| 1. |
- Almgren, Magnus, 1972, et al.
(författare)
-
RICS-el : Building a national testbed for research and training on SCADA security (short paper)
- 2019
-
Ingår i: Lect. Notes Comput. Sci.. - Cham : Springer Nature. ; 11260 LNCS, s. 219-225, s. 219-225
-
Konferensbidrag (refereegranskat)abstract
- Trends show that cyber attacks targeting critical infrastructures are increasing, but security research for protecting such systems are challenging. There is a gap between the somewhat simplified models researchers at universities can sustain contra the complex systems at infrastructure owners that seldom can be used for direct research. There is also a lack of common datasets for research benchmarking. This paper presents a national experimental testbed for security research within supervisory control and data acquisition systems (SCADA), accessible for both research training and experiments. The virtualized testbed has been designed and implemented with both vendor experts and security researchers to balance the goals of realism with specific research needs. It includes a real SCADA product for energy management, a number of network zones, substation nodes, and a simulated power system. This environment enables creation of scenarios similar to real world utility scenarios, attack generation, development of defence mechanisms, and perhaps just as important: generating open datasets for comparative research evaluation.
|
|
| 2. |
- Balliu, Musard, et al.
(författare)
-
Challenges of Producing Software Bill of Materials for Java
- 2023
-
Ingår i: IEEE Security and Privacy. - : Institute of Electrical and Electronics Engineers (IEEE). - 1540-7993 .- 1558-4046. ; 21:6, s. 12-23
-
Tidskriftsartikel (refereegranskat)abstract
- Software bills of materials (SBOMs) promise to become the backbone of software supply chain hardening. We deep-dive into six tools and the SBOMs they produce for complex open source Java projects, revealing challenges regarding the accurate production and usage of SBOMs.
|
|
| 3. |
- Balliu, Musard, et al.
(författare)
-
Software Bill of Materials in Java
- 2023
-
Ingår i: SCORED 2023 - Proceedings of the 2023 Workshop on Software Supply Chain Offensive Research and Ecosystem Defenses. - : Association for Computing Machinery (ACM). ; , s. 75-76
-
Konferensbidrag (refereegranskat)abstract
- Modern software applications are virtually never built entirely in-house. As a matter of fact, they reuse many third-party dependencies, which form the core of their software supply chain [1]. The large number of dependencies in an application has turned into a major challenge for both security and reliability. For example, to compromise a high-value application, malicious actors can choose to attack a less well-guarded dependency of the project [2]. Even when there is no malicious intent, bugs can propagate through the software supply chain and cause breakages in applications. Gathering accurate, upto- date information about all dependencies included in an application is, therefore, of vital importance.
|
|
| 4. |
- Ekstedt, Mathias, 1975-
(författare)
-
Enterprise architecture for IT management : a CIO decision making perspective on the electrical power industry
- 2004
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Within the electric power industry, the average company's enterprise system - i.e. the overall system of IT related entities - is today highly complex. Technically, large organizations posses hundreds or thousands of extensively interconnected and heterogeneous single IT systems performing tasks that varies from enterprise resource planning to real-time control and monitoring of industrial processes. Moreover are these systems storing a wide variety of sometimes redundant data, and typically they are deployed on several different platforms. IT does, however, not execute in splendid isolation. Organizationally, the enterprise system embraces business processes and business units using as well as maintaining and acquiring the IT systems. The interplay between the organization and the IT systems are further determined by for instance business goals, ownership and governance structures, strategies, individual system users, documentation, and cost.Lately, Enterprise Architecture (EA) has evolved with the mission to take a holistic approach to managing the above depicted enterprise system. The discipline's presumption is that architectural models are the key to succeed in understanding and administrating enterprise systems. Compared to many other engineering disciplines, EA is quite immature in many respects. This thesis identifies and elaborates on some important aspects that to date have been overlooked to a large extent. Firstly, the lack of explicit purpose for architectural models is identified. The thesis argues that the concerns of a company's Chief Information Officer (CIO) should guide the rationale behind the development of EA models. In particular, distribution of IT related information and knowledge throughout the organization is emphasized as an important concern uncared for. Secondly, the lack of architectural theory is recognized. The thesis provides examples of how theory, or analysis procedures, could be incorporated into the Enterprise Architecture approach and hereby concretely drive the development of the architectural models. Due to the nature of enterprise systems, EA theories inevitable will be of an indicative character. Finally, in relation to the models as such, three aspects are highlighted. Firstly, the cost of collecting information from the organization to populate models is routinely neglected by the EA community. This expense should be evaluated in relation to the utility of analyses that the information can provide in terms of better informed decision making by the CIO. Secondly, models (and meta-models) must be kept consistent. And thirdly, the design of models is restricted by the limited mental capabilities of the minds of the model users. CIO concerns must consequently be easy to extract from the Enterprise Architecture models.Key words: Enterprise Architecture, Enterprise System, Chief Information Officer (CIO), Information Technology (IT) Management, Architectural Theory, Electric Power Industry
|
|
| 5. |
- Ekstedt, Mathias, 1975-, et al.
(författare)
-
Message from the EDOC 2018 Workshop and Demo Chairs
- 2018
-
Ingår i: 22nd IEEE International Enterprise Distributed Object Computing Conference Workshops, EDOCW 2018. - : Institute of Electrical and Electronics Engineers Inc.. - 1541-7719. ; 2018-October
-
Tidskriftsartikel (refereegranskat)
|
|
| 6. |
- Ekstedt, Mathias, 1975-, et al.
(författare)
-
Message from the EDOC 2019 workshop and demo chairs
- 2019
-
Ingår i: Proceedings 23rd IEEE International Enterprise Distributed Object Computing Workshop, EDOCW 2019. - : Institute of Electrical and Electronics Engineers Inc.. - 9781728145983 - 9781728145990
-
Konferensbidrag (refereegranskat)
|
|
| 7. |
- Ekstedt, Mathias, 1975-, et al.
(författare)
-
Yet another cybersecurity risk assessment framework
- 2023
-
Ingår i: International Journal of Information Security. - : Springer Nature. - 1615-5262 .- 1615-5270. ; :22, s. 1713-1729
-
Tidskriftsartikel (refereegranskat)abstract
- IT systems pervade our society more and more, and we become heavily dependent on them. At the same time, these systems are increasingly targeted in cyberattacks, making us vulnerable. Enterprise and cybersecurity responsibles face the problem of defining techniques that raise the level of security. They need to decide which mechanism provides the most efficient defense with limited resources. Basically, the risks need to be assessed to determine the best cost-to-benefit ratio. One way to achieve this is through threat modeling; however, threat modeling is not commonly used in the enterprise IT risk domain. Furthermore, the existing threat modeling methods have shortcomings. This paper introduces a metamodel-based approach named Yet Another Cybersecurity Risk Assessment Framework (Yacraf). Yacraf aims to enable comprehensive risk assessment for organizations with more decision support. The paper includes a risk calculation formalization and also an example showing how an organization can use and benefit from Yacraf.
|
|
| 8. |
- Fahlander, Per, et al.
(författare)
-
Containment Strategy Formalism in a Probabilistic Threat Modelling Framework
- 2022
-
Ingår i: Proceedings of the 8th international conference on information systems security and privacy (ICISSP). - : Scitepress. ; , s. 108-120
-
Konferensbidrag (refereegranskat)abstract
- Foreseeing, mitigating and preventing cyber-attacks is more important than ever before. Advances in the field of probabilistic threat modelling can help organisations understand their own resilience profile against cyber-attacks. Previous research has proposed MAL, a meta language for capturing the attack logic of a considered domain and running attack simulations in a model that depicts the defended IT-infrastructure. While this modality is already somewhat established for proposing general threat mitigation actions, less is known about how to model containment strategies in the event that penetration already has occurred. The problem is a fundamental gap between predominant threat models in cyber-security research and containment in the incident response lifecycle. This paper presents a solution to the problem by summarizing a methodology for reasoning about containment strategies in MAL-based threat models.
|
|
| 9. |
- Gylling, Andreas, et al.
(författare)
-
Mapping Cyber Threat Intelligence to Probabilistic Attack Graphs
- 2021
-
Ingår i: PROCEEDINGS OF THE 2021 IEEE INTERNATIONAL CONFERENCE ON CYBER SECURITY AND RESILIENCE (IEEE CSR). - : Institute of Electrical and Electronics Engineers (IEEE). ; , s. 304-311
-
Konferensbidrag (refereegranskat)abstract
- As cyber threats continue to grow and expertise resources are limited, organisations need to find ways to evaluate their resilience efficiently and take proactive measures against an attack from a specific adversary before it occurs. Threat modelling is an excellent method of assessing the resilience of ICT systems, forming Attack (Defense) Graphs (ADGs) that illustrate an adversary's attack vectors. Cyber Threat Intelligence (CTI) is information that helps understand the current cyber threats, but has little integration with ADGs. This paper contributes with an approach that resolves this problem by using CTI feeds of known threat actors to enrich ADGs under multiple reuse. This enables security analysts to take proactive measures and strengthen their ICT systems against current methods used by any threat actor that is believed to pose a threat to them.
|
|
| 10. |
- Hacks, Simon, et al.
(författare)
-
powerLang : a probabilistic attack simulation language for the power domain
- 2020
-
Ingår i: Energy Informatics. - : Springer Nature. - 2520-8942. ; 3:1
-
Tidskriftsartikel (refereegranskat)abstract
- Cyber-attacks these threats, the cyber security assessment of IT and OT infrastructures can foster a higher degree of safety and resilience against cyber-attacks. Therefore, the use of attack simulations based on system architecture models is proposed. To reduce the effort of creating new attack graphs for each system under assessment, domain-specific languages (DSLs) can be employed. DSLs codify the common attack logics of the considered domain.Previously, MAL (the Meta Attack Language) was proposed, which serves as a framework to develop DSLs and generate attack graphs for modeled infrastructures. In this article, powerLang as a MAL-based DSL for modeling IT and OT infrastructures in the power domain is proposed. Further, it allows analyzing weaknesses related to known attacks. To comprise powerLang, two existing MAL-based DSL are combined with a new language focusing on industrial control systems (ICS). Finally, this first version of the language was validated against a known cyber-attack.
|
|
