Margus Välja

Enterprise Architecture Evaluation Using Utility Theory

With the increase in the number of quality attributes (e.g. cost, availability, reusability), that are being considered in the process of enterprise architecture analysis, the decision maker needs a systematic way to balance these attributes against each other to obtain the best possible architecture. Utility theory addresses this need by providing methods for numerical representation of preferences of a stakeholder involved in a decision-making process. In this paper utility theory key concepts are explained with examples. The process of calculating the utility metric, which reflects stake holders set of preferences to select the most preferred architecture scenario is explained. The paper provides an explanation of how utility theory can be applied in enterprise architecture models which are meta-object facility compliant. This paper concludes by an example comparing two quality attributes on two architecture scenarios using utility theory and calculating the decision makers overall utility metric across both quality attributes is provided. This shows the applicability of utility theory on architecture scenario analysis with multiple quality attributes.

Business model risk analysis: predicting the probability of business network profitability

In the design phase of business collaboration, it is desirable to be able to predict the profitability of the business-to-be. Therefore, techniques to assess qualities such as costs, revenues, risks, and profitability have been previously proposed. However, they do not allow the modeler to properly manage uncertainty with respect to the design of the considered business collaboration. In many real collaboration projects today, uncertainty regarding the business’ present or future characteristics is so significant that ignoring it becomes problematic. In this paper, we propose an approach based on the Predictive, Probabilistic Architecture Modeling Framework (P2AMF), capable of advanced and probabilistically sound reasoning about profitability risks. The P2AMF-based approach for profitability risk prediction is also based on the e3-value modeling language and on the Object Constraint Language (OCL). The paper introduces the prediction and modeling approach, and a supporting software tool. The use of the approach is illustrated by means of a case.

A Requirements Based Approach for Automating Enterprise IT Architecture Modeling Using Multiple Data Sources

Enterprise Architecture (EA) is an approach where models of an enterprise are used for decision support. An important part of EA is enterprise IT architecture. Creating models of both types can be a complex task. EA can be difficult to model due to unavailable business data, while in the case of enterprise IT architecture, there can be too much IT data available. Furthermore, there is a trend of a growing availability of data possibly useful for modeling. We call the process of making use of available data, automatic modeling. There have been previous attempts to achieve automatic model creation using a single source of data. Often, a single source of data is not enough to create the models required. In this paper we address automatic modeling when data from multiple heterogeneous sources are needed. The paper looks at the potential data sources, requirements that the data must meet and proposes a four-part approach. The approach is tested in a study using the Cyber Security Modeling Language in order to model a lab setup at KTH Royal Institute of Technology. The lab aims at mirroring a small power utilitys IT setup. The paper demonstrates that it is possible to create timely and scalable enterprise IT architecture models from multiple sources, and that manual modeling and data quality related problems can be resolved using known data processing methods.

Technology management through architecture reference models: A smart metering case

Enterprise architecture (EA) has become an essential part of managing technology in large enterprises. These days, automated analysis of EA is gaining increased attention. That is, using models of business and technology combined in order to analyze aspects such as cyber security, complexity, cost, performance, and availability. However, gathering all Information needed and creating models for such analysis is a demanding and costly task. To lower the efforts needed a number of approaches have been proposed, the most common are automatic data collection and reference models. However these approaches are all still very immature and not efficient enough for the discipline, especially when it comes to using the models for analysis and not only for documentation and communication purposes. In this paper we propose a format for representing reference models focusing on analysis. The format is tested with a case in a large European project focusing on security in advanced metering infrastructure. Thus we have, based on the format, created a reference model for smart metering architecture and cyber security analysis. On a theoretical level we discuss the potential impact such a reference model can have.

Analyzing the Effectiveness of Attack Countermeasures in a SCADA System

The SCADA infrastructure is a key component for power grid operations. Securing the SCADA infrastructure against cyber intrusions is thus vital for a well-functioning power grid. However, the task remains a particular challenge, not the least since not all available security mechanisms are easily deployable in these reliability-critical and complex, multi-vendor environments that host modern systems alongside legacy ones, to support a range of sensitive power grid operations. This paper examines how effective a few countermeasures are likely to be in SCADA environments, including those that are commonly considered out of bounds. The results show that granular network segmentation is a particularly effective countermeasure, followed by frequent patching of systems (which is unfortunately still difficult to date). The results also show that the enforcement of a password policy and restrictive network configuration including whitelisting of devices contributes to increased security, though best in combination with granular network segmentation.

Automated architecture modeling for enterprise technology manageme using principles from data fusion: A security analysis case

Architecture models are used in enterprise management for decision support. These decisions range from designing processes to planning for the appropriate supporting technology. It is unreasonable for an existing enterprise to completely reinvent itself. Incremental changes are in most cases a more resource efficient tactic. Thus, for planning organizational changes, models of the current practices and systems need to be created. For mid-sized to large organizations this can be an enormous task when executed manually. Fortunately, theres a lot of data available from different sources within an enterprise that can be used for populating such models. The data are however almost always heterogeneous and usually only representing fragmented views of certain aspects. In order to merge such data and obtaining a unified view of the enterprise a suitable methodology is needed. In this paper we address this problem of creating enterprise architecture models from heterogeneous data. The paper proposes a novel approach that combines methods from the fields of data fusion and data warehousing. The approach is tested using a modeling language focusing on cyber security analysis in a study of a lab setup mirroring a small power utilitys IT environment.

Integrated Metamodel for Security Analysis

This paper proposes a metamodel for analyzing security aspects of enterprise architecture by combining analysis of cybersecurity with analysis of interoperability and availability. The metamodel extends an existing attack graph based metamodel for cyber security modeling and evaluation, P2CySeMoL, and incorporates several new elements and evaluation rules. The approach improves security analysis by combining two ways of evaluating reach ability: one which considers ordinary user activity and another, which considers technically advanced techniques for penetration and attack. It is thus permitting to evaluate security in interoperability terms by revealing attack possibilities of legitimate users. Combined with data import from various sources, like an enterprise architecture data repository, the instantiations of the proposed metamodel allow for a more holistic overview of the threats to the architecture than the previous version. Additional granularity is added to the analysis with the reach ability need concept and by enabling the consideration of unavailable and unreliable systems.

A Study on Software Vulnerabilities and Weaknesses of Embedded Systems in Power Networks

In this paper we conduct an empirical study with the purpose of identifying common software weaknesses of embedded devices used as part of industrial control systems in power grids. The data is gathered about the devices and software of 6 companies, ABB, General Electric, Schneider Electric, Schweitzer Engineering Laboratories, Siemens and Wind River. The study uses data from the manufacturersfi online databases, NVD, CWE and ICS CERT. We identified that the most common problems that were reported are related to the improper input validation, cryptographic issues, and programming errors.

Bridging the gap between business and technology in strategic decision-making for cyber security management

System architectures are getting more and more complex. Thus, making strategic decisions when it comes to managing systems is difficult and needs proper support. One arising issue that managers need to take into account when changing their technology is security. No business is spared from threats in todays connected society. The repercussions of not paying this enough attention could result in loss of money and in case of cyber physical systems, also human lives. Thus, system security has become a high-level management issue. There are various methods of assessing system security. A common method that allows partial automation is attack graph based security analysis. This particular method has many variations and wide tool support. However, a complex technical analysis like the attack graph based one needs experts to run it and interpret the results. In this paper we study what kind of strategic decisions that need the support of threat analysis and how to improve an attack graph based architecture threat assessment method to fit this task. The needs are gathered from experts working with security management and the approach is inspired by an enterprise architecture language called ArchiMate. The paper contains a working example. The proposed approach aims to bridge the gap between technical analysis and business analysis making system architectures easier to manage.