Learn More
The Cyber Security Modeling Language (CySeMoL) is an attack graph tool that can be used to estimate the cyber security of enterprise architectures. CySeMoL includes theory on how attacks and defenses relate quantitatively; thus, users must only model their assets and how these are connected in order to enable calculations. This report functions as a manual(More)
Advanced metering infrastructure (AMI) is a key component of the concept of smart power grids. Although several functional/logical reference models of AMI exist, they are not suited for automated analysis of properties such as cyber security. This paper briefly presents a reference model of AMI that follows a tested and even commercially adopted formalism(More)
Methods for risk assessment in information security suggest users to collect and consider sets of input information, often notably different, both in type and size. To explore these differences, this study compares twelve established methods on how their input suggestions map to the concepts of ArchiMate, a widely used modeling language for enterprise(More)
Authorization and its enforcement, access control, has stood at the beginning of the art and science of information security, and remains being a crucial pillar of secure operation of IT. Dozens of different models of access control have been proposed. Although enterprise architecture as a discipline strives to support the management of IT, support for(More)
Enterprise Architecture (EA) is an approach where models of an enterprise are used for decision support. An important part of EA is enterprise IT architecture. Creating models of both types can be a complex task. EA can be difficult to model due to unavailable business data, while in the case of enterprise IT architecture, there can be too much IT data(More)
This paper proposes a metamodel for analyzing security aspects of enterprise architecture by combining analysis of cybersecurity with analysis of interoperability and availability. The metamodel extends an existing attack graph based metamodel for cybersecurity modeling and evaluation, P 2 CySeMoL, and incorporates several new elements and evaluation rules.(More)
  • Margus Välja, Matus Korman, Robert Lagerström
  • 2017
In this paper we conduct an empirical study with the purpose of identifying common software weaknesses of embedded devices used as part of industrial control systems in power grids. The data is gathered about the devices and software of 6 companies, ABB, General Electric, Schneider Electric, Schweitzer Engineering Laboratories, Siemens and Wind River. The(More)