Stockholm university

Simon HacksAssociate professor

About me

Simon Hacks is an associate professor at DSV, Stockholm University. His research interests lie in the quality of Enterprise Architecture (EA) and its models. Therefore, he has coined the term EA Debt as an extension of Technical Debt, which provides a holistic view of organizations beyond technical aspects. Moreover, he researches the reuse of different models for attack simulations. In line, he facilitates the Meta Attack Language (MAL) that allows providing domain-specific languages (DSL) tailored to the needs of different stakeholders. Finally, he aims to provide tooling around MAL to ensure the quality of the created MAL DSLs.

He received his Ph.D. in EA modeling from RWTH Aachen University, Germany, and supervised several theses related to EA and Threat Modeling/Attack simulations. His teaching covers Software Engineering, Enterprise Modeling, and Threat Modeling. Simon serves as PC in conferences such as ER - International Conference on Conceptual Modeling or EDOC – International Enterprise Computing Conference and is reviewing for Journals like EMISAJ – International Journal of Conceptual Modeling or SoSyM - International Journal on Software and Systems Modeling. He received his master’s degree in applied computer science from the Technical University Dortmund.

Research

Simon's past research activities can be divided into two main areas: Enterprise Architecture and Threat Modelling. In the area of Enterprise Architecture (EA), he elaborates on EA modeling and the quality aspects of the modeling. In threat modeling, his research focuses on different aspects of the Meta Attack Language (MAL).

Enterprise Architecture

Simon's research activities related to EA started with his Ph.D. studies within the research project EARTh – Integrated Enterprise Architecture Roundtrip Approach. The project aimed to develop means that provided development projects with models stored in the central EA repository and play their changes back. This includes contributions to how this integration can be realized, how contradictory information coming from the projects could be handled, and how the thinking of continuous delivery can support the process.

To address the human aspects of modeling quality, Simon elaborated on the quality aspects of EA models. He developed an extension for the open-source tool Archi that helps the modeler avoid adding an existing element to the EA repository.

Another stream of research is related to using the EA model, such as using the model as input to determine a possible optimal state of the EA concerning different objectives (e.g., minimal coupling or cost optimality) while considering various constraints (e.g., different implementation costs for changes or budgets allocated to different departments). Alternatively, the models can be used for a security certification or as input for a security assessment.

The quality of the EA plays a crucial role in the organization, especially in digitization. In this regard, IT is often seen as a driver for the necessary innovation, but often the opposite is the case. More specifically, IT structures, as have the associated processes, have grown over decades. This means organizations are generally no longer sufficiently flexible when changing these structures. This turns out to be a challenge for the intended digitalization efforts of many organizations. The information about shortcomings in the organizational structures is known to the employees. Still, it is regularly only externalized when estimating project expenses for small changes, which often turn out to be unexpectedly large. This makes it difficult to steer the organization effectively in a desired direction.

The notion of EA Debt was proposed to address these challenges. It is an extension of the term Technical Debt from the field of software engineering to all layers of the EA so that organizational aspects are also considered. Originally, Technical Debt described qualitative disadvantages in designing and implementing technical elements. The idea is to develop EA Debts that can be used to identify patterns that impact digitization, whether negative or positive, to help the organization with the transformation.

So far, the efforts in the field of EA Debt can be mainly differentiated into two streams of work: (1) research related to the technical aspects of EA Debt and (2) the elaboration on the socio-technical aspects of EA Debt.

Most of the research has been published on the technical aspects of EA Debt. As such, Simon was involved in the definition of EA Smell, which provides measures for the symptoms of an EA Debt to make it visible, but also a prototype that was able to identify some of the smells in ArchiMate models. To further ease the identification of these smells, a tool was enhanced to identify EA Smells automatized in EA models and expanded the identification from ArchiMate models to any EA model with a graph-based representation.

A process was proposed to provide a frame for the presented technical measures. EA Debts are identified, collected, assessed, prioritized, removed, or actively monitored. To provide a means to identify EA Debts and EA Smells that cannot be detected by solely relying on EA models, a workshop format can be used in which stakeholders are brought together to discuss (1) the notion of EA Debt; (2) organizational issues that they encounter; (3) possible causes for these issues.

Threat Modeling

The Meta Attack Language (MAL) was proposed as a framework for developing Domain Specific Languages (DSLs) that can be used to assess IT infrastructures' cyber-security. Therefore, the MAL uses attack graph simulations based on system architecture models. Within the domain of MAL, Simon is involved in developing different languages, supporting the language developers, and increasing the quality of the created languages.

Simon was actively involved in the development of vehicleLang, which is a language to simulate attack vectors for modern vehicles, coreLang, which is a basic language that provides the fundamentals of IT systems, as well as powerLang, which is a language designed to analyze weaknesses in the power grid.

MAL has become more adopted, leading to more languages covering a broader spectrum of different domains developed by a wide range of people with different backgrounds and competencies. Thus, the quality of the developed languages varies heavily. To raise the quality of the developed languages, it is possible to write tests to ensure that the developed language behaves as intended. However, at the moment, the language developers write tests more ad hoc than structured. Therefore, an extension to JUnit allows us to assess different coverages on the tested threat models. Moreover, the first step was taken to achieve full coverage of the test cases systematically.

Secondly, patterns and concepts recur in the newly developed languages leading to the design of coreLang that covers assets of general purpose in the IT infrastructures. coreLang is, thus, intended to be a starting point for new languages so that the developers are not forced to reinvent the core constructs of the language every time. As such, the basic component for an ecosystem of MAL-based languages should guide the relations between languages covering different domains, such as office environments or industrial control systems.

Thirdly, every language developer follows their own experience and vision to develop a language. Therefore, a development process guides language developers through the different phases of language development: purpose definition, language design, and evaluation. An important challenge is determining the probability distributions that describe the expected time to compromise a single attack step. This can be provided by a systematic approach to collect the necessary data and distill it into probability distributions and another approach to include information on the security behavior of persons in organizations.

Lastly, the manual creation of the used threat models for attack simulations is error-prone. Therefore, one can reuse existing models in the organization. These models can be, for example, business process models or enterprise architecture models. Furthermore, one can combine threat and multi-level modeling to guide non-security experts in designing secure systems. Finally, it is important to analyze the business impact of the detected vulnerabilities of the system.

Research projects

Publications

A complete list of publications can be found on my google scholar profile.

A selection from Stockholm University publication database

  • Discovering and Assessing Enterprise Architecture Debts

    2023. Sara Daoudi (et al.). Complex Systems Informatics and Modeling Quarterly 2023 (35), 1-29

    Article

    The term Enterprise Architecture (EA) Debts has been coined to grasp the difference between the actual state of the EA and its hypothetical, optimal state. So far, different methods have been proposed to identify such EA Debts in organizations. However, these methods either are based on the transfer of known concepts from other domains to EA or are time and resource intensive. To overcome these shortcomings, we propose an approach that uses an interview format to identify EA Debts in enterprises and a method that allows a qualitative assessment of identified EA Debts. The proposed approach is supported by the designed framework that consists of an interview format and a process for determining thresholds of certain EA Smells.

    Read more about Discovering and Assessing Enterprise Architecture Debts
  • The meta attack language - a formal description

    2023. Wojciech Wideł (et al.). Computers & security (Print) 130

    Article

    Nowadays, IT infrastructures are involved in making innumerable aspects of our lives convenient, startingwith water or energy distribution systems, and ending with e-commerce solutions and online bankingservices. In the worst case, cyberattacks on such infrastructures can paralyze whole states and lead tolosses in terms of both human lives and money.One of the approaches to increase security of IT infrastructures relies on modeling possible ways ofcompromising them by potential attackers. To facilitate creation and reusability of such models, domainspecific languages (DSLs) can be created. Ideally, a user will employ a DSL for modeling their infrastruc-ture of interest, with the domain-specific threats and attack logic being already encoded in the DSL bythe domain experts.The Meta Attack Language (MAL) has been introduced previously as a meta-DSL for development ofsecurity-oriented DSLs. In this work, we define formally the syntax and a semantics of MAL to ease acommon understanding of MAL’s functionalities and enable reference implementations on different tech-nical platforms. It’s applicability for modeling and analysis of security of IT infrastructures is illustratedwith an example.

    Read more about The meta attack language - a formal description
  • Yet another cybersecurity risk assessment framework

    2023. Mathias Ekstedt (et al.). International Journal of Information Security 22 (4)

    Article

    IT systems pervade our society more and more, and we become heavily dependent on them. At the same time, these systems are increasingly targeted in cyberattacks, making us vulnerable. Enterprise and cybersecurity responsibles face the problem of defining techniques that raise the level of security. They need to decide which mechanism provides the most efficient defense with limited resources. Basically, the risks need to be assessed to determine the best cost-to-benefit ratio. One way to achieve this is through threat modeling; however, threat modeling is not commonly used in the enterprise IT risk domain. Furthermore, the existing threat modeling methods have shortcomings. This paper introduces a metamodel-based approach named Yet Another Cybersecurity Risk Assessment Framework (Yacraf). Yacraf aims to enable comprehensive risk assessment for organizations with more decision support. The paper includes a risk calculation formalization and also an example showing how an organization can use and benefit from Yacraf.

    Read more about Yet another cybersecurity risk assessment framework
  • Development and validation of coreLang: A threat modeling language for the ICT domain

    2024. Sotirios Katsikeas (et al.). Computers & security (Print) 146

    Article

    ICT infrastructures are getting increasingly complex, and defending them against cyber attacks is cumbersome. As cyber threats continue to increase and expert resources are limited, organizations must find more efficient ways to evaluate their resilience and take proactive measures. Threat modeling is an excellent method of assessing the resilience of ICT systems, for example, by building Attack Graphs that illustrate an adversary’s attack vectors. Previously, the Meta Attack Language (MAL) was proposed, which serves as a framework to develop Domain Specific Languages (DSLs) and generate Attack Graphs for modeled infrastructures. coreLang is a MAL-based threat modeling language that utilizes Attack Graphs to enable attack simulations and security assessments. In this work, we present the first release version of coreLang in which MITRE ATT&CK tactics and techniques are mapped onto to serve as a validation and identify strengths and weaknesses to benefit the development cycle. Our validation showed that coreLang does cover 46% of all the techniques included in the matrix, while if we additionally exclude the tactics that are intrinsically not covered by coreLang and MAL, the coverage percentage increases to 64%.

    Read more about Development and validation of coreLang
  • A Multi-level Reference Model and a Dedicated Method for Cyber-Security by Design: On the Example of the Electricity Sector

    2024. Sybren de Kinderen, Monika Kaczmarek-Heß, Simon Hacks. Business & Information Systems Engineering

    Article

    The increased reliance of organizations on information technology inherently increases their vulnerability to cyber-security attacks. As a response, a host of cyber-security approaches exists. While useful, these approaches exhibit shortcomings such as an inclination to be fragmented, not accounting for up-to-date organizational data, focusing on singular vulnerabilities only, and being reactive, i.e., focusing on patching up vulnerabilities in current systems. The paper presents and evaluates a modeling method aiming to address those shortcomings and to support security by design with a focus on the electricity sector. The proposed modeling method encompasses a multi-level reference model reconstructing and integrating existing initiatives and supporting top-down and bottom-up analyses. Compared to earlier work, the paper contributes (1) a process model for cyber-security by design, which proactively considers security as a first-class citizen during the design process, (2) a complete coverage of the multi-level model, in terms of three views complementing the introduced process model, (3) an elaborated evaluation, in terms of reporting on an additional design science cycle.

    Read more about A Multi-level Reference Model and a Dedicated Method for Cyber-Security by Design

Show all publications by Simon Hacks at Stockholm University