Search

Your search keyword '"Lagerström, A."' showing total 31 results
Start Over Author "Lagerström, A." Publisher ieee
31 results on '"Lagerström, A."'

1. Re-using Enterprise Architecture Repositories for Agile Threat Modeling

Author

Per Carlsson, Robert Lagerström, and Wenjun Xiong

Subjects
business.industry, Computer science, Legacy system, Enterprise architecture, 020206 networking & telecommunications, 020207 software engineering, 02 engineering and technology, Enterprise modelling, ArchiMate, Threat model, 0202 electrical engineering, electronic engineering, information engineering, Unified threat management, Architecture, business, Software engineering, Agile software development
Abstract

Digitization has increased exposure and opened up for more cyber threats and attacks. To proactively handle this issue, enterprise modeling needs to include threat management during the design phase that considers antagonists, attack vectors, and damage domains. Agile methods are commonly adopted to efficiently develop and manage software and systems. This paper proposes to use an enterprise architecture repository to analyze not only shipped components but the overall architecture, to improve the traditional designs represented by legacy systems in the situated IT-landscape. It shows how the hidden structure method (with Design Structure Matrices) can be used to evaluate the enterprise architecture, and how it can contribute to agile development. Our case study uses an architectural descriptive language called ArchiMate for architecture modeling and shows how to predict the ripple effect in a damaging domain if an attacker's malicious components are operating within the network.

Published
2019

2. Threat Modeling of Connected Vehicles: A privacy analysis and extension of vehicleLang

Author

Robert Lagerström and Wenjun Xiong

Subjects
Security analysis, Vehicular ad hoc network, business.industry, Computer science, Control (management), Extension (predicate logic), computer.software_genre, Computer security, Test case, Threat model, The Internet, Compiler, business, computer
Abstract

Modern vehicles contain more than a hundred Electronic Control Units (ECUs) that communicate over different in-vehicle networks. These ECUs are often connected to the Internet, which makes them vulnerable to various cyber attacks. Besides, large amounts of data are generated and communicated through vehicular networks, and some of them are sensitive for the vehicle drivers. Previously, a threat modeling language named vehicleLang was proposed for security analysis of vehicles, however, privacy issues of the vehicular data have not been thoroughly addressed. To fill the gap, this paper proposes a privacy-focused enhancement of vehicleLang, and the suggested privacy extension is evaluated by threat modeling with test cases running through the Meta Attack Language (MAL) compiler.

Published
2019

3. Enterprise Architecture and Agile Development: Friends or Foes?

Author

Svetlomir Petrov, Nuria Pol Catala, Mert Canat, Martin Wellme, Robert Lagerström, and Alexander Jourkovski

Subjects
Knowledge management, Relation (database), Computer science, business.industry, Qualitative interviews, 05 social sciences, Enterprise architecture, 020207 software engineering, 02 engineering and technology, Enterprise modelling, Field (computer science), 0502 economics and business, 0202 electrical engineering, electronic engineering, information engineering, Project management, business, 050203 business & management, Agile software development, Reusability
Abstract

Nowadays, both agile development and enterprise architecture are often employed in large organizations. However there is still some confusion if these can and should be used together, and there is not much research about the possible interplay. The aim of this study is to bring new knowledge to the field of enterprise architecture and its relation to agile development. Twelve qualitative interviews with professionals in different roles, such as developers and architects, have been carried out. The participants belong to five different companies and the information obtained from them has been used to compare opinions and stated challenges regarding agile and EA. We found that some common opinions among the interviewees are; 1) agile development and enterprise architecture can be combined, 2) there are clear communication problems among architects, different teams, and project owners, and 3) there is a lack of system and application reusability.

Published
2018

6. Automatic Design of Secure Enterprise Architecture: Work in Progress Paper

Author

Mathias Ekstedt, Robert Lagerström, and Pontus Johnson

Subjects
Enterprise architecture framework, 021110 strategic, defence & security studies, business.industry, Computer science, Solution architecture, 0211 other engineering and technologies, Enterprise architecture, 020207 software engineering, 02 engineering and technology, Enterprise architecture management, Applications architecture, 0202 electrical engineering, electronic engineering, information engineering, Data architecture, Reference architecture, View model, Software engineering, business
Abstract

Architecture models mainly have three functions; 1) document, 2) analyze, and 3) improve the system under consideration. All three functions have suffered from being timeconsuming and expensive, mainly due to being manual processes in need of hard to find expertise. Recent work has however automated both the data collection and the analysis. In order for enterprise architecture modeling to finally become free of manual labor the design function also needs to be automated. In this position paper we propose the Automatic Designer. A solution that employs machine learning techniques to realize the design of (near) optimal architecture solutions. This particular implementation is focused on security analysis, but could easily be extended to other topics.

Published
2017

7. Automatic Probabilistic Enterprise IT Architecture Modeling: A Dynamic Bayesian Networks Approach

Author

Mathias Ekstedt, Pontus Johnson, and Robert Lagerström

Subjects
0209 industrial biotechnology, business.industry, Computer science, Probabilistic logic, Enterprise architecture, 020207 software engineering, 02 engineering and technology, computer.software_genre, Machine learning, Data modeling, 020901 industrial engineering & automation, 0202 electrical engineering, electronic engineering, information engineering, Bayesian programming, Artificial intelligence, Data mining, State (computer science), business, Hidden Markov model, computer, Recursive Bayesian estimation, Dynamic Bayesian network
Abstract

Enterprise architecture modeling and model maintenance are time- consuming and error-prone activities that are typically performed manually. This position paper presents new and innovative ideas on how to automate the modeling of enterprise architectures. We propose to view the problem of modeling as a probabilistic state estimation problem, which is addressed using Dynamic Bayesian Networks (DBN). The proposed approach is described using a motivating example. Sources of machine-readable data about Enterprise Architecture entities are reviewed.

Published
2016

8. Automated architecture modeling for enterprise technology manageme using principles from data fusion: A security analysis case

Author

Ulrik Franke, Robert Lagerström, Matus Korman, Margus Valja, and Mathias Ekstedt

Subjects
Enterprise systems engineering, Enterprise architecture framework, 021110 strategic, defence & security studies, Knowledge management, Computer science, business.industry, 0211 other engineering and technologies, Enterprise integration, Enterprise architecture, 020207 software engineering, 02 engineering and technology, Enterprise data management, Enterprise architecture management, 0202 electrical engineering, electronic engineering, information engineering, NIST Enterprise Architecture Model, Enterprise information system, business, Software engineering
Abstract

Architecture models are used in enterprise management for decision support. These decisions range from designing processes to planning for the appropriate supporting technology. It is unreasonable for an existing enterprise to completely reinvent itself. Incremental changes are in most cases a more resource efficient tactic. Thus, for planning organizational changes, models of the current practices and systems need to be created. For mid-sized to large organizations this can be an enormous task when executed manually. Fortunately, there's a lot of data available from different sources within an enterprise that can be used for populating such models. The data are however almost always heterogeneous and usually only representing fragmented views of certain aspects. In order to merge such data and obtaining a unified view of the enterprise a suitable methodology is needed. In this paper we address this problem of creating enterprise architecture models from heterogeneous data. The paper proposes a novel approach that combines methods from the fields of data fusion and data warehousing. The approach is tested using a modeling language focusing on cyber security analysis in a study of a lab setup mirroring a small power utility's IT environment.

Published
2016

9. Product feature prioritization using the Hidden Structure method: A practical case at Ericsson

Author

Mattin Addibpour, Franz Heiser, and Robert Lagerström

Subjects
business.industry, Computer science, 05 social sciences, computer.software_genre, Design structure matrix, Modularity, Domain (software engineering), Technology management, 0502 economics and business, Feature (machine learning), Data mining, 050207 economics, Project management, Business case, Software architecture, business, computer, 050203 business & management
Abstract

In this paper, we present a case were we employ the Hidden Structure method to product feature prioritization at Ericsson. The method extends the more common Design Structure Matrix (DSM) approach that has been used in technology management (e.g. project management and systems engineering) for quite some time in order to model complex systems and processes. The hidden structure method focuses on analyzing a DSM based on coupling and modularity theory, and it has been used in a number of software architecture and software portfolio cases. In previous work by the authors the method was tested on organization transformation at Ericsson, however this is the first time it has been employed in the domain of product feature prioritization. Today, at Ericsson, features are prioritized based on a business case approach where each feature is handled isolated from other features and the main focus is customer or market-based requirements. By employing the hidden structure method we show that features are heavily dependent on each other in a complex network, thus they should not be treated as isolated islands. These dependencies need to be considered when prioritizing features in order to save time and money, as well as increase end customer satisfaction.

Published
2016

10. Bridging the gap between business and technology in strategic decision-making for cyber security management

Author

Margus Valja, Robert Lagerström, Matus Korman, and Ulrik Franke

Subjects
021110 strategic, defence & security studies, Security analysis, Computer science, 0211 other engineering and technologies, Cyber-physical system, Enterprise architecture, 020207 software engineering, 02 engineering and technology, Computer security, computer.software_genre, Security information and event management, ArchiMate, Business analysis, 0202 electrical engineering, electronic engineering, information engineering, Security management, computer, Threat assessment
Abstract

System architectures are getting more and more complex. Thus, making strategic decisions when it comes to managing systems is difficult and needs proper support. One arising issue that managers need to take into account when changing their technology is security. No business is spared from threats in today's connected society. The repercussions of not paying this enough attention could result in loss of money and in case of cyber physical systems, also human lives. Thus, system security has become a high-level management issue. There are various methods of assessing system security. A common method that allows partial automation is attack graph based security analysis. This particular method has many variations and wide tool support. However, a complex technical analysis like the attack graph based one needs experts to run it and interpret the results. In this paper we study what kind of strategic decisions that need the support of threat analysis and how to improve an attack graph based architecture threat assessment method to fit this task. The needs are gathered from experts working with security management and the approach is inspired by an enterprise architecture language called ArchiMate. The paper contains a working example. The proposed approach aims to bridge the gap between technical analysis and business analysis making system architectures easier to manage.

Published
2016

11. Technology management through architecture reference models: A smart metering case

Author

Rikard Blom, Margus Valja, Mathias Ekstedt, Matus Korman, and Robert Lagerström

Subjects
021103 operations research, Data collection, Knowledge management, business.industry, Computer science, 0211 other engineering and technologies, Enterprise architecture, 020207 software engineering, 02 engineering and technology, Task (project management), Technology management, Documentation, Order (exchange), 0202 electrical engineering, electronic engineering, information engineering, Architecture, business, Software engineering, Reference model
Abstract

Enterprise architecture (EA) has become an essential part of managing technology in large enterprises. These days, automated analysis of EA is gaining increased attention. That is, using models of business and technology combined in order to analyze aspects such as cyber security, complexity, cost, performance, and availability. However, gathering all Information needed and creating models for such analysis is a demanding and costly task. To lower the efforts needed a number of approaches have been proposed, the most common are automatic data collection and reference models. However these approaches are all still very immature and not efficient enough for the discipline, especially when it comes to using the models for analysis and not only for documentation and communication purposes. In this paper we propose a format for representing reference models focusing on analysis. The format is tested with a case in a large European project focusing on security in advanced metering infrastructure. Thus we have, based on the format, created a reference model for smart metering architecture and cyber security analysis. On a theoretical level we discuss the potential impact such a reference model can have.

Published
2016

12. pwnPr3d: An Attack-Graph-Driven Probabilistic Threat-Modeling Approach

Author

Mathias Ekstedt, Robert Lagerström, Pontus Johnson, and Alexandre Vernotte

Subjects
021110 strategic, defence & security studies, Security analysis, Network security, business.industry, Computer science, Compromise, media_common.quotation_subject, 0211 other engineering and technologies, Probabilistic logic, 020207 software engineering, 02 engineering and technology, Attack graph, Computer security, computer.software_genre, Threat model, 0202 electrical engineering, electronic engineering, information engineering, Probability distribution, business, computer, Network model, media_common
Abstract

In this paper we introduce pwnPr3d, a probabilistic threat modeling approach for automatic attack graph generation based on network modeling. The aim is to provide stakeholders in organizations with a holistic approach that both provides high-level overview and technical details. Unlike many other threat modeling and attack graph approaches that rely heavily on manual work and security expertise, our language comes with built-in security analysis capabilities. pwnPr3d generates probability distributions over the time to compromise assets.

Published
2016

13. Securi CAD by Foreseeti: A CAD Tool for Enterprise Cyber Security Management

Author

Joakim Nydren, Pontus Johnson, Robert Lagerström, Mathias Ekstedt, Khurram Shahzad, and Dan Gorton

Subjects
Computer science, business.industry, Enterprise architecture, CAD, Enterprise information security architecture, Attack graph, Computer security, computer.software_genre, Visualization, Software, Cad tools, Information system, Software engineering, business, computer
Abstract

This paper presents a CAD tool for enterprise cyber security management called securi CAD. It is a software developed during ten years of research at KTH Royal Institute of Technology, and it is now being commercialized by foreseeti (a KTH spin-off company). The idea of the tool is similar to CAD tools used when engineers design and test cars, buildings, etc. Specifically, the securi CAD user first models the IT environment, an existing one or one under development, and then securi CAD, using attack graphs, calculates and highlights potential weaknesses and avenues of attacks. The main benefits with securi CAD are, 1) built in security expertise, 2) visualization, 3) holistic security assessments, and 4) scenario comparison (decision-making) capabilities.

Published
2015

14. An archimate based analysis of microgrid control system architectures

Author

K K Sasi, S. Nithin, Margus Valja, Markus Buschle, Robert Lagerström, and Nicholas Honeth

Subjects
Enterprise architecture framework, Engineering, business.industry, Interoperability, Enterprise architecture, Unified Modeling Language, ArchiMate, Scalability, Systems engineering, Microgrid, NIST Enterprise Architecture Model, business, computer, computer.programming_language
Abstract

The architectures containing embedded systems such as microgrid controllers are becoming more complex. While there are several known methodologies for embedded system modeling and design, they mostly cover development related performance issues. There exists a gap in the management of architectures implementing embedded systems for power systems applications. This paper proposes to use enterprise architecture analysis, based on earlier work, to fill that gap. Availability, interoperability and cost analysis are in focus. Enterprise architecture models are important in order to abstract the technical detail for planning and design in order to provide a basis for discussion of technical scalability and cost management amongst stakeholders and technical experts. A microgrid control architecture based example is given to illustrate the analysis possibilities.

Published
2014

15. Visualizing and Measuring Enterprise Application Architecture: An Exploratory Telecom Case

Author

Stephan Aier, Alan MacCormack, Robert Lagerström, and Carliss Y. Baldwin

Subjects
Information management, Enterprise architecture framework, Architecture domain, business.industry, Computer science, Solution architecture, Enterprise integration, Enterprise architecture, information management, Enterprise information security architecture, Service-oriented modeling, Functional software architecture, Enterprise system, Software, Enterprise architecture management, Information and Communications Technology, Applications architecture, Business architecture, Reference architecture, Data architecture, View model, Telecommunications, business, Software engineering
Abstract

We test a method for visualizing and measuring enterprise application architectures. The method was designed and previously used to reveal the hidden internal architectural structure of software applications. The focus of this paper is to test if it can also uncover new facts about the applications and their relationships in an enterprise architecture, i.e., if the method can reveal the hidden external structure between software applications. Our test uses data from a large international telecom company. In total, we analyzed 103 applications and 243 dependencies. Results show that the enterprise application structure can be classified as a core-periphery architecture with a propagation cost of 25%, core size of 34%, and architecture flow through of 64%. These findings suggest that the method could be effective in uncovering the hidden structure of an enterprise application architecture.

Published
2014

16. Enterprise Architecture Evaluation Using Utility Theory

Author

Margus Valja, Robert Lagerström, Kiran Karnati, Pontus Johnson, and Magnus Österlind

Subjects
Enterprise architecture framework, Enterprise architecture management, Operations research, Computer science, Solution architecture, Systems engineering, Enterprise architecture, Reference architecture, Data architecture, NIST Enterprise Architecture Model, View model
Abstract

With the increase in the number of quality attributes (e.g. cost, availability, reusability), that are being considered in the process of enterprise architecture analysis, the decision maker needs a systematic way to balance these attributes against each other to obtain the best possible architecture. Utility theory addresses this need by providing methods for numerical representation of preferences of a stakeholder involved in a decision-making process. In this paper utility theory key concepts are explained with examples. The process of calculating the utility metric, which reflects stake holder's set of preferences to select the most preferred architecture scenario is explained. The paper provides an explanation of how utility theory can be applied in enterprise architecture models which are meta-object facility compliant. This paper concludes by an example comparing two quality attributes on two architecture scenarios using utility theory and calculating the decision maker's overall utility metric across both quality attributes is provided. This shows the applicability of utility theory on architecture scenario analysis with multiple quality attributes.

Published
2013

17. Mapping the Substation Configuration Language of IEC 61850 to ArchiMate

Author

Mathias Ekstedt, Kun Zhu, Lars Nordström, Robert Lagerström, and Johan Konig

Subjects
Enterprise architecture framework, Configuration management, IEC 61850, business.industry, ArchiMate, Computer science, Interoperability, Information system, Systems engineering, Enterprise architecture, business, Software engineering, Enterprise resource planning
Abstract

This paper presents a mapping between the Enterprise Architecture framework ArchiMate and the Substation Configuration Language (SCL) of IEC 61850. Enterprise Architecture (EA) is a discipline for managing an enterprise’s information system portfolio in relation to the supported business. Metamodels, descriptive models on how to model and one of the core components of EA, can assist stakeholders in many ways, for example in decision-making. Moreover, the power industry is a domain with an augmented reliance on the support of information systems. IEC 61850 is a standard for the design of Substation Automation (SA) systems and provides a vendor independent framework for interoperability by defining communication networks and functions. The SCL is a descriptive language in IEC 61850 on the configuration of substation Intelligent Electronic Devices (IED) which describes the structure together with physical components and their relating functions. By using SCL, which models the architecture of SA systems, and mapping it to ArchiMate, stakeholders are assisted in understanding their SA system and its architecture. The mapping is intended to support the integration of SA systems applying IEC 61850 into the enterprise architecture. The mapping is demonstrated with an example applying the mapping to a SA configuration based on SCL.

Published
2010

18. Enterprise Architecture Meta Models for IT/Business Alignment Situations

Author

Mathias Ekstedt, Jan Saat, Ulrik Franke, and Robert Lagerström

Subjects
Knowledge management, Computer science, Artifact-centric business process model, business.industry, New business development, Business rule, Business architecture, Enterprise architecture, information management, Business process modeling, business, Component business model, Business domain
Abstract

Enterprise Architecture models can be used to support IT/business alignment. However, existing approaches do not distinguish between different IT/business alignment situations. Since companies face diverse challenges in achieving a high degree of IT/business alignment, a universal ‘one size fits all’ approach does not seem appropriate. This paper proposes to decompose the IT/business alignment problem into tangible qualities for business, IT systems, and IT governance. An explorative study among 162 professionals is used to distinguish four IT/business alignment situations, i.e. four clusters of IT/business alignment problems. These situations each represent the current state according to certain qualities and also the priorities for future development. In order to increase IT/business alignment, enterprise architecture meta models are proposed for each identified situation. One core meta model (to reflect common priorities) as well as situation specific extensions are presented.

Published
2010

19. Decision support oriented Enterprise Architecture metamodel management using classification trees

Author

Teodor Sommestad, Robert Lagerström, Ulrik Franke, Pontus Johnson, and Johan Ullberg

Subjects
Decision support system, Computer science, business.industry, Decision theory, Decision tree, Enterprise architecture, Maintenance engineering, Metamodeling, Software_SOFTWAREENGINEERING, Systems engineering, Software mining, Model-driven architecture, Software engineering, business, computer, computer.programming_language
Abstract

Models are an integral part of the discipline of Enterprise Architecture (EA). To stay relevant to management decision-making needs, the models need to be based upon suitable metamodels. These metamodels, in turn, need to be properly and continuously maintained. While there exists several methods for metamodel development and maintenance, these typically focus on internal metamodel qualities and metamodel engineering processes, rather than on the actual decision-making needs and their impact on the metamodels used. The present paper employs techniques from information theory and learning classification trees to propose a method for metamodel management based upon the value added by entities and attributes to the decision-making process. This allows for the removal of those metamodel parts that give the least “bang for the bucks” in terms of decision support. The method proposed is illustrated using real data from an ongoing research project on systems modifiability.

Published
2009

20. A formal method for cost and accuracy trade-off analysis in software assessment measures

Author

Ulrik Franke, Johan Ullberg, Johan Konig, David Höök, Mathias Ekstedt, Robert Lagerström, and Pontus Johnson

Subjects
Decision support system, Risk analysis (engineering), Management science, Computer science, Information system, Bayesian network, Software system, Formal methods, Formal verification, Software measurement, Software metric
Abstract

Creating accurate models of information systems is an important but challenging task. It is generally well understood that such modeling encompasses general scientific issues, but the monetary aspects of the modeling of software systems are not equally well acknowledged. The present paper describes a method using Bayesian networks for optimizing modeling strategies, perceived as a trade-off between these two aspects. Using GeNIe, a graphical tool with the proper Bayesian algorithms implemented, decision support can thus be provided to the modeling process. Specifically, an informed trade-off can be made, based on the modeler's prior knowledge of the predictive power of certain models, combined with his projection of their costs. It is argued that this method might enhance modeling of large and complex software systems in two principal ways: Firstly, by enforcing rigor and making hidden assumptions explicit. Secondly, by enforcing cost awareness even in the early phases of modeling. The method should be used primarily when the choice of modeling can have great economic repercussions.

Published
2009

21. EAF2- A Framework for Categorizing Enterprise Architecture Frameworks

Author

Johan Konig, Robert Lagerström, Ulrik Franke, David Höök, Per Närman, Mathias Ekstedt, Johan Ullberg, and Pia Gustafsson

Subjects
The Open Group Architecture Framework, Enterprise architecture framework, Architecture framework, Engineering, Knowledge management, Enterprise architecture management, business.industry, Applications architecture, Enterprise architecture, NIST Enterprise Architecture Model, View model, business
Abstract

What constitutes an enterprise architecture framework is a contested subject. The contents of present enterprise architecture frameworks thus differ substantially. This paper aims to alleviate the confusion regarding which framework contains what by proposing a meta framework for enterprise architecture frameworks. By using this meta framework, decision makers are able to express their requirements on what their enterprise architecture framework must contain and also to evaluate whether the existing frameworks meets these requirements. An example classification of common EA frameworks illustrates the approach.

Published
2009

22. A Tool for Enterprise Architecture Analysis of Maintainability

Author

Mathias Ekstedt, Johan Ullberg, Ulrik Franke, Pontus Johnson, Markus Buschle, Teodor Sommestad, and Robert Lagerström

Subjects
Enterprise architecture framework, Enterprise architecture management, business.industry, Computer science, Systems engineering, Maintainability, Enterprise architecture, Reference architecture, View model, business, Software engineering, Software architecture, Enterprise resource planning
Abstract

A tool for Enterprise Architecture analysis using a probabilistic mathematical framework is demonstrated. The Model-View-Controller tool architecture is outlined, before the use of the tool is considered. A sample abstract maintainability model is created, showing the dependence of system maintainability on documentation quality, developer expertise, etc. Finally, a concrete model of an ERP system is discussed.

Published
2009

23. A Framework for Service Interoperability Analysis using Enterprise Architecture Models

Author

Pontus Johnson, Johan Ullberg, and Robert Lagerström

Subjects
Enterprise architecture framework, The Open Group Architecture Framework, Enterprise architecture management, business.industry, Computer science, Enterprise integration, Enterprise architecture, Information Framework, View model, NIST Enterprise Architecture Model, Software engineering, business
Abstract

Good IT decision making is a highly desirable property that can be furthered by the use of enterprise architecture, an approach to IT management using diagrammatic models. In order to support decision making, the models must be amenable to various kinds of analysis. It is desirable that the models support the sought after analysis effectively since creation of enterprise architecture models often is a demanding task. This paper suggests a framework for enterprise service interoperability analysis and a metamodel containing the information needed to perform the analysis. The paper also illustrates the use of the framework and metamodel in a fictional example.

Published
2008

24. Using Architectural Models to Predict the Maintainability of Enterprise Systems

Author

Robert Lagerström and Pontus Johnson

Subjects
Enterprise architecture framework, Enterprise systems engineering, Functional software architecture, Enterprise architecture management, business.industry, Computer science, Enterprise life cycle, Enterprise integration, business, Software engineering, Service-oriented modeling, Enterprise software
Abstract

Modern software systems are highly interconnected and have been under constant change for many years. IT decision makers find it difficult to predict and plan change projects due to the complexity of the enterprise systems. Thus, a large proportion of projects with the purpose of changing a software system environment fail, i.e. they tend to take longer time and cost more than expected. This paper suggests enterprise architecture as an approach to model software systems and their environment. An enterprise architecture metamodel for maintainability modeling and analysis is presented. IT decision makers can use this metamodel in order to make cost predictions and do risk analysis for their change projects.

Published
2008

25. A Framework for Assessing Business Value of Service Oriented Architectures

Author

Robert Lagerström and J. Ohrstrom

Subjects
OASIS SOA Reference Model, Computer science, business.industry, computer.internet_protocol, Service-oriented architecture, Service oriented, Business value, Software architecture, Software engineering, business, Implementation, computer, Decision analysis
Abstract

This paper presents a framework used for analyzing decisions regarding implementations of service oriented architectures. The framework assesses the business value of SOA by measuring the modification cost, i.e. the effort needed to become service oriented, and the benefits that can be gained for an enterprise using SOA.

Published
2007

26. Extended Influence Diagrams for Enterprise Architecture Analysis

Author

Pontus Johnson, Mårten Simonsson, Robert Lagerström, and Per Norman

Subjects
Enterprise systems engineering, Enterprise architecture framework, Functional software architecture, Enterprise architecture management, business.industry, Computer science, Enterprise architecture, Enterprise information security architecture, NIST Enterprise Architecture Model, Software engineering, business, Software architecture
Abstract

The discipline of enterprise architecture advocates the use of models to support decision-making on enterprise-wide information system issues. In order to provide such support, enterprise architecture models should be amenable to analyses of various properties, as e.g. the level of enterprise information security. This paper proposes the use of a formal language to support such analysis. Such a language needs to be able to represent causal relations between, and definitions of, various concepts as well as uncertainty with respect to both concepts and relations. To support decision-making properly, the language must also allow the representation of goals and decision alternatives. This paper evaluates a number of languages with respect to these requirements, and selects influence diagrams for further consideration. The influence diagrams are then extended to fully satisfy the requirements. The syntax and semantics of the extended influence diagrams are detailed in the paper, and their use is demonstrated in an example

Published
2006

31. Creating Meta Attack Language Instances using ArchiMate: Applied to Electric Power and Energy System Cases

Author

Sotirios Katsikeas, Robert Lagerström, Simon Hacks, Alexander Johannes Hacks, and Benedikt Klaer

Subjects
021110 strategic, defence & security studies, Domain-specific language, Computer and Information Sciences, Computer science, 0211 other engineering and technologies, Data- och informationsvetenskap, 0102 computer and information sciences, 02 engineering and technology, Notation, Computer security, computer.software_genre, 01 natural sciences, Domain (software engineering), Maschinenbau, 010201 computation theory & mathematics, ArchiMate, Threat model, Systems architecture, Electric power, computer, Power domains
Abstract

Cyber-attacks on power assets can have disastrous consequences for individuals, regions, and whole nations. In order to respond to these threats, the assessment of power grids' and plants' cyber security can foster a higher degree of safety for the whole infrastructure dependent on power. Hitherto, we propose the use of attack simulations based on system architecture models. To reduce the effort of creating new attack graphs for each system of a given type, domain-specific attack languages may be employed. They codify common attack logics of the considered domain. Previously, MAL (the Meta Attack Language) was proposed, which serves as a framework to develop domain specific attack languages. We extend the tool set of MAL by developing an approach to model security domains in ArchiMate notation. Next, those models are used to create a MAL instance, which reflects the concepts modeled in ArchiMate. These instances serve as input to simulate attacks on certain systems. To show the applicability of our approach, we conduct two case studies in the power domain. On the one hand, we model a thermal power plant and possible attacks on it. On the other hand, we use the attack on the Ukrainian power grid for our case study. QC 20200120

Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results