kth.sePublications
Change search
Refine search result
1 - 11 of 11
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Katsikeas, Sotirios
    et al.
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Rencelj Ling, Engla
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Johnsson, Pontus
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Ekstedt, Mathias
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Empirical evaluation of a threat modeling language as a cybersecurity assessment tool2024In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 140, article id 103743Article in journal (Refereed)
    Abstract [en]

    The complexity of ICT infrastructures is continuously increasing, presenting a formidable challenge in safeguarding them against cyber attacks. In light of escalating cyber threats and limited availability of expert resources, organizations must explore more efficient approaches to assess their resilience and undertake proactive measures. Threat modeling is an effective approach for assessing the cyber resilience of ICT systems. One method is to utilize Attack Graphs, which visually represent the steps taken by adversaries during an attack. Previously, MAL (the Meta Attack Language) was proposed, which serves as a framework for developing Domain-Specific Languages (DSLs) and generating Attack Graphs for modeled infrastructures. coreLang is a MAL-based threat modeling language that utilizes such Attack Graphs to enable attack simulations and security assessments for the generic ICT domain. Developing domain-specific languages for threat modeling and attack simulations provides a powerful approach for conducting security assessments of infrastructures. However, ensuring the correctness of these modeling languages raises a separate research question. In this study we conduct an empirical experiment aiming to falsify such a domain-specific threat modeling language. The potential inability to falsify the language through our empirical testing would lead to its corroboration, strengthening our belief in its validity within the parameters of our study. The outcomes of this approach indicated that, on average, the assessments generated by attack simulations outperformed those of human experts. Additionally, both human experts and simulations exhibited significantly superior performance compared to random guessers in their assessments. While specific human experts occasionally achieved better assessments for particular questions in the experiments, the efficiency of simulation-generated assessments surpasses that of human domain experts.

  • 2.
    Raavikanti, Sashikanth
    et al.
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Hacks, Simon
    Stockholm University, Stockholm, Sweden.
    Katsikeas, Sotirios
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    A Recommender Plug-in for Enterprise Architecture Models2023In: Proceedings of the 25th International Conference on Enterprise Information Systems - Volume 2, ICEIS 2023, INSTICC , 2023, p. 474-480Conference paper (Refereed)
    Abstract [en]

    IT has evolved over the decades, where its role and impact have transitioned from being a tactical tool to a more strategic one for driving business strategies to transform organizations. The right alignment between IT strategy and business has become a compelling factor for Chief Information Officers and Enterprise Architecture (EA) in practice is one of the approaches where this alignment can be achieved. Enterprise Modeling complements EA with models that are composed of enterprise components and relationships, that are stored in a repository. Over time, the repository grows which opens up research avenues to provide data intelligence. Recommender Systems is a field that can take different forms in the modeling domain and each form of recommendation can be enhanced with sophisticated models over time. Within this work, we focus on the latter problem by providing a recommender architecture framework eases the integration of different Recommender Systems. Thus, researchers can easily compare the performance of different recommender systems for EA models. The framework is developed as a distributed plugin for Archi, a widely used modeling tool to create EA models in the ArchiMate notation.

  • 3.
    Heiding, Fredrik
    et al.
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Katsikeas, Sotirios
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Lagerström, Robert
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Research communities in cyber security vulnerability assessments: A comprehensive literature review2023In: Computer Science Review, ISSN 1574-0137, E-ISSN 1876-7745, Vol. 48, article id 100551Article, review/survey (Refereed)
    Abstract [en]

    Ethical hacking and vulnerability assessments are gaining rapid momentum as academic fields of study. Still, it is sometimes unclear what research areas are included in the categories and how they fit into the traditional academic framework. Previous studies have reviewed literature in the field, but the attempts use manual analysis and thus fail to provide a comprehensive view of the domain. To better understand how the area is treated within academia, 537,629 related articles from the Scopus database were analyzed. A Python script was used for data mining as well as analysis of the data, and 23,459 articles were included in the final synthesis. The publication dates of the articles ranged from 1975 to 2022. They were authored by 53,495 authors and produced an aggregated total of 836,956 citations. Fifteen research communities were detected using the Louvain community detection algorithm: (smart grids, attack graphs, security testing, software vulnerabilities, Internet of Things (IoT), network vulnerability, vulnerability analysis, Android, cascading failures, authentication, Software-Defined Networking (SDN), spoofing attacks, malware, trust models, and red teaming). In addition, each community had several individual subcommunities, constituting a total of 126. From the trends of the analyzed studies, it is clear that research interest in ethical hacking and vulnerability assessment is increasing.

  • 4.
    Hacks, Simon
    et al.
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering. University of Southern Denmark, Odense, Denmark.
    Katsikeas, Sotirios
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Rencelj Ling, Engla
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Xiong, Wenjun
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Pfeiffer, Jerome
    Wortmann, Andreas
    Towards a Systematic Method for Developing Meta Attack Language Instances2022In: Enterprise, Business-Process and Information Systems Modeling 23rd International Conference, BPMDS 2022 and 27th International Conference, EMMSAD 2022, Held at CAiSE 2022, Leuven, Belgium, June 6–7, 2022, Proceedings, Springer Nature , 2022, Vol. 450, p. 139-154Conference paper (Refereed)
    Abstract [en]

    Successfully developing domain-specific languages (DSLs) demands language engineers to consider their organizational context, which is challenging. Action design research (ADR) provides a conceptual framework to address this challenge. Since ADR’s application to the engineering of DSLs has not yet been examined, we investigate applying it to the development of threat modeling DSLs based on the Meta Attack Language (MAL), a metamodeling language for the specification of domain-specific threat modeling languages. To this end, we conducted a survey with experienced MAL developers on their development activities. We extract guidelines and align these, together with established DSL design guidelines, to the conceptual model of ADR. The research presented, aims to be the first step to investigate whether ADR can be used to systematically engineer DSLs.

  • 5.
    Katsikeas, Sotirios
    et al.
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Johnsson, Pontus
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Hacks, Simon
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering. Southern Univ Denmark, Maersk Mc Kinney Moller Inst, Odense, Denmark..
    Lagerström, Robert
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    VehicleLang: A probabilistic modeling and simulation language for modern vehicle IT infrastructures2022In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 117, article id 102705Article in journal (Refereed)
    Abstract [en]

    Attack simulations are a feasible means of assessing the cyber security of various systems. Simulations can replicate the steps taken by an attacker to compromise sensitive system assets, and the time required for the acquisition of assets of interests can be calculated. One widely accepted approach to such simulations is the modelling of attack steps and their dependencies in a formal manner using attack graphs. To reduce the effort of creating new attack graphs for each system in a given domain, one can employ domain-specific attack-modeling languages to codify common attack logic. The Meta Attack Language has been proposed as a framework for developing domain-specific attack languages. In this article, we propose vehicleLang as a domain-specific language for modeling vehicles in the context of corresponding information technology infrastructures and analyzing weaknesses related to known attacks. To model domain-specific attributes, we reviewed existing literature to develop a comprehensive language, which was then verified through a series of interviews with domain experts from the automotive industry. Specifically, a systematic literature review was performed to identify possible attacks against vehicles. The identified attacks served as a blueprint for the evaluation of vehicleLang's simulation capabilities. Finally, the language was validated using the Feigenbaum test methodology.

  • 6.
    Katsikeas, Sotirios
    et al.
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Johnson, Pontus
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Ekstedt, Mathias
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Lagerström, Robert
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Research communities in cyber security: A comprehensive literature review2021In: Computer Science Review, ISSN 1574-0137, E-ISSN 1876-7745, Vol. 42, p. 100431-100431, article id 100431Article in journal (Refereed)
  • 7.
    Hacks, Simon
    et al.
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Katsikeas, Sotirios
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Towards an Ecosystem of Domain Specific Languages for Threat Modeling2021Conference paper (Refereed)
    Abstract [en]

    Today, many of our activities depend on the normal operation of the IT infrastructures that supports them. However, cyber-attacks on these infrastructures can lead to disastrous consequences. Therefore, efforts towards assessing the cyber-security are being done, such as attack graph simulations based on system architecture models. The Meta Attack Language (MAL) was previously proposed as a framework for developing Domain Specific Languages (DSLs) that can be used for the aforementioned purpose. Since many common components exist among different domains, a way to prevent repeating work had to be defined. To facilitate this goal, we adapt taxonomy building by Nickerson and propose an ecosystem of MAL-based DSLs that describes a systematic approach for not only developing, but also maintaining them over time. This can foster the usage of MAL for modeling new domains.

    Download full text (pdf)
    fulltext
  • 8.
    Katsikeas, Sotirios
    et al.
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Hacks, Simon
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Johnson, Pontus
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Ekstedt, Mathias
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Lagerström, Robert
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Jacobsson, J.
    Wällstedt, B.
    Eliasson, P.
    An Attack Simulation Language for the IT Domain2020In: Graphical Models for Security: 7th International Workshop, GraMSec 2020, Boston, MA, USA, June 22, 2020, Revised Selected Papers, Springer Nature , 2020, Vol. 12419, p. 67-86Conference paper (Refereed)
    Abstract [en]

    Cyber-attacks on IT infrastructures can have disastrous consequences for individuals, regions, as well as whole nations. In order to respond to these threats, the cyber security assessment of IT infrastructures can foster a higher degree of security and resilience against cyber-attacks. Therefore, the use of attack simulations based on system architecture models is proposed. To reduce the effort of creating new attack graphs for each system under assessment, domain-specific languages (DSLs) can be employed. DSLs codify the common attack logics of the considered domain. Previously, MAL (the Meta Attack Language) was proposed, which serves as a framework to develop DSLs and generate attack graphs for modeled infrastructures. In this article, we propose coreLang as a MAL-based DSL for modeling IT infrastructures and analyzing weaknesses related to known attacks. To model domain-specific attributes, we studied existing cyber-attacks to develop a comprehensive language, which was iteratively verified through a series of brainstorming sessions with domain modelers. Finally, this first version of the language was validated against known cyber-attack scenarios.

  • 9.
    Hacks, Simon
    et al.
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Katsikeas, Sotirios
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Ling, Engla
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Lagerström, Robert
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Ekstedt, Mathias
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    powerLang: a probabilistic attack simulation language for the power domain2020In: Energy Informatics, ISSN 2520-8942, Vol. 3, no 1Article in journal (Refereed)
    Abstract [en]

    Cyber-attacks these threats, the cyber security assessment of IT and OT infrastructures can foster a higher degree of safety and resilience against cyber-attacks. Therefore, the use of attack simulations based on system architecture models is proposed. To reduce the effort of creating new attack graphs for each system under assessment, domain-specific languages (DSLs) can be employed. DSLs codify the common attack logics of the considered domain.Previously, MAL (the Meta Attack Language) was proposed, which serves as a framework to develop DSLs and generate attack graphs for modeled infrastructures. In this article, powerLang as a MAL-based DSL for modeling IT and OT infrastructures in the power domain is proposed. Further, it allows analyzing weaknesses related to known attacks. To comprise powerLang, two existing MAL-based DSL are combined with a new language focusing on industrial control systems (ICS). Finally, this first version of the language was validated against a known cyber-attack.

  • 10.
    Hacks, Simon
    et al.
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Hacks, Alexander
    Universität Duisburg-Essen, Duisburg, Germany.
    Katsikeas, Sotirios
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Klaer, Benedikt
    Institute for High Voltage Technology, RWTH Aachen University, Aachen, Germany.
    Lagerström, Robert
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Creating Meta Attack Language Instances using ArchiMate: Applied to Electric Power and Energy System Cases2019In: Proceeding of the 2019 IEEE 23rd International Enterprise Distributed Object Computing Conference (EDOC), IEEE, 2019Conference paper (Refereed)
    Abstract [en]

    Cyber-attacks on power assets can have disastrous consequences for individuals, regions, and whole nations. In order to respond to these threats, the assessment of power grids' and plants' cyber security can foster a higher degree of safety for the whole infrastructure dependent on power. Hitherto, we propose the use of attack simulations based on system architecture models. To reduce the effort of creating new attack graphs for each system of a given type, domain-specific attack languages may be employed. They codify common attack logics of the considered domain. Previously, MAL (the Meta Attack Language) was proposed, which serves as a framework to develop domain specific attack languages. We extend the tool set of MAL by developing an approach to model security domains in ArchiMate notation. Next, those models are used to create a MAL instance, which reflects the concepts modeled in ArchiMate. These instances serve as input to simulate attacks on certain systems. To show the applicability of our approach, we conduct two case studies in the power domain. On the one hand, we model a thermal power plant and possible attacks on it. On the other hand, we use the attack on the Ukrainian power grid for our case study.

    Download full text (pdf)
    fulltext
  • 11.
    Katsikeas, Sotirios
    et al.
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Johnson, Pontus
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Hacks, Simon
    Rhein Westfal TH Aachen, Res Grp Software Construct, Aachen, Germany..
    Lagerström, Robert
    KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.
    Probabilistic Modeling and Simulation of Vehicular Cyber Attacks: An Application of the Meta Attack Language2019In: Proceedings of the 5th international conference on information systems security and privacy (ICISSP) / [ed] Mori, P Furnell, S Camp, O, SciTePress, 2019, p. 175-182Conference paper (Refereed)
    Abstract [en]

    Attack simulations are a feasible means to assess the cyber security of systems. The simulations trace the steps taken by an attacker to compromise sensitive system assets. Moreover, they allow to estimate the time conducted by the intruder from the initial step to the compromise of assets of interest. One commonly accepted approach for such simulations are attack graphs, which model the attack steps and their dependencies in a formal way. To reduce the effort of creating new attack graphs for each system of a given type, domain-specific attack languages may be employed. They codify common attack logics of the considered domain. Consequently, they ease the reuse of models and, thus, facilitate the modeling of a specific system in the domain. Previously, MAL (the Meta Attack Language) was proposed, which serves as a framework to develop domain specific attack languages. In this article, we present vehicleLang, a Domain Specific Language (DSL) which can be used to model vehicles with respect to their IT infrastructure and to analyze their weaknesses related to known attacks. To model domain specifics in our language, we rely on existing literature and verify the language using an interview with a domain expert from the automotive industry. To evaluate our results, we perform a Systematic Literature Review (SLR) to identify possible attacks against vehicles. Those attacks serve as a blueprint for test cases checked against the vehicleLang specification.

1 - 11 of 11
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf