Re-Using Enterprise Architecture Repositories for Agile Threat Modeling
Title | Re-Using Enterprise Architecture Repositories for Agile Threat Modeling |
Publication Type | Conference Paper |
Year of Publication | 2019 |
Authors | Xiong, Wenjun, Carlsson, Per, Lagerström, Robert |
Conference Name | 2019 IEEE 23rd International Enterprise Distributed Object Computing Workshop (EDOCW) |
ISBN Number | 978-1-7281-4598-3 |
Keywords | Agile development, design structure matrix, Enterprise Architecture, Measurement, Metrics, privacy, pubcrawl, threat modeling, threat vectors |
Abstract | Digitization has increased exposure and opened up for more cyber threats and attacks. To proactively handle this issue, enterprise modeling needs to include threat management during the design phase that considers antagonists, attack vectors, and damage domains. Agile methods are commonly adopted to efficiently develop and manage software and systems. This paper proposes to use an enterprise architecture repository to analyze not only shipped components but the overall architecture, to improve the traditional designs represented by legacy systems in the situated IT-landscape. It shows how the hidden structure method (with Design Structure Matrices) can be used to evaluate the enterprise architecture, and how it can contribute to agile development. Our case study uses an architectural descriptive language called ArchiMate for architecture modeling and shows how to predict the ripple effect in a damaging domain if an attacker's malicious components are operating within the network. |
URL | https://ieeexplore.ieee.org/document/8907343 |
DOI | 10.1109/EDOCW.2019.00031 |
Citation Key | xiong_re-using_2019 |