| 1. |
|
|
| 2. |
- Ekstedt, Mathias, et al.
(författare)
-
A Tool for Enterprise Architecture Analysis of Maintainability : CSMR 2009, PROCEEDINGS
- 2009
-
Ingår i: EUR CON SFTWR MTNCE REENGR. - Los Almitos : IEEE COMPUTER SOC. - 9780769535890 ; , s. 327-328
-
Konferensbidrag (refereegranskat)abstract
- A tool for Enterprise Architecture analysis using a probabilistic mathematical framework is demonstrated. The Model-View-Controller tool architecture is outlined, before the use of the tool is considered. A sample abstract maintainability model is created, showing the dependence of system maintainability on documentation quality. developer expertise, etc. Finally, a concrete model of an ERP system is discussed.
|
|
| 3. |
|
|
| 4. |
- Ekstedt, Mathias, et al.
(författare)
-
securiCAD by foreseeti : A CAD tool for enterprise cyber security management
- 2015
-
Ingår i: Proceedings of the 2015 IEEE 19th International Enterprise Distributed Object Computing Conference Workshops and Demonstrations, EDOCW 2015. - 9781467393317
-
Konferensbidrag (refereegranskat)abstract
- This paper presents a CAD tool for enterprise cyber security management called securiCAD. It is a software developed during ten years of research at KTH Royal Institute of Technology, and it is now being commercialized by foreseeti (a KTH spin-off company). The idea of the tool is similar to CAD tools used when engineers design and test cars, buildings, etc. Specifically, the securiCAD user first models the IT environment, an existing one or one under development, and then securiCAD, using attack graphs, calculates and highlights potential weaknesses and avenues of attacks. The main benefits with securiCAD are; 1) built in security expertise, 2) visualization, 3) holistic security assessments, and 4) scenario comparison (decision-making) capabilities.
|
|
| 5. |
|
|
| 6. |
|
|
| 7. |
- Franke, Ulrik, et al.
(författare)
-
A formal method for cost and accuracy trade-off analysis in software assessment measures
- 2009
-
Ingår i: RCIS 2009. - NEW YORK : IEEE. - 9781424428649 ; , s. 295-302
-
Konferensbidrag (refereegranskat)abstract
- Creating accurate models of information systems is an important but challenging task. It is generally well understood that such modeling encompasses general scientific issues, but the monetary aspects of the modeling of software systems are not equally well acknowledged. The present paper describes a method using Bayesian networks for optimizing modeling strategies, perceived as a trade-off between these two aspects. Using GeNIe, a graphical tool with the proper Bayesian algorithms implemented, decision support can thus be provided to the modeling process. Specifically, an informed trade-off can be made, based on the modeler's prior knowledge of the predictive power of certain models, combined with his projection of their costs. It is argued that this method might enhance modeling of large and complex software systems in two principal ways: Firstly, by enforcing rigor and making hidden assumptions explicit. Secondly, by enforcing cost awareness even in the early phases of modeling. The method should be used primarily when the choice of modeling can have great economic repercussions.
|
|
| 8. |
- Franke, Ulrik, et al.
(författare)
-
A Method for Choosing Software Assessment Measures using Bayesian Networks and Diagnosis : CSMR 2009, PROCEEDINGS
- 2009
-
Ingår i: 13TH EUROPEAN CONFERENCE ON SOFTWARE MAINTENANCE AND REENGINEERING: CSMR 2009, PROCEEDINGS. - LOS ALAMITOS, CA. : IEEE COMPUTER SOC.. - 9780769535890 ; , s. 241-245
-
Konferensbidrag (refereegranskat)abstract
- Creating accurate models of information systems is an important but challenging task. While the scienti c aspects of such modeling are generally acknowledged, the monetary aspects of the modeling of software systems are not. The present paper describes a Bayesian method for optimizing modeling strategies, perceived as a trade-off between these two aspects. Speci cally, an informed trade-off can be made, based on the modeler's prior knowledge of the predictive power of certain models, combined with her projection of the costs. It is argued that this method enhances modeling of large and complex software systems in two principal ways: Firstly, by enforcing rigor and making hidden assumptions explicit. Secondly, by enforcing cost awareness even in the early phases of modeling. The method should be used primarily when the choice of modeling can have great economic repercussions.
|
|
| 9. |
- Franke, Ulrik, et al.
(författare)
-
Decision Support oriented Enterprise Architecture Metamodel Management using Classification Trees
- 2009
-
Ingår i: 2009 13TH ENTERPRISE DISTRIBUTED OBJECT COMPUTING CONFERENCE WORKSHOPS (EDOCW 2009). - NEW YORK : IEEE. ; , s. 328-335
-
Konferensbidrag (refereegranskat)abstract
- Models are an integral part of the discipline of Enterprise Architecture (EA). To stay relevant to management decision-making needs, the models need to be based upon suitable metamodels. These metamodels, in turn, need to be properly and continuously maintained. While there exists several methods for metamodel development and maintenance, these typically focus on internal metamodel qualities and metamodel engineering processes, rather than on the actual decision-making needs and their impact on the metamodels used. The present paper employs techniques from information theory and learning classification trees to propose a method for metamodel management based upon the value added by entities and attributes to the decision-making process. This allows for the removal of those metamodel parts that give the least "bang for the bucks" in terms of decision support. The method proposed is illustrated using real data from an ongoing research project on systems modifiability
|
|
| 10. |
- Johnson, Pontus, et al.
(författare)
-
A Meta Language for Threat Modeling and Attack Simulations
- 2018
-
Ingår i: ACM International Conference Proceeding Series. - New York, NY, USA : ACM.
-
Konferensbidrag (refereegranskat)abstract
- Attack simulations may be used to assess the cyber security of systems. In such simulations, the steps taken by an attacker in order to compromise sensitive system assets are traced, and a time estimate may be computed from the initial step to the compromise of assets of interest. Attack graphs constitute a suitable formalism for the modeling of attack steps and their dependencies, allowing the subsequent simulation. To avoid the costly proposition of building new attack graphs for each system of a given type, domain-specific attack languages may be used. These languages codify the generic attack logic of the considered domain, thus facilitating the modeling, or instantiation, of a specific system in the domain. Examples of possible cyber security domains suitable for domain-specific attack languages are generic types such as cloud systems or embedded systems but may also be highly specialized kinds, e.g. Ubuntu installations; the objects of interest as well as the attack logic will differ significantly between such domains. In this paper, we present the Meta Attack Language (MAL), which may be used to design domain-specific attack languages such as the aforementioned. The MAL provides a formalism that allows the semi-automated generation as well as the efficient computation of very large attack graphs. We declare the formal background to MAL, define its syntax and semantics, exemplify its use with a small domain-specific language and instance model, and report on the computational performance.
|
|
