Automated architecture modeling for enterprise technology manageme using principles from data fusion: A security analysis case

Architecture models are used in enterprise management for decision support. These decisions range from designing processes to planning for the appropriate supporting technology. It is unreasonable for an existing enterprise to completely reinvent itself. Incremental changes are in most cases a more resource efficient tactic. Thus, for planning organizational changes, models of the current practices and systems need to be created. For mid-sized to large organizations this can be an enormous task when executed manually. Fortunately, there's a lot of data available from different sources within an enterprise that can be used for populating such models. The data are however almost always heterogeneous and usually only representing fragmented views of certain aspects. In order to merge such data and obtaining a unified view of the enterprise a suitable methodology is needed. In this paper we address this problem of creating enterprise architecture models from heterogeneous data. The paper proposes a novel approach that combines methods from the fields of data fusion and data warehousing. The approach is tested using a modeling language focusing on cyber security analysis in a study of a lab setup mirroring a small power utility's IT environment.

[1]  Mathias Ekstedt,et al.  The Cyber Security Modeling Language: A Tool for Assessing the Vulnerability of Enterprise System Architectures , 2013, IEEE Systems Journal.

[2]  André Vasconcelos,et al.  IT Architecture automatic verification: A network evidence-based approach , 2010, 2010 Fourth International Conference on Research Challenges in Information Science (RCIS).

[3]  Alan N. Steinberg,et al.  Situation and context in data fusion and natural language understanding , 2008, 2008 11th International Conference on Information Fusion.

[4]  Robert Lagerström,et al.  A Bayesian network for IT governance performance prediction , 2008, ICEC.

[5]  Ruth Breu,et al.  A situational method for semi-automated Enterprise Architecture Documentation , 2014, Software & Systems Modeling.

[6]  Robert Lagerström,et al.  Architecture analysis of enterprise systems modifiability - Models, analysis, and validation , 2010, J. Syst. Softw..

[7]  Markus Buschle,et al.  Automatic data collection for enterprise architecture models , 2012, Software & Systems Modeling.

[8]  Erik Blasch,et al.  Revisiting the JDL model for information exploitation , 2013, Proceedings of the 16th International Conference on Information Fusion.

[9]  Khurram Shahzad,et al.  A Tool for Automatic Enterprise Architecture Modeling , 2011, CAiSE Forum.

[10]  Ruth Breu,et al.  On Enterprise Architecture Change Events , 2012, TEAR/PRET.

[11]  Ulrik Franke,et al.  An architecture framework for enterprise IT service availability analysis , 2014, Software & Systems Modeling.

[12]  Robert Lagerström,et al.  A Framework for Service Interoperability Analysis using Enterprise Architecture Models , 2008, 2008 IEEE International Conference on Services Computing.

[13]  Khurram Shahzad,et al.  An architecture modeling framework for probabilistic prediction , 2014, Information Systems and e-Business Management.

[14]  Mathias Ekstedt,et al.  A Requirements Based Approach for Automating Enterprise IT Architecture Modeling Using Multiple Data Sources , 2015, 2015 IEEE 19th International Enterprise Distributed Object Computing Workshop.

[15]  Erhard Rahm,et al.  Data Cleaning: Problems and Current Approaches , 2000, IEEE Data Eng. Bull..

[16]  Ulrik Franke,et al.  Cyber situational awareness - A systematic review of the literature , 2014, Comput. Secur..

[17]  Matthias Brückmann,et al.  Some Process Patterns for Enterprise Architecture Management , 2009, Software Engineering.

[18]  Khurram Shahzad,et al.  P2CySeMoL: Predictive, Probabilistic Cyber Security Modeling Language , 2015, IEEE Trans. Dependable Secur. Comput..

[19]  Markus Buschle,et al.  Enterprise architecture availability analysis using fault trees and stakeholder interviews , 2014, Enterp. Inf. Syst..

[20]  Ruth Breu,et al.  Requirements for Automated Enterprise Architecture Model Maintenance - A Requirements Analysis based on a Literature Review and an Exploratory Survey , 2011, ICEIS.

[21]  Mathias Ekstedt,et al.  Effort Estimates for Vulnerability Discovery Projects , 2012, 2012 45th Hawaii International Conference on System Sciences.

[22]  A. N. Steinberg Data fusion system engineering , 2001 .

[23]  Ruth Breu,et al.  Enterprise Architecture Documentation: Empirical Analysis of Information Sources for Automation , 2013, 2013 46th Hawaii International Conference on System Sciences.

[24]  Florian Matthes,et al.  Automating Enterprise Architecture Documentation using an Enterprise Service Bus , 2012, AMCIS.

[25]  Ruth Breu,et al.  A Meta-Model for Automated Enterprise Architecture Model Maintenance , 2012, 2012 IEEE 16th International Enterprise Distributed Object Computing Conference.