    Buschle, Markus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ullberg, Johan
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Franke, Ulrik
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    A tool for enterprise architecture analysis using the PRM formalism2010Inngår i: CEUR Workshop Proceedings, 2010Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Enterprise architecture advocates model-based decision-making on enterprise-wide information system issues. In order to provide decisionmaking support, enterprise architecture models should not only be descriptive but also enable analysis. This paper presents a software tool, currently under development, for the evaluation of enterprise architecture models. In particular, the paper focuses on how to encode scientific theories so that they can be used for model-based analysis and reasoning under uncertainty. The tool architecture is described, and a case study shows how the tool supports the process of enterprise architecture analysis.

  • 7.
    Buschle, Markus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ullberg, Johan
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Franke, Ulrik
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    A Tool for Enterprise Architecture Analysis Using the PRM Formalism2011Inngår i: INFORMATION SYSTEMS EVOLUTION / [ed] Soffer P; Proper E, 2011, Vol. 72, s. 108-121Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Enterprise architecture advocates for model-based decision-making on enterprise-wide information system issues. In order to provide decision-making support, enterprise architecture models should not only be descriptive but also enable analysis. This paper presents a software tool, currently under development, for the evaluation of enterprise architecture models. In particular, the paper focuses on how to encode scientific theories so that they can be used for model-based analysis and reasoning under uncertainty. The tool architecture is described, and a case study shows how the tool supports the process of enterprise architecture analysis.

  • 8.
    Ekstedt, Mathias
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Franke, Ulrik
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerstrom, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ullberg, Johan
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Buschle, Markus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    A Tool for Enterprise Architecture Analysis of Maintainability: CSMR 2009, PROCEEDINGS2009Inngår i: EUR CON SFTWR MTNCE REENGR / [ed] Winter A, Knodel J, Los Almitos: IEEE COMPUTER SOC , 2009, s. 327-328Konferansepaper (Fagfellevurdert)
    Abstract [en]

    A tool for Enterprise Architecture analysis using a probabilistic mathematical framework is demonstrated. The Model-View-Controller tool architecture is outlined, before the use of the tool is considered. A sample abstract maintainability model is created, showing the dependence of system maintainability on documentation quality. developer expertise, etc. Finally, a concrete model of an ERP system is discussed.

  • 9.
    Ekstedt, Mathias
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Enterprise Architecture Models for Cyber Security Analysis2009Inngår i: 2009 IEEE/PES POWER SYSTEMS CONFERENCE AND EXPOSITION, NEW YORK: IEEE , 2009, s. 832-837Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Enterprise architecture is a rising discipline that is gaining increasing interest in both industry and academia. It pays attention to the fact that effective management of business and IT needs take a holistic view of the enterprise. Enterprise architecture is based on graphical models as a vehicle for system analysis, design, and communication. Enterprise architecture is also a potential support for control systems management. Unfortunately, when it comes to security analyses, the architectural languages available are not adapted to provide support for this. This presentation focus on research performed as part of the EU seventh framework program VIKING (Vital Infrastructure, Networks, Information and Control Systems Management) and the Swedish Centre of Excellence in Electric Power Engineering, EKC2. The research is focusing on developing and adapting security analyses frameworks to architectural languages on a level where information about control systems' configuration is scarce and thus incomplete and partly unreliable.

  • 10.
    Flores, Waldo Rocha
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Simonsson, Mårten
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Indicators predicting similarities in maturity between processes: An empirical Analysis with 35 European organizations2009Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Compliance audits and IT process evaluations are time-demanding to conduct and methods to simplify and support such evaluations are valuable. This article proposes a set of indicators that can be used to predict similarities in IT process maturity and thereby be used to optimize resource allocations when conducting process maturity evaluations and compliance audits. The indicators have been identified from the COBIT framework and tested against process maturity data from 35 European organizations. Four out of six proposed indicators were supported in the statistical analysis. These indicators can be used as an instrument in COBIT-based maturity evaluations and compliance audits to make the assessment process more resource-efficient.

  • 11.
    Franke, Ulrik
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Defense graphs and Enterprise Architecture for Information Assurance analysis2008Inngår i: Proceedings of the 26th Army Science Conference, 2008Konferansepaper (Fagfellevurdert)
    Abstract [en]

    The JQRR metrics for Information Assurance (IA)and Computer Network Defense (CND) are combinedwith a framework based on defense graphs. This enablesthe use of architectural models for rational decision making,based on the mathematical rigor of extended influencediagrams. A sample abstract model is provided,along with a simple example of its usage to assess accesscontrol vulnerability.

  • 12.
    Franke, Ulrik
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ullberg, Johan
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Decision Support oriented Enterprise Architecture Metamodel Management using Classification Trees2009Inngår i: 2009 13TH ENTERPRISE DISTRIBUTED OBJECT COMPUTING CONFERENCE WORKSHOPS (EDOCW 2009) / [ed] Tosic, V., NEW YORK: IEEE , 2009, s. 328-335Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Models are an integral part of the discipline of Enterprise Architecture (EA). To stay relevant to management decision-making needs, the models need to be based upon suitable metamodels. These metamodels, in turn, need to be properly and continuously maintained. While there exists several methods for metamodel development and maintenance, these typically focus on internal metamodel qualities and metamodel engineering processes, rather than on the actual decision-making needs and their impact on the metamodels used. The present paper employs techniques from information theory and learning classification trees to propose a method for metamodel management based upon the value added by entities and attributes to the decision-making process. This allows for the removal of those metamodel parts that give the least "bang for the bucks" in terms of decision support. The method proposed is illustrated using real data from an ongoing research project on systems modifiability

  • 13.
    Holm, Hannes
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Korman, Matus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    A Manual for the Cyber Security Modeling Language2013Rapport (Annet vitenskapelig)
    Abstract [en]

    The Cyber Security Modeling Language (CySeMoL) is an attack graph toolthat can be used to estimate the cyber security of enterprise architectures. Cy-SeMoL includes theory on how attacks and defenses relate quantitatively; thus,users must only model their assets and how these are connected in order to enablecalculations. This report functions as a manual to facilitate practical usage andunderstanding of CySeMoL.

  • 14.
    Holm, Hannes
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Almroth, Jonas
    Swedish Research Defense Agency.
    Persson, Mats
    Swedish Research Defense Agency.
    A quantitative evaluation of vulnerability scanning2011Inngår i: Information Management & Computer Security, ISSN 0968-5227, E-ISSN 1758-5805, Vol. 19, nr 4, s. 231-247Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    Purpose – The purpose of this paper is to evaluate if automated vulnerability scanning accurately identifies vulnerabilities in computer networks and if this accuracy is contingent on the platforms used.

    Design/methodology/approach – Both qualitative comparisons of functionality and quantitative comparisons of false positives and false negatives are made for seven different scanners. The quantitative assessment includes data from both authenticated and unauthenticated scans. Experiments were conducted on a computer network of 28 hosts with various operating systems, services and vulnerabilities. This network was set up by a team of security researchers and professionals.

    Findings – The data collected in this study show that authenticated vulnerability scanning is usable. However, automated scanning is not able to accurately identify all vulnerabilities present in computer networks. Also, scans of hosts running Windows are more accurate than scans of hosts running Linux.

    Research limitations/implications – This paper focuses on the direct output of automated scans with respect to the vulnerabilities they identify. Areas such as how to interpret the results assessed by each scanner (e.g. regarding remediation guidelines) or aggregating information about individual vulnerabilities into risk measures are out of scope.

    Practical implications – This paper describes how well automated vulnerability scanners perform when it comes to identifying security issues in a network. The findings suggest that a vulnerability scanner is a useable tool to have in your security toolbox given that user credentials are available for the hosts in your network. Manual effort is however needed to complement automated scanning in order to get satisfactory accuracy regarding network security problems.

    Originality/value – Previous studies have focused on the qualitative aspects on vulnerability assessment. This study presents a quantitative evaluation of seven of the most popular vulnerability scanners available on the market.

  • 15.
    Holm, Hannes
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    CySeMoL: A tool for cyber security analysis of enterprises2013Inngår i: CIRED, 2013Konferansepaper (Fagfellevurdert)
    Abstract [en]

    The Cyber Security ModellingLanguage (CySeMoL) is a tool for quantitative cyber security analyses of enterprise architectures. This paper describes the CySeMoL and illustrates its use through an example scenario involving cyber attacks against protection and control assets located inan electrical substation.

  • 16.
    Holm, Hannes
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Vulnerability assessment of SCADA systems2011Rapport (Annet vitenskapelig)
  • 17.
    Holm, Hannes
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Honeth, Nicholas
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Indicators of expert judgement and their significance: An empirical investigation in the area of cyber security2014Inngår i: Expert systems (Print), ISSN 0266-4720, E-ISSN 1468-0394, Vol. 3, nr 4, s. 299-318Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    In situations when data collection through observations is difficult to perform, the use of expert judgement can be justified. A challenge with this approach is, however, to value the credibility of different experts. A natural and state-of-the art approach is to weight the experts' judgements according to their calibration, that is, on the basis of how well their estimates of a studied event agree with actual observations of that event. However, when data collection through observations is difficult to perform, it is often also difficult to estimate the calibration of experts. As a consequence, variables thought to indicate calibration are generally used as a substitute of it in practice. This study evaluates the value of three such indicative variables: consensus, experience and self-proclamation. The significances of these variables are analysed in four surveys covering different domains in cyber security, involving a total of 271 subjects. Results show that consensus is a reasonable indicator of calibration. The mean Pearson correlation between these two variables across the four studies was 0.407. No significant correlations were found between calibration and experience or calibration and self-proclamation. However, as a side result, it was discovered that a subject that perceives itself as more knowledgeable than others likely also is more experienced.

  • 18.
    Holm, Hannes
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Franke, Ulrik
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Expert assessment on the probability of successful remote code execution attacks2011Inngår i: Proceedings of 8th International Workshop on Security in Information Systems - WOSIS 2011, 2011, s. 49-58Konferansepaper (Fagfellevurdert)
    Abstract [en]

    This paper describes a study on how cyber security experts assess the importance of three variables related to the probability of successful remote code execution attacks – presence of: (i) non-executable memory, (ii) access and (iii) exploits for High or Medium vulnerabilities as defined by the Common Vulnerability Scoring System. The rest of the relevant variables were fixed by the environment of a cyber defense exercise where the respondents participated. The questionnaire was fully completed by fifteen experts. These experts perceived access as the most important variable and availability of exploits for High vulnerabilities as more important than Medium vulnerabilities. Non-executable memory was not seen as significant, however, presumably due to lack of address space layout randomization and canaries in the network architecture of the cyber defense exercise scenario.

  • 19.
    Holm, Hannes
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Franke, Ulrik
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Success Rate of Remote Code Execution Attacks: Expert Assessments and Observations2012Inngår i: Journal of universal computer science (Online), ISSN 0948-695X, E-ISSN 0948-6968, Vol. 18, nr 6, s. 732-749Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    This paper describes a study on how cyber security experts assess the importance of three variables related to the probability of successful remote code execution attacks: (i) non-executable memory, (ii) access and (iii) exploits for High or Medium vulnerabilities as defined by the Common Vulnerability Scoring System. The rest of the relevant variables were fixed by the environment of a cyber defense exercise where the respondents participated. The questionnaire was fully completed by fifteen experts. These experts perceived access as the most important variable and availability of exploits for High vulnerabilities as more important than Medium vulnerabilities. Non-executable memory was not seen as significant. Estimates by the experts are compared to observations of actual attacks carried out during the cyber defense exercise. These comparisons show that experts' in general provide fairly inaccurate advice on an abstraction level such as in the present study. However, results also show a prediction model constructed through expert judgment likely is of better quality if the experts' estimates are weighted according to their expertise.

  • 20.
    Johansson, Erik
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Issues of Cyber Security In Scada-Systems-on the Importance of Awareness2009Inngår i: IET Conference Publications, Institution of Engineering and Technology, 2009Konferansepaper (Fagfellevurdert)
    Abstract [en]

    The concern in our society for "cyber attacks" is increasing and cyber security has become a hot topic when it comes to protecting nation's critical infrastructures. A new technological landscape has not only made the SCADA-systems more open but also more vulnerable to cyber attacks due to existing vulnerabilities. An effective state of the art approach for understanding weaknesses of SCADA-systems is to create graphical models over the system architecture, and perform analyses based on this. Based on practical assessments, literature and interviews surveys with both industry professionals and academics this paper highlights some common pitfalls when using graphical models commonly used as a basis for cyber security assessments of SCADA-systems.

  • 21.
    Johansson, Erik
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Security Isssues For SCADA Systems within Power Distribution2008Inngår i: Nordic Distribution and Asset Management Conference (NORDAC 2008), 2008Konferansepaper (Fagfellevurdert)
  • 22.
    Johnson, Pontus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Gammelgård, Magnus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Gustafsson, Pia
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Setting the Business Goals2007Inngår i: Enterprise Architecture: Models and Analyses for Information Systems Decision Making, Studentlitteratur, 2007, s. 73-91Kapittel i bok, del av antologi (Annet vitenskapelig)
  • 23.
    Johnson, Pontus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
     Introduction2007Inngår i: Enterprise Architecture: Models and Analyses for Information Systems Decision Making, Studentlitteratur, 2007, s. 11--36Kapittel i bok, del av antologi (Annet vitenskapelig)
  • 24.
    Johnson, Pontus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johansson, Erik
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ullberg, Johan
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    A tool for enterprise architecture analysis2007Inngår i: 11TH IEEE INTERNATIONAL ENTERPRISE DISTRIBUTED OBJECT COMPUTING CONFERENCE, PROCEEDINGS, LOS ALAMITOS: IEEE COMPUTER SOC , 2007, s. 142-153Konferansepaper (Fagfellevurdert)
    Abstract [en]

    The discipline of enterprise architecture advocates the use of models to support decision-making on enterprise-wide information system issues. In order to provide such support, enterprise architecture models should be amenable to analyses of various properties, as e.g. the availability, performance, interoperability, modifiability, and information security of the modeled enterprise information systems. This paper presents a software tool for such analyses. The tool guides the user in the generation of enterprise architecture models and subjects these models to analyses resulting in quantitative measures of the chosen quality attribute. The paper describes and exemplifies both the architecture and the usage of the tool.

  • 25.
    Lagerström, Robert
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Buschle, Markus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Enterprise architecture managements impact on information technology success2011Inngår i: Proceedings of the Hawaii International Conference on System Sciences (HICSS-44), IEEE , 2011, s. 1-10Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Both practitioners and researchers put forward enterprise architecture management as a mean for achieving success with information technology. Many arguments have been put forward to support the benefits claimed to arise from mature enterprise architecture management and a considerable amount of literature describes the components of mature (successful) enterprise architecture management. However, few studies have empirically tested whether the enterprise architecture management activities impact organizations' success with information technology. This paper tests the relationship between organizations' success with information technology and enterprise architecture management activities. Significant correlations are found between these variables.

  • 26.
    Löf, Fredrik
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Stomberg, Johan
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Hallberg, Jonas
    Swedish Defence Research Agency (FOI).
    Bengtsson, Johan
    Swedish Defence Research Agency (FOI).
    An Approach to Network Security Assessment based on Probalistic Relational Models2010Inngår i: First Workshop on Secure Control Systems (SCS-1), 2010Konferansepaper (Fagfellevurdert)
    Abstract [en]

    To assist rational decision making regarding network security improvements, decision makers need to be able to assess weaknesses in existing or potential new systems. This paper presents a model based assessment framework for analyzing the network security provided by different architectural scenarios. The framework uses a probabilistic relational model to express attack paths and related countermeasures. In this paper, it is demonstrated that this method can be used to support analysis based on architectural models. The approach allows calculating the probability that attacks will succeed given the instantiated architectural scenario. Moreover, the framework is scalable and can handle the uncertainties that accompany an analysis. The method has been applied in a case study of a military network.

  • 27.
    Närman, Per
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sandgren, Sofia
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    A Framework for Assessing the Cost of IT Investments2009Inngår i: PROCEEDINGS OF PICMET 09: TECHNOLOGY MANAGEMENT IN THE AGE OF FUNDAMENTAL CHANGE / [ed] Kocaoglu DF; Anderson TR; Daim TU; Jetter A; Weber CM, NEW YORK: IEEE , 2009, s. 3070-3082Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Assessing life cycle costs of IT is a difficult endeavor. There are several factors that contribute to the life cycle costs of IT. Many of these factors are of a technical nature, such as development costs or integration costs. A substantial part of the costs are, however, caused by organizational factors such as the changes the introduction of an IT-system impose on business processes and the temporary loss of productivity this causes, or the cost of training system users before taking the system into operation. This paper proposes a framework for IT investment cost assessment. The framework integrates factors as proposed by already existing IT cost estimation frameworks and literature on the subject to be able to take into account both technical and organizational factors and cost drivers related to IT life cycle costs. The framework assists in quantifying these factors together with the costs they influence thereby providing more complete and accurate decision-support to executives faced with having to make investment decisions. The paper also describes how the framework's usefulness has been validated in two case studies at a large Nordic power company.

  • 28.
    Rocha Flores, Waldo
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Holm, Hannes
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Assessing Future Value of Investments in Security-Related IT Governance Control Objectives: Surveying IT Professionals2011Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Optimizing investments in IT governance towards a better information security is an understudied topic in the academic literature. Further, collecting empirical evidence by surveying IT professionals on their relative opinion in this matter has not yet been explored to its full potential. This paper has tried to somewhat overcome this gap by surveying IT professionals on the expected future value from investments in security-related IT governance control objectives. The paper has further investigated if there are any control objectives that provide more value than others and are therefore more beneficial to invest in. The Net Present Value (NPV) technique has been used to assess the IT professional’s relative opinion on the generated future value of investments in 19 control objectives. The empirical data was collected through a survey distributed to professionals from the IT security, governance and/or assurance domain and analyzed using standard statistical tools. The results indicate that the vast majority of investments in control objectives is expected to yield a positive NPV, and are beneficial to an organization. This result implies that investments in control objectives are expected to generate future value for a firm, which is an important finding since many of the benefits from an investment are indirectly related and may occur well into the future. The paper moreover contributes in strengthening the link between IT governance and information security.

  • 29.
    Rocha Flores, Waldo
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Holm, Hannes
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Assessing Future Value of Investments in Security-Related IT Governance Control Objectives: Surveying IT Professionals2011Inngår i: Electronic Journal of Information Systems Evaluation, ISSN 1566-6379, E-ISSN 1566-6379, Vol. 14, nr 2, s. 216-227Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    Optimizing investments in IT governance towards a better information security is an understudied topic in the academic literature. Further, collecting empirical evidence by surveying IT professionals on their relative opinion in this matter has not yet been explored to its full potential. This paper has tried to somewhat overcome this gap by surveying IT professionals on the expected future value from investments in security‑related IT governance control objectives. The paper has further investigated if there are any control objectives that provide more value than others and are therefore more beneficial to invest in. The Net Present Value (NPV) technique has been used to assess the IT professional’s relative opinion on the generated future value of investments in 19 control objectives. The empirical data was collected through a survey distributed to professionals from the IT security, governance and/or assurance domain and analyzed using standard statistical tools. The results indicate that the vast majority of investments in control objectives is expected to yield a positive NPV, and are beneficial to an organization. This result implies that investments in control objectives are expected to generate future value for a firm, which is an important finding since many of the benefits from an investment are indirectly related and may occur well into the future. The paper moreover contributes in strengthening the link between IT governance and information security.

  • 30.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    A framework and theory for cyber security assessments2012Doktoravhandling, med artikler (Annet vitenskapelig)
    Abstract [en]

    Information technology (IT) is critical and valuable to our society. An important type of IT system is Supervisor Control And Data Acquisition (SCADA) systems. These systems are used to control and monitor physical industrial processes like electrical power supply, water supply and railroad transport. Since our society is heavily dependent on these industrial processes we are also dependent on the behavior of our SCADA systems. SCADA systems have become (and continue to be) integrated with other IT systems they are thereby becoming increasingly vulnerable to cyber threats. Decision makers need to assess the security that a SCADA system’s architecture offers in order to make informed decisions concerning its appropriateness. However, data collection costs often restrict how much information that can be collected about the SCADA system’s architecture and it is difficult for a decision maker to know how important different variables are or what their value mean for the SCADA system’s security.

    The contribution of this thesis is a modeling framework and a theory to support cyber security vulnerability assessments. It has a particular focus on SCADA systems. The thesis is a composite of six papers. Paper A describes a template stating how probabilistic relational models can be used to connect architecture models with cyber security theory. Papers B through E contribute with theory on operational security. More precisely, they contribute with theory on: discovery of software vulnerabilities (paper B), remote arbitrary code exploits (paper C), intrusion detection (paper D) and denial-of-service attacks (paper E). Paper F describes how the contribution of paper A is combined with the contributions of papers B through E and other operationalized cyber security theory. The result is a decision support tool called the Cyber Security Modeling Language (CySeMoL). This tool produces a vulnerability assessment for a system based on an architecture model of it.

  • 31.
    Sommestad, Teodor
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Holm, Hannes
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    The Cyber Security Modeling Language: A Tool for Assessing the Vulnerability of Enterprise System Architectures2013Inngår i: IEEE Systems Journal, ISSN 1932-8184, E-ISSN 1937-9234, Vol. 7, nr 3, s. 363-373Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    The cyber security modeling language (CySeMoL) is a modeling language for enterprise-level system architectures coupled to a probabilistic inference engine. If the computer systems of an enterprise are modeled with CySeMoL, this inference engine can assess the probability that attacks on the systems will succeed. The theory used for the attack-probability calculations in CySeMoL is a compilation of research results on a number of security domains and covers a range of attacks and countermeasures. The theory has previously been validated on a component level. In this paper, the theory is also validated on a system level. A test indicates that the reasonableness and correctness of CySeMoL assessments compare with the reasonableness and correctness of the assessments of a security professional. CySeMoL's utility has been tested in case studies.

  • 32.
    Sommestad, Teodor
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Holm, Hannes
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Afzal, Muhammad
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Security mistakes in information system deployment projects2011Inngår i: Information Management & Computer Security, ISSN 0968-5227, E-ISSN 1758-5805, Vol. 19, nr 2, s. 80-94Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    Purpose - This paper aims to assess the influence of a set of human and organizational factors in information system deployments on the probability that a number of security-related mistakes are in the deployment. Design/methodology/approach - A Bayesian network (BN) is created and analyzed over the relationship between mistakes and causes. The BN is created by eliciting qualitative and quantitative data from experts of industrial control system deployments in the critical infrastructure domain. Findings - The data collected in this study show that domain experts have a shared perception of how strong the influence of human and organizational factors are. According to domain experts, this influence is strong. This study also finds that security flaws are common in industrial control systems operating critical infrastructure. Research limitations/implications - The model presented in this study is created with the help of a number of domain experts. While they agree on qualitative structure and quantitative parameters, future work should assure that their opinion is generally accurate. Practical implications - The influence of a set of important variables related to organizational/human aspects on information security flaws is presented. Social implications - The context of this study is deployments of systems that operate nations' critical infrastructure. The findings suggest that initiatives to secure such infrastructures should not be purely technical. Originality/value - Previous studies have focused on either the causes of security flaws or the actual flaws that can exist in installed information systems. However, little research has been spent on the relationship between them. The model presented in this paper quantifies such relationships.

  • 33.
    Sommestad, Teodor
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    A probabilistic relational model for security risk analysis2010Inngår i: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 29, nr 6, s. 659-679Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    Information system security risk, defined as the product of the monetary losses associated with security incidents and the probability that they occur, is a suitable decision criterion when considering different information system architectures. This paper describes how probabilistic relational models can be used to specify architecture metamodels so that security risk can be inferred from metamodel instantiations. A probabilistic relational model contains classes, attributes, and class-relationships. It can be used to specify architectural metamodels similar to class diagrams in the Unified Modeling Language. In addition, a probabilistic relational model makes it possible to associate a probabilistic dependency model to the attributes of classes in the architectural metamodel. This paper proposes a set of abstract classes that can be used to create probabilistic relational models so that they enable inference of security risk from instantiated architecture models. If an architecture metamodel is created by specializing the abstract classes proposed in this paper, the instantiations of the metamodel will generate a probabilistic dependency model that can be used to calculate the security risk associated with these instantiations. The abstract classes make it possible to derive the dependency model and calculate security risk from an instance model that only specifies assets and their relationships to each other. Hence, the person instantiating the architecture metamodel is not required to assess complex security attributes to quantify security risk using the instance model.

  • 34.
    Sommestad, Teodor
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Combining defense graphs and enterprise architecture models for security analysis2008Inngår i: Proceedings - 12th IEEE International Enterprise Distributed Object Computing Conference, EDOC 2008, 2008, s. 349-355Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Security is dependent on a mixture of interrelated concepts such as technical countermeasures, organizational policies, security procedures, and more. To facilitate rational decision making, these concepts need to be combined into an overall judgment on the current security posture, as well as potential future ones. Decision makers are, however, faced with uncertainty regarding both what countermeasures that is in place, and how well different countermeasures contribute to mitigating attacks. This paper presents a security assessment framework using the Bayesian statistics-based Extended Influence Diagrams to combine attack graphs with countermeasures into defense graphs. The approach makes it possible to calculate the probability that attacks succeed based on an enterprise architecture model. The framework also takes uncertainties of the security assessment into consideration. Moreover, using the extended influence diagram formalism the expected loss from each attack can be calculated.

  • 35.
    Sommestad, Teodor
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Cyber Security Risks Assessment with Bayesian Defense Graphs and Architectural Models2009Inngår i: Proceedings of the 42nd Annual Hawaii International Conference on System Sciences, HICSS, x , 2009Konferansepaper (Fagfellevurdert)
    Abstract [en]

    To facilitate rational decision making regarding cyber security investments, decision makers need to be able to assess expected losses before and after potential investments. This paper presents a model based assessment framework for analyzing the cyber security provided by different architectural scenarios. The framework uses the Bayesian statistics based Extended Influence Diagrams to express attack graphs and related countermeasures. In this paper it is demonstrated how this structure can be captured in an abstract model to support analysis based on architectural models. The approach allows calculating the probability that attacks will succeed and the expected loss of these given the instantiated architectural scenario. Moreover, the framework can handle the uncertainties that are accompanied to the analyses. In architectural analysis there are uncertainties acquainted both to the scenario and its properties, as well as to the analysis framework that stipulates how security countermeasures contribute to cyber security.

  • 36.
    Sommestad, Teodor
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Nordström, Lars
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    A case study applying the cyber security modeling language2010Inngår i: 43rd International Conference on Large High Voltage Electric Systems 2010, CIGRE 2010, 2010Konferansepaper (Fagfellevurdert)
    Abstract [en]

    The operation of the power system is today highly dependent on computerized control systems. These SCADA systems resemble the central nervous system of the power system. At the same time as control systems enables more efficient, qualitative, and safe power systems, their vulnerabilities are also vulnerabilities to the power system. This paper presents a modeling language specifically developed for assessing the cyber security of SCADA systems. The modeling language uses the formalism Probabilistic Relational Models to integrate a mathematical inference engine with the modeling notation. If a SCADA system is modeled using this cyber security modeling language the cyber security of this SCADA system can be assessed probabilistically. Given a graphical description of a system, a quantitative analysis of threats is provided. This makes it possible to use the framework for evaluating the current solution as well as elaborate with what-if scenarios and the trade-offs between these. This cyber security modeling language could for example be used to model two control centers and the communication between them together with security mechanisms such as access control and communication protection The modeling language can also be used to describe a complete SCADA system and infer its security. The data associated with the probabilistic inference engine is only preliminary. In this paper we present a case study where cyber security modeling language has been applied to assess the security of a SCADA system. It is demonstrated how the modeling language can be applied and how a value for security can be inferred from architectural models (using the preliminary data). Future work will focus on the quantitative side of the modeling language. Probabilities will be elicited from literature, experiments, and field studies and through the opinion of domain experts. A tool is also being developed to support inference and analysis.

  • 37.
    Sommestad, Teodor
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Nordström, Lars
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Modeling Security of Power Communication Systems Using Defense Graphs and Influence Diagrams2009Inngår i: IEEE Transactions on Power Delivery, ISSN 0885-8977, E-ISSN 1937-4208, Vol. 24, nr 4, s. 1801-1808Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    The purpose of this paper is to present a framework for assessing the security of wide-area networks(WANs) used to operate electrical power systems. The framework is based on the formalism influence diagrams and the concept of defense graphs and facilitates a so-called consequence-based analysis of the security problem. The framework is also capable of managing uncertainties, both related to the efficacy of countermeasures and the actual posture of the supervisory control and data-acquisition system. A model over WAN attacks and countermeasures and experiences from applying the framework are described.

  • 38.
    Sommestad, Teodor
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ericsson, Göran N.
    Nordlander, Jakob
    SCADA System Cyber Security - A Comparison of Standards2010Inngår i: IEEE PES General Meeting, PES 2010, 2010, s. 5590215-Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Cyber security of Supervisory Control And Data Acquisition (SCADA) systems has become very important. SCADA systems are vital for operation and control of critical infrastructures, such as the electrical power system. Therefore, a number of standards and guidelines have been developed to support electric power utilities in their cyber security efforts. This paper compares different SCADA cyber security standards and guidelines with respect to threats and countermeasures they describe. Also, a comparison with the international standard ISO/IEC 17799 (now ISO/IEC 27002) is made. The method used is based on a comparison of use of certain key issues in the standards, after being grouped into different categories. The occurrences of the key issues are counted and comparisons are made. It is concluded that SCADA specific standards are more focused on technical countermeasures, such as firewalls and intrusion detection, whereas ISO/IEC 17799 is more focused on organizational countermeasures.

  • 39.
    Sommestad, Teodor
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Holm, Hannes
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Effort estimates for vulnerability discovery projects2012Inngår i: Proceedings of the 45th Hawaii International Conference on System Sciences, 2012, s. 5564-5573Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Security vulnerabilities continue to be an issue in the software field and new severe vulnerabilities are discovered in software products each month. This paper analyzes estimates from domain experts on the amount of effort required for a penetration tester to find a zero-day vulnerability in a software product. Estimates are developed using Cooke's classical method for 16 types of vulnerability discovery projects – each corresponding to a configuration of four security measures. The estimates indicate that, regardless of project type, two weeks of testing are enough to discover a software vulnerability of high severity with fifty percent chance. In some project types an eight-to-five-week is enough to find a zero-day vulnerability with 95 percent probability. While all studied measures increase the effort required for the penetration tester none of them have a striking impact on the effort required to find a vulnerability.

  • 40.
    Sommestad, Teodor
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Holm, Hannes
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Estimates of Success Rates of Denial-of-Service Attacks2011Inngår i: 2011 IEEE 10th International Conference: Trust, Security and Privacy in Computing and Communications (TrustCom), IEEE conference proceedings, 2011, s. 21-28Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Denial-of-service (DoS) attacks are an imminent and real threat to many enterprises. Decision makers in these enterprises need be able to assess the risk associated with such attacks and to make decisions regarding measures to put in place to increase the security posture of their systems. Experiments, simulations and analytical research have produced data related to DoS attacks. However, these results have been produced for different environments and are difficult to interpret, compare, and aggregate for the purpose of decision making. This paper aims to summarize knowledge available in the field by synthesizing the judgment of 23 domain experts using an establishing method for expert judgment analysis. Different system architecture's vulnerability to DoS attacks are assessed together with the impact of a number of countermeasures against DoS attacks.

  • 41.
    Sommestad, Teodor
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Holm, Hannes
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Estimates of success rates of remote arbitrary code execution attacks2012Inngår i: Information Management & Computer Security, ISSN 0968-5227, E-ISSN 1758-5805, Vol. 20, nr 2, s. 107-122Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    Purpose: The purpose of this paper is to identify the importance of the factors that influence the success rate of remote arbitrary code execution attacks. In other words, attacks which use software vulnerabilities to execute the attacker's own code on targeted machines. Both attacks against servers and attacks against clients are studied. Design/methodology/approach: The success rates of attacks are assessed for 24 scenarios: 16 scenarios for server-side attacks and eight for client-side attacks. The assessment is made through domain experts and is synthesized using Cooke's classical method, an established method for weighting experts' judgments. The variables included in the study were selected based on the literature, a pilot study, and interviews with domain experts. Findings: Depending on the scenario in question, the expected success rate varies between 15 and 67 percent for server-side attacks and between 43 and 67 percent for client-side attacks. Based on these scenarios, the influence of different protective measures is identified. Practical implications: The results of this study offer guidance to decision makers on how to best secure their assets against remote code execution attacks. These results also indicate the overall risk posed by this type of attack. Originality/value: Attacks that use software vulnerabilities to execute code on targeted machines are common and pose a serious risk to most enterprises. However, there are no quantitative data on how difficult such attacks are to execute or on how effective security measures are against them. The paper provides such data using a structured technique to combine expert judgments.

  • 42.
    Sommestad, Teodor
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Holm, Hannes
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Threats and vulnerabilities, final report2011Rapport (Annet vitenskapelig)
  • 43.
    Sommestad, Teodor
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Holm, Hannes
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Honeth, Nicholas
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Quantifying the effectiveness of intrusion detection systems in operation through domain expertsArtikkel i tidsskrift (Annet vitenskapelig)
    Abstract [en]

    An intrusion detection system is a security measure that can help system administrators in enterprise environments to detect attacks made against networks and their hosts. Evaluating the effectiveness of IDSs by experiments or observations is however difficult and costly. This paper describes the result of a study where 165 domain experts in the intrusion detection field estimated the effectiveness of 24 different scenarios pertaining to detection of remote arbitrary code exploits.

  • 44.
    Sommestad, Teodor
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Holm, Hannes
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Honeth, Nicholas
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Quantifying the Effectivenness of Intrusion Detection Systems in Operation through Domain Experts2014Inngår i: Journal of Information System Security, ISSN 1551-0123, E-ISSN 1551-0808, Vol. 10, nr 2, s. 3-35Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    An intrusion detection system (IDS) is a security measure that can help system administrators in enterprise environments detect attacks made against computer networks. In order to be a good enterprise security measure, the IDS solution should be effective when it comes to making system operators aware of on-going cyber-attacks. However, it is difficult and costly to evaluate the effectiveness of IDSs by experiments or observations. This paper describes the result of an alternative approach to studying this topic. The effectiveness of 24 different IDS solution scenarios pertaining to remote arbitrary code exploits is evaluated by 165 domain experts. The respondents’ answers were then combined according to Cooke’s classical method, in which respondents are weighted based on how well they perform on a set of test questions. Results show that the single most important factor is whether either a host-based IDS, or a network-based IDS is in place. Assuming that either one or the other is in place, the most important course of action is to tune the IDS to its environment. The results also show that an updated signature database influences the effectiveness of the IDS less than if the vulnerability that is being exploited is well-known and is possible to patch or not.

  • 45.
    Sommestad, Teodor
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lilliesköld, Joakim
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Development of an effort estimation model: a case study on delivery projects at a leading IT provider within the electric utility industry2010Inngår i: International Journal of Services Technology and Management, ISSN 1460-6720, E-ISSN 1741-525X, Vol. 13, nr 1-2, s. 152-169Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    When projects are sold with fixed prices, it is utterly important to quickly and accurately estimate the effort required to enable an optimal bidding. This paper desccribes a study performed at a leading IT provider within the electric utility industry, with the purpose of improving the ability to early produce effort estimates of projects where standard functionality is delivered. In absence reliable historic data, an estimation model suitable for incorporating expert estimates was developed. The model is based on decomposition of projects and bottom-up estimation of them, where impact of relevant variables is estimated by assessing discrete scenarios. In addition to a estimating the expected effort of a project the uncertainty of provided estimates are visualised. Together with the transparency of the model this makes it possible to analyse and refine the estimates as more details of a project are known.

  • 46.
    Sommestad, Teodor
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lilliesköld, Joakim
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Development of an effort estimation model: A case study on delivery projects at a leading IT provider within the electric utility industry2007Inngår i: PICMET '07: PORTLAND INTERNATIONAL CENTER FOR MANAGEMENT OF ENGINEERING AND TECHNOLOGY, VOLS 1-6, PROCEEDINGS - MANAGEMENT OF CONVERGING TECHNOLOGIES, PORTLAND: PICMET , 2007, s. 2175-2185Konferansepaper (Fagfellevurdert)
    Abstract [en]

    When projects are sold with fixed prices, it is utterly important to quickly and accurately estimate the effort required to enable an optimal bidding. This paper describes a case study performed at a leading IT provider within the electric utility industry, with the purpose of improving the ability to early produce effort estimates of projects where standard functionality is delivered. The absence of reliable historic data made expert judgment the only appropriate foundation for estimates, with difficulties of quickly develop estimates and reuse or modify estimates already made. To overcome these troubling issues, the expert estimates were incorporated into a model where they and the factors influencing them are traceable and readily expressed. The model is based on decomposition of projects and bottom-up estimation of them, where impact of relevant variables is estimated by assessing discrete scenarios. It provides quick and straightforward means of developing estimates of the decomposed elements and whole projects in various circumstances, where not only expected effort is considered, but the uncertainty of the individual estimates is visualized as well. Which together with the traceability enables the estimates produced by the model to be assessed, analyzed and refined as more details of the project is known.

  • 47.
    Xiaofeng, Yu
    et al.
    State Key Lab. for Novel Software Technol., Nanjing Univ., Nanjing.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Fung, Casey
    Boeing Phantom Works, USA.
    Hung, Patrick C. K.
    University of Ontario Institute of Technology, Canada.
    Emergency Response Framework for Aviation XML Services on MANET2008Inngår i: Proceedings of the IEEE International Conference on Web Services, ICWS 2008, IEEE , 2008, s. 304-311Konferansepaper (Fagfellevurdert)
    Abstract [en]

    A XML service is a software component that supports interoperable application-to-application interaction over a network. Each service makes its functionality available through well-defined or standardized XML interfaces. Aviation XML services refer to the services that make operating an airplane in air and on ground possible. In this paper, we present an emergency response framework to organize the aviation XML services to work cooperatively on mobile ad-hoc networks (MANETs). A MANET is defined as a self-organized and rapidly deployed network of XML services in order to exchange information without using any pre-existing fixed network infrastructure. Note that the framework does not have to be limited to the aviation sector. The methodology can also be adopted into other MANET computing scenarios including: natural disaster communications (e.g., tsunami, earthquakes), emergency relief scenarios, car-based networks, and the provision of wireless connectivity in remote areas.

1 - 47 of 47
RefereraExporteraLink til resultatlisten
Permanent link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf