Simon's past research activities can be divided into two main areas: Enterprise Architecture and Threat Modelling. In the area of Enterprise Architecture (EA), he elaborates on EA modeling and the quality aspects of the modeling. In threat modeling, his research focuses on different aspects of the Meta Attack Language (MAL).

Enterprise Architecture

Simon's research activities related to EA started with his Ph.D. studies within the research project EARTh – Integrated Enterprise Architecture Roundtrip Approach. The project aimed to develop means that provided development projects with models stored in the central EA repository and play their changes back. This includes contributions to how this integration can be realized, how contradictory information coming from the projects could be handled, and how the thinking of continuous delivery can support the process.

To address the human aspects of modeling quality, Simon elaborated on the quality aspects of EA models. He developed an extension for the open-source tool Archi that helps the modeler avoid adding an existing element to the EA repository.

Another stream of research is related to using the EA model, such as using the model as input to determine a possible optimal state of the EA concerning different objectives (e.g., minimal coupling or cost optimality) while considering various constraints (e.g., different implementation costs for changes or budgets allocated to different departments). Alternatively, the models can be used for a security certification or as input for a security assessment.

The quality of the EA plays a crucial role in the organization, especially in digitization. In this regard, IT is often seen as a driver for the necessary innovation, but often the opposite is the case. More specifically, IT structures, as have the associated processes, have grown over decades. This means organizations are generally no longer sufficiently flexible when changing these structures. This turns out to be a challenge for the intended digitalization efforts of many organizations. The information about shortcomings in the organizational structures is known to the employees. Still, it is regularly only externalized when estimating project expenses for small changes, which often turn out to be unexpectedly large. This makes it difficult to steer the organization effectively in a desired direction.

The notion of EA Debt was proposed to address these challenges. It is an extension of the term Technical Debt from the field of software engineering to all layers of the EA so that organizational aspects are also considered. Originally, Technical Debt described qualitative disadvantages in designing and implementing technical elements. The idea is to develop EA Debts that can be used to identify patterns that impact digitization, whether negative or positive, to help the organization with the transformation.

So far, the efforts in the field of EA Debt can be mainly differentiated into two streams of work: (1) research related to the technical aspects of EA Debt and (2) the elaboration on the socio-technical aspects of EA Debt.

Most of the research has been published on the technical aspects of EA Debt. As such, Simon was involved in the definition of EA Smell, which provides measures for the symptoms of an EA Debt to make it visible, but also a prototype that was able to identify some of the smells in ArchiMate models. To further ease the identification of these smells, a tool was enhanced to identify EA Smells automatized in EA models and expanded the identification from ArchiMate models to any EA model with a graph-based representation.

A process was proposed to provide a frame for the presented technical measures. EA Debts are identified, collected, assessed, prioritized, removed, or actively monitored. To provide a means to identify EA Debts and EA Smells that cannot be detected by solely relying on EA models, a workshop format can be used in which stakeholders are brought together to discuss (1) the notion of EA Debt; (2) organizational issues that they encounter; (3) possible causes for these issues.

Threat Modeling

The Meta Attack Language (MAL) was proposed as a framework for developing Domain Specific Languages (DSLs) that can be used to assess IT infrastructures' cyber-security. Therefore, the MAL uses attack graph simulations based on system architecture models. Within the domain of MAL, Simon is involved in developing different languages, supporting the language developers, and increasing the quality of the created languages.

Simon was actively involved in the development of vehicleLang, which is a language to simulate attack vectors for modern vehicles, coreLang, which is a basic language that provides the fundamentals of IT systems, as well as powerLang, which is a language designed to analyze weaknesses in the power grid.

MAL has become more adopted, leading to more languages covering a broader spectrum of different domains developed by a wide range of people with different backgrounds and competencies. Thus, the quality of the developed languages varies heavily. To raise the quality of the developed languages, it is possible to write tests to ensure that the developed language behaves as intended. However, at the moment, the language developers write tests more ad hoc than structured. Therefore, an extension to JUnit allows us to assess different coverages on the tested threat models. Moreover, the first step was taken to achieve full coverage of the test cases systematically.

Secondly, patterns and concepts recur in the newly developed languages leading to the design of coreLang that covers assets of general purpose in the IT infrastructures. coreLang is, thus, intended to be a starting point for new languages so that the developers are not forced to reinvent the core constructs of the language every time. As such, the basic component for an ecosystem of MAL-based languages should guide the relations between languages covering different domains, such as office environments or industrial control systems.

Thirdly, every language developer follows their own experience and vision to develop a language. Therefore, a development process guides language developers through the different phases of language development: purpose definition, language design, and evaluation. An important challenge is determining the probability distributions that describe the expected time to compromise a single attack step. This can be provided by a systematic approach to collect the necessary data and distill it into probability distributions and another approach to include information on the security behavior of persons in organizations.

Lastly, the manual creation of the used threat models for attack simulations is error-prone. Therefore, one can reuse existing models in the organization. These models can be, for example, business process models or enterprise architecture models. Furthermore, one can combine threat and multi-level modeling to guide non-security experts in designing secure systems. Finally, it is important to analyze the business impact of the detected vulnerabilities of the system.

A selection from Stockholm University publication database

• Discovering and Assessing Enterprise Architecture Debts

  2023. Sara Daoudi (et al.). Complex Systems Informatics and Modeling Quarterly 2023 (35), 1-29

  Article

  The term Enterprise Architecture (EA) Debts has been coined to grasp the difference between the actual state of the EA and its hypothetical, optimal state. So far, different methods have been proposed to identify such EA Debts in organizations. However, these methods either are based on the transfer of known concepts from other domains to EA or are time and resource intensive. To overcome these shortcomings, we propose an approach that uses an interview format to identify EA Debts in enterprises and a method that allows a qualitative assessment of identified EA Debts. The proposed approach is supported by the designed framework that consists of an interview format and a process for determining thresholds of certain EA Smells.

  Read more about Discovering and Assessing Enterprise Architecture Debts

• The meta attack language - a formal description

  2023. Wojciech Wideł (et al.). Computers & security (Print) 130

  Article

  Nowadays, IT infrastructures are involved in making innumerable aspects of our lives convenient, startingwith water or energy distribution systems, and ending with e-commerce solutions and online bankingservices. In the worst case, cyberattacks on such infrastructures can paralyze whole states and lead tolosses in terms of both human lives and money.One of the approaches to increase security of IT infrastructures relies on modeling possible ways ofcompromising them by potential attackers. To facilitate creation and reusability of such models, domainspecific languages (DSLs) can be created. Ideally, a user will employ a DSL for modeling their infrastruc-ture of interest, with the domain-specific threats and attack logic being already encoded in the DSL bythe domain experts.The Meta Attack Language (MAL) has been introduced previously as a meta-DSL for development ofsecurity-oriented DSLs. In this work, we define formally the syntax and a semantics of MAL to ease acommon understanding of MAL’s functionalities and enable reference implementations on different tech-nical platforms. It’s applicability for modeling and analysis of security of IT infrastructures is illustratedwith an example.

  Read more about The meta attack language - a formal description

• Yet another cybersecurity risk assessment framework

  2023. Mathias Ekstedt (et al.). International Journal of Information Security 22 (4)

  Article

  IT systems pervade our society more and more, and we become heavily dependent on them. At the same time, these systems are increasingly targeted in cyberattacks, making us vulnerable. Enterprise and cybersecurity responsibles face the problem of defining techniques that raise the level of security. They need to decide which mechanism provides the most efficient defense with limited resources. Basically, the risks need to be assessed to determine the best cost-to-benefit ratio. One way to achieve this is through threat modeling; however, threat modeling is not commonly used in the enterprise IT risk domain. Furthermore, the existing threat modeling methods have shortcomings. This paper introduces a metamodel-based approach named Yet Another Cybersecurity Risk Assessment Framework (Yacraf). Yacraf aims to enable comprehensive risk assessment for organizations with more decision support. The paper includes a risk calculation formalization and also an example showing how an organization can use and benefit from Yacraf.

  Read more about Yet another cybersecurity risk assessment framework

Show all publications by Simon Hacks at Stockholm University