Integration effort prediction for asset management data collection

back to project index

Project abstract

Digital data collection is costly because a number of obstacles need to be overcome in order to transmit information from a source to a target in an oftentimes complex computer network. Firstly, there are requirements on physical connections, communication protocols, common languages or translators, addressing provisions, and look-up services. Secondly, the communication needs to be secure. Finally, access to data needs to be controlled by various security controls.

In modern complex computer networks, there are generally many different solutions to any one’s data collection requirements, all subsumed under the general heading of integration. However, each solution will entail a different amount of effort, and thus cost. Furthermore, there are generally significant synergies to reap by solving multiple data collection requirements with a more generic integration solution.

In order to select among competing candidate solutions, this project proposes the development of an integration effort and security prediction tool. Such a tool requires a realistic model of the information system architecture as its input and produces an estimation/simulation of both legitimate operations (i.e., the ease with which data can be collected and used) and illegitimate operations (i.e., the possible security weak points) as its output. Therefore, the overall security and integration achieved by the system can be estimated. Using such a solution, organizations can select the most efficient and secure integration option/deployment.

The work will build on previous work on reachability analysis in computer networks, on interoperability prediction, on architecture-based analysis approaches and on probabilistic cyber-attack predictions.

Summary of work

First a comprehensive and automatic systematic literature review has been conducted on the cybersecurity and information security domains using the Scopus database. This allowed us to do a research community analysis in which the relations between authors are taken into consideration.

Then an attack simulation language for the IT domain was developed. That language is based on the Meta Attack Language (MAL). This Domain Specific Language can simulate both interoperability and illegitimate access on generic IT infrastructures.

An extension of the aforementioned language for, the more specific, industrial control systems domain was also created and is currently under evaluation. This extended language will be a part of a family of languages (ecosystem) that all together will aim to fully model the infrastructures found on the power domain.

Event log

2019. Poster presentation, SweGRIDS annual conference 2019. KTH, Stockholm.

2019. Poster presentation, SWITS annual seminar 2019. Karlstad, Sweden.

2020. Pitch presentation, SweGRIDS annual conference 2020. KTH, Stockholm.

Project reference-group

Åsa Groth,  ABB Enterprise Software
Göran Ericsson,  Svenska kraftnät
Ola Ivarsson,  E.On

Publications by this researcher

See alternatively the researcher's full DiVA list of publications, with options for sorting.
Publications in journals and conferences usually will not show until a while after they are published.

Empirical evaluation of a threat modeling language as a cybersecurity assessment tool
Sotirios Katsikeas,   Engla Rencelj Ling,   Pontus Johnsson,   Mathias Ekstedt.
2024,   Computers & security (Print), vol. 140

Research communities in cyber security vulnerability assessments : A comprehensive literature review
Fredrik Heiding,   Sotirios Katsikeas,   Robert Lagerström.
2023,   Computer Science Review, vol. 48

A Recommender Plug-in for Enterprise Architecture Models
Sashikanth Raavikanti,   Simon Hacks,   Sotirios Katsikeas.
2023,   25th International Conference on Enterprise Information Systems, ICEIS 2023, Prague, Czechia, Apr 24 2023 - Apr 26 2023

VehicleLang : A probabilistic modeling and simulation language for modern vehicle IT infrastructures
Sotirios Katsikeas,   Pontus Johnsson,   Simon Hacks,   Robert Lagerström.
2022,   Computers & security (Print), vol. 117

Towards a Systematic Method for Developing Meta Attack Language Instances
Simon Hacks,   Sotirios Katsikeas,   Engla Rencelj Ling,   Wenjun Xiong,   Jerome Pfeiffer,   Andreas Wortmann.
2022,   34th International Conference on Advanced Information Systems Engineering CAiSE 2022

Research communities in cyber security: A comprehensive literature review
Sotirios Katsikeas,   Pontus Johnson,   Mathias Ekstedt,   Robert Lagerström.
2021,   Computer Science Review, vol. 42

Towards an Ecosystem of Domain Specific Languages for Threat Modeling
Simon Hacks,   Sotirios Katsikeas.
2021,   Advanced Information Systems Engineering

An Attack Simulation Language for the IT Domain
Sotirios Katsikeas,   Simon Hacks,   Pontus Johnson,   Mathias Ekstedt,   Robert Lagerström,   J. Jacobsson,   B. Wällstedt,   P. Eliasson.
2020,   7th International Workshop on Graphical Models for Security, GramSec 2020

powerLang : a probabilistic attack simulation language for the power domain
Simon Hacks,   Sotirios Katsikeas,   Engla Ling,   Robert Lagerström,   Mathias Ekstedt.
2020,   Energy Informatics, vol. 3(1)

Creating Meta Attack Language Instances using ArchiMate : Applied to Electric Power and Energy System Cases
Simon Hacks,   Alexander Hacks,   Sotirios Katsikeas,   Benedikt Klaer,   Robert Lagerström.
2019,   2019 IEEE 23rd International Enterprise Distributed Object Computing Conference (EDOC), 28-31 Oct. 2019

Probabilistic Modeling and Simulation of Vehicular Cyber Attacks : An Application of the Meta Attack Language
Sotirios Katsikeas,   Pontus Johnson,   Simon Hacks,   Robert Lagerström.
2019,   5th International Conference on Information Systems Security and Privacy, ICISSP 2019

Publication list last updated from DiVA on 2024-08-22 22:57.

Page started: 2018-09-01
Last generated: 2024-08-22