Visible to the public Re-Using Enterprise Architecture Repositories for Agile Threat Modeling

TitleRe-Using Enterprise Architecture Repositories for Agile Threat Modeling
Publication TypeConference Paper
Year of Publication2019
AuthorsXiong, Wenjun, Carlsson, Per, Lagerström, Robert
Conference Name2019 IEEE 23rd International Enterprise Distributed Object Computing Workshop (EDOCW)
ISBN Number978-1-7281-4598-3
KeywordsAgile development, design structure matrix, Enterprise Architecture, Measurement, Metrics, privacy, pubcrawl, threat modeling, threat vectors

Digitization has increased exposure and opened up for more cyber threats and attacks. To proactively handle this issue, enterprise modeling needs to include threat management during the design phase that considers antagonists, attack vectors, and damage domains. Agile methods are commonly adopted to efficiently develop and manage software and systems. This paper proposes to use an enterprise architecture repository to analyze not only shipped components but the overall architecture, to improve the traditional designs represented by legacy systems in the situated IT-landscape. It shows how the hidden structure method (with Design Structure Matrices) can be used to evaluate the enterprise architecture, and how it can contribute to agile development. Our case study uses an architectural descriptive language called ArchiMate for architecture modeling and shows how to predict the ripple effect in a damaging domain if an attacker's malicious components are operating within the network.

Citation Keyxiong_re-using_2019