KTH Royal Institute of Technology – The biggest technical university of Sweden

KTH Royal Institute of Technology in Stockholm is the largest and oldest technical university in Sweden. No less than one-third of Sweden’s technical research and engineering education capacity at university level is provided by KTH. Education and research spans from natural sciences to all branches of engineering. Several national research centres are hosted by KTH. KTH is also a major partner in two out of three European Knowledge and Innovation Communities formed by EIT (European Institute of Innovation and Technology); InnoEnergy within the field sustainable energy and EIT ICT Labs within information and communication research. Five strategic multidisciplinary research platforms have been formed to further enhance KTH’s attraction as a major strategic research partner. KTH is an international university with many international researchers and students. KTH is a partner in international university networks such as CLUSTER and T.I.M.E.

SSAS – Software Systems Architecture and Security Research Group

At the Software Systems Architecture and Security group within the school of Electrical Engineering and Computer Science (EECS), we do research in two areas: software systems architecture and cyber security. These areas have their origins in the group’s long-time collaboration with developers and users of industrial control systems, in particular within electricity distribution and transmission. We conduct theoretical as well as applied research combining architecture modeling of software systems with novel approaches in cyber security analysis and statistical modeling. The results serve as decision support for engineers maintaining and designing information and control systems. The focus lately has mainly been on cyber security which in the most recent years have resulted in a number of publications and also a software tool (called the Cyber Security Modeling Language – CySeMoL), which is now being transferred into the commercial market by the KTH spin-off company foreseeti AB. CySeMoL has been tested at numerous industrial partners in both research projects and now also in consultancy projects with Foreseeti.

MAL – The Meta Attack Language

With the general digitalization of our society immensely complex IT-infrastructures are being formed. Obviously, ensuring that these infrastructures are resilient to cyber-attacks is vital for the wellbeing of our society. However, only to overlook this environment is challenging not to mention the understanding and assessing the cyber security posture of it.
In the domain of cyber security, threat modeling and attack simulations is an approach to assess the overall resilience of IT infrastructures. In brief, the idea is to simulate what different steps a potential attacker would need to take in order to reach a target. How difficult it would be to succeed with such attack activities depends on protection mechanisms in the system architecture and the skills of the attacker. In simulation-based threat modeling, this information is encoded in probabilistic (attack) graphs.
The Meta Attack Language (MAL) provides a framework to create domain-specific languages that express probabilistic attack graphs. The MAL provides a formalism that allows the semi-automated generation as well as the efficient computation of very large attack graphs. So far, different instantiations of MAL have been proposed like vehicleLang for the automotive domain or AWSlang for Amazon Webservices.

An excerpt of MAL code

epesLang – A domain specific threat modelling language for the EPES domain

Within the EnergyShield project, SSAS will together with foreseeti develop a threat modelling based language on basis of the MAL concept. This language will address the specific demands of the demonstrators in Italy and Bulgaria. Mainly, the epesLang brings together threat modelling capabilities for IT and OT. Thus, it combines coreLang, a language created to cover common aspects of IT related networks, and icsLang, a language that represents specific aspects of OT environments. Furthermore, we include also sclLang to ease the modelling of substations.
This is all showcased in the securiCAD tool of foreseeti based on the attack on the Ukrainian power grid from 2015, where an IT attack on the switched off light for about 225,000 people. The attack was characterized by its coordinated and targeted approach to the critical infrastructure power supply. The attack involved a total of seven substations with 110 kV and 23 substations with 35 kV over a period of three hours. Manual interventions were needed to return to normal operations.

Excerpt of a model created with epesLang A presentation showing epesLang

Leading communication and dissemination activities

Additionally to the activities related to the development of epesLang, KTH takes also responsibility for leading the communication and dissemination activities. This includes the creation of the related strategies and their monitoring, but also the production of a video presenting the project. Further, KTH maintains together with SIMAVI the twitter account, the website, and a LinkedIn group. Of course, KTH is also actively communicating, e.g. by publicizing scientific articles, participating in scientific and popular conferences, or teaching pupils cyber security.