Secure introduction for enterprise secrets : An evaluation framework

Weltman, Ulf

January 2021

A dependency on secrets is inherent in most IT systems, especially as they become increasingly complex and interdependent. Vast amounts of research have explored how to protect the confidentiality, integrity and authenticity of secrets through means such as encryption and authentication. These means are in themselves supported by secrets, and introducing those secrets is an area that has seen less exploration. Secrets are protected by secrets, and the secret at the top needs to be provided by one of the numerous methods with various advantages and disadvantages. This work follows a design science research approach to design a framework for comparing those methods of secure introduction, demonstrated through scenarios and practical exercises.

Secure introduction

enterprise

secrets

framework

design science research

Information Systems, Social aspects

A framework to implement delegation in offline PACS : A strategy to restrict user’s path

Bharath, Tati

January 2013

Physical access control systems (PACS) deal with the security of the availability of resources. They work as an alternative to traditional manual security access control. Access control has two variants, the logical which deals with computer environments and the physical which deals with the physical entry into a property or warehouses. However, offline physical access control systems cannot enforce the user’s path making it unsuitable for use in classified areas, such as places where the public is restricted. Therefore, offline PACS need a framework that can delegate the authority to enforce the user’s path. This is satisfactorily met in the presented research with a new design of offline PACS that has the capability to implement delegation. This framework allows the locks to dynamically write and read access policies onto and from a smart card. It works by means of a construct called “Path Array” and communication among different entities occurs via a chain of trust formed with the use of pre-shared keys.

smart card authentication

offline physical access control

delegation

shared secret keys

design science

Engineering and Technology

Teknik och teknologier

FROM SOCIETAL TO ORGANISATIONAL CULTURE : THE IMPACT ON BUSINESS-IT ALIGNMENT

El-Mekawy, Mohamed Sobaih

January 2012

Business-IT alignment (BITA) has clearly become more important over the last decade. However, considerable difficulties remain when attempting to achieve a mature level of BITA. Therefore, research efforts which have resulted in a number of theoretical models have been able to help in devising and applying supportive tools for assessing different components of BITA. However, most of these efforts have either been produced in Anglo-Saxon countries or have been based on specific experiences in those countries. Consequently, they have tended to ignore a number of factors which differ in nature due to variations in cultural contexts. However, organisational culture has been given little consideration. Societal and organisational cultural aspects of BITA are particularly important because the majority of BITA models tend to focus more on the efficiency and effectiveness of BITA components rather than on trying to create ways in which how BITA can be achieved or maintained in different contexts. Therefore, the purpose of this thesis is to investigate the impact of societal and organisational culture on achieving BITA and influencing its maturity. The main result is an extended BITA model developed originally by Luftman, known as; Luftman’s Strategic Alignment Maturity Model (SAM), which is influenced by the organisational culture perspective. The research method and process advocated by Peffers et al. (2007) is used in the thesis to design the extended-SAM, consisting of six activities. The first of these activities involves identifying specific problems. This is achieved by an extensive literature survey of theories related to BITA, an explorative study of the impact of organisational culture on BITA and a classification of the general limitations of BITA. The second activity concerns the requirement for definitions of the designed artifact. The third activity is then specified in terms of designing the artifact; i.e. an extended-SAM. The design is based on constructed hypotheses of the potential impact of organisational culture elements (based on Smit et al.’s model (2008) on BITA attributes (based on SAM), and followed by an empirical study of 6 multinational organisations, for testing the hypotheses. Following that, in the fourth activity, various processes for extending SAM are demonstrated in different seminars within the IT management group at DSV, in conference papers and in different seminars of the Swedish research School of Management and Information Technology (MIT) (Forskarskolan Management och IT. In the fifth activity, the extended-SAM model is evaluated in 5 multinational organisations to test its practicality and utility. In the last activity, a journal paper (Paper III in the thesis) is presented to summarise all the processes. The communication is also carried out through pre-licentiate and the licentiate seminars. The extended-SAM shows in the result of the thesis that organisational culture is a clear factor that should be considered while assessing and studying BITA maturity. In addition, by considering organisational culture, assessing BITA is clearly shown as being more accurate and as reflecting a more detailed picture of the organisation’s BITA.

Business-IT alignment

Organisational culture

Strategic alignment maturity model

Design science research.

Computer and Information Sciences

Data- och informationsvetenskap

Development of a Client-Side Evil Twin Attack Detection System for Public Wi-Fi Hotspots based on Design Science Approach

Horne, Liliana R.

01 January 2018

Users and providers benefit considerably from public Wi-Fi hotspots. Users receive wireless Internet access and providers draw new prospective customers. While users are able to enjoy the ease of Wi-Fi Internet hotspot networks in public more conveniently, they are more susceptible to a particular type of fraud and identify theft, referred to as evil twin attack (ETA). Through setting up an ETA, an attacker can intercept sensitive data such as passwords or credit card information by snooping into the communication links. Since the objective of free open (unencrypted) public Wi-Fi hotspots is to provide ease of accessibility and to entice customers, no security mechanisms are in place. The public’s lack of awareness of the security threat posed by free open public Wi-Fi hotspots makes this problem even more heinous. Client-side systems to help wireless users detect and protect themselves from evil twin attacks in public Wi-Fi hotspots are in great need. In this dissertation report, the author explored the problem of the need for client-side detection systems that will allow wireless users to help protect their data from evil twin attacks while using free open public Wi-Fi. The client-side evil twin attack detection system constructed as part of this dissertation linked the gap between the need for wireless security in free open public Wi-Fi hotspots and limitations in existing client-side evil twin attack detection solutions. Based on design science research (DSR) literature, Hevner’s seven guidelines of DSR, Peffer’s design science research methodology (DSRM), Gregor’s IS design theory, and Hossen & Wenyuan’s (2014) study evaluation methodology, the author developed design principles, procedures and specifications to guide the construction, implementation, and evaluation of a prototype client-side evil twin attack detection artifact. The client-side evil twin attack detection system was evaluated in a hotel public Wi-Fi environment. The goal of this research was to develop a more effective, efficient, and practical client-side detection system for wireless users to independently detect and protect themselves from mobile evil twin attacks while using free open public Wi-Fi hotspots. The experimental results showed that client-side evil twin attack detection system can effectively detect and protect users from mobile evil twin AP attacks in public Wi-Fi hotspots in various real-world scenarios despite time delay caused by many factors.

design science research

evil twin attack

public Wi-Fi hotspots

wireless security

Computer Sciences

Strategic Service Innovation: A Human-Centered Mixed-Methods Approach

Krüger, Nicolai

12 January 2022

Increasing socio-technological complexity and ongoing environmental and social changes make it difficult to choose suitable approaches in today's innovation endeavors. Explorative and agile methods are increasingly used to reach out for disruptive innovations under uncertainty. However, feasibility of pioneering projects in business-critical contexts faces limitations in regulated branches. This doctoral thesis aims at contributing to service innovation research using a mixed-methods approach, being applied to several domains. Strategic Service Innovation (SSI) aspires to create novel digital service concepts ranging from radical technical innovations to business model pivoting.

Human-Centered Design

Innovation management

Digital Transformation

Business Model Innovation

Technology Acceptance

Design science

User experience design

Prototyping

ddc:004

Balancing Interoperability and Data Sensitivity: A Design Science approach to building a zero-knowledge API for Healthcare Data

Gunawardana, Suranga Ruwan Sampath

January 2023

The aim of the study was to develop a platform to monitor and evaluate care homes using heterogeneous data sources for a French startup company. The study found that there was no current system to supervise healthcare resources in these facilities with live data. To address this, a digital platform was proposed that would integrate information from various sources, including IoT devices, existing software systems and digital documents. The proposed platform, which would be built from scratch, includes a data collection and processing system, and a blockchain to store the processed data. The platform would also include a dashboard with features, Key Performance Indicators (KPIs), and graphs for stakeholders to access.   The research would focus on the first two objectives of the proposed platform, which are design a platform for real time access to heterogeneous data sources and generate derivative dataset (generate transformed data set from the primary raw data set) with access but not visibility of the accessible zero knowledge heterogeneous data in secured way. Zero knowledge refers to fetching data from primary data sources and present it to users of in another format which can be understand easily, while hiding actual data and transforming mechanism (Goldreich, 2004). The proposed solution should be versatile and extensible to incorporate additional data sources and generate derivative datasets in a scalable manner. The study concludes that utilizing the Design Science Research Methodology (DSRM) to investigate and identify an ideal solution to the research topics is both challenging and stimulating. Additionally, the findings can be applied by other researchers working in related fields.   In summary, the proposed solution involves the development of a digital platform based on information system theories and technologies that will enrich the area of Information Systems for similar problems. The thesis will evaluate existing research on these theories and technologies and recommend the best solution by integrating the most suitable set of theories and technologies for the given problem. This will provide a practical solution for the immediate needs of the startup company and contribute to future research on similar problems.

Application Programming Interfaces (API)

Interoperability

Platform

Health care Context

Information Systems

Utveckling och utvärdering av ett adminverktyg i e-handelsplattformen Litium / Development and Evaluation of an Admin Tool in the E-commerce Platform Litium

Gustavsson, Cristoffer

January 2023

I takt med att användandet av e-handelsplattformar växer tillkommer även högre krav på att underhållsjobb, till exempel generera filer och rensa loggar, förvaltas effektivt. Motillo, ett karlstadbaserat konsultföretag inriktade på e-handel och digitala affärer, använder e- handelsplattformen Litium. Underhållsjobb, som idag finns specifikt för jobb i Litium, måste i dagsläget hanteras genom en konfigurationsfil, vilket kan vara tidskrävande. Motillo vill kunna konfigurera och monitorera dessa underhållsjobb direkt i Litiums administratörsvy, back-office. Syftet med denna studie har för författaren varit att utveckla och utvärdera ett adminverktyg i Litiums back-office baserat på en kravställning som upprättats av uppdragsgivaren Motillo. Det utvecklade adminverktyget skulle öka möjligheten och insikten att konfigurera och monitorera underhållsjobb. Studien låg även till grund för de med intresse av att implementera en likande lösning som det utvecklade adminverktyget. För att utveckla adminverktyget tillämpades olika tekniker som innefattade bland annat ramverken React och ASP.NET Core MVC, olika verktyg för versionshantering och pakethantering, samt utveckling efter den agila arbetsmetoden Scrum. Metoder som MoSCoW, Think-aloud, expertutvärderingar, beta-tester samt ett användar-acceptanstest, i form av en semi-strukturerad intervju, tillämpades och genomfördes för att utvärdera det utvecklade adminverktyget mot slutanvändaren. Insamlad data i studien har varit av kvalitativ karaktär. Studien har även inspirerats av Design Science Research där författaren använt den som övergripande metod där övriga metoder mer konkret tillfogats.  Det utvecklade verktyget utvärderades mot den upprättade kravställningen, där endast funktionella krav utvärderades, samt uppfattningar om verktyget och dess potentiella förbättringsåtgärder. Slutanvändaren uppfattade artefakten som bra och de var, baserat på kravställningen, nöjda med resultatet av det utvecklade adminverktyget. Slutanvändaren uppfattade dock att det fanns förbättringspotential och vidareutvecklingsmöjligheter, som bland annat innefattade krav med lägre prioritet som inte genomförts. Dessa krav var krav som prioriterats W, på MoSCoW-skalan, alltså krav som var önskade men som inte kom att genomföras. Författaren kunde lista tre vidareutvecklingsförslag som var Ändra exekveringsintervaller i adminpanelen, Möjlighet att avbryta ett jobb från att vidare exekvera och Visa status för jobbet. Från resultatet kunde författaren även identifiera förbättringar för att öka spårbarheten av loggar, genom ytterligare filtreringsmöjligheter, samt en tydligare presentation av jobbstatus i form av en progress-bar. Författaren rekommenderar även att vidare undersökning om adminverktyget, gällande icke-funktionella krav samt det grafiska användargränssnittet, bör genomföras.

Litium

Design Science Research

Artefakt

Utveckling

Utvärdering

C#

React

Information Systems, Social aspects

Utveckling och utvärdering av en automatiseringslösning hos Etteplan : En lösning på ett repetitivt arbetsmoment / Development and evaluation of an automation solution at Etteplan : A solution to a repetitive task

Fernström, Albin

January 2023

Allt fler företag letar efter effektiva sätt att utföra repetitiva uppgifter. Författaren kom i kontakt med företaget Etteplan, som manuellt granskar olika handlingar (dokument) för att hitta och notera eventuella felaktigheter. Uppdraget författaren fick av Etteplan bestod av att implementera en automatiseringslösning som automatiskt granskar dessa handlingar och identifierar eventuella felaktigheter i handlingens tabellhuvud, som sedan presenteras i en Excel-fil. Dessa felaktigheter kan vara att de olika fälten har fel format eller att fälten är tomma.Författarens syfte var att utveckla och utvärdera denna automatiseringslösning och ta reda på hur automatiseringslösningen mottogs av Etteplan, samt vilka förbättringsförslag som framkom. För att utveckla automatiseringslösningen har flera tekniker använts, som till exempel programmeringsspråket Python, OCR-verktyget PyTesseract och datorseende-biblioteket OpenCV. Automatiseringslösningen utvecklades och utvärderades iterativt med stöd av Design Science Research tillsammans med enhetstester, acceptanstester, ”tänka högt”-sessioner och semi-strukturerade intervjuer, där automatiseringslösningen testades av slutanvändaren på Etteplan. Under utvärderingssessionerna framkom bland annat uppfattningar om lösningens funktionalitet, utseende och layout samt förbättringsförslag. Studiens resultat indikerar att automatiseringslösningen uppfattades som positiv av slutanvändarna samt att den kan skapa mervärde på Etteplan. Ett flertal förbättringsförslag framkom, exempelvis att Excel-rapportens utformning kan förbättras. Det framkom även önskemål om ny funktionalitet, exempelvis att fler filformat skulle gå att granska, så som TIFF- och DWG-filer.

Automatisering

Python

OCR

Design Science Research

utvärdering

dokumentgranskning

Information Systems, Social aspects

Augmented and Virtual Reality Technologies in the Future of Work: User Preferences and Design Principles

Schuir, Julian

26 August 2022

Immersive technologies, including augmented reality (AR) and virtual reality (VR), are envisioned to become ubiquitous in future work environments. The implementation of both technologies is associated with versatile benefits, such as decreased costs, reduced physical risks, increased employee self-satisfaction, and lower resource consumption. Despite these potential benefits, the organizational diffusion of immersive technologies faces myriad challenges. For instance, usability problems along with privacy concerns have introduced technology acceptance issues. Addressing these challenges, this cumulative dissertation explores the design, application, and implications of AR and VR systems in the workplace by employing a mixed-methods approach. The contribution of this research is threefold. First, this dissertation provides descriptive insights into user preferences for immersive technologies to inform user-centered design considerations. Second, this dissertation presents design principles to guide the development of four information technology artifacts. Two of these artifacts enable VR-based collaboration in the fields of design thinking and process modeling, while the remaining two artifacts leverage AR to facilitate the crowdsourcing of human intelligence tasks and to support students in distance learning settings. Third, this dissertation develops an e³-value model for the AR and VR business ecosystem to illustrate how technology providers can transform such artifacts into economic value. Taken together, these insights improve understanding the sociotechnical interplay between humans, tasks, and immersive technologies, as well as its economic implications.

Augmented Reality

Virtual Reality

Future of Work

Design Science Research

User Preferences

Design Principles

ddc:650

Making a common graphical language for the validation of linked data. / Skapandet av ett generiskt grafiskt språk för validering av länkad data.

Echegaray, Daniel

January 2017

A variety of embedded systems is used within the design and the construction of trucks within Scania. Because of their heterogeneity and complexity, such systems require the use of many software tools to support embedded systems development. These tools need to form a well-integrated and effective development environment, in order to ensure that product data is consistent and correct across the developing organisation. A prototype is under development which adapts a linked data approach for data integration, more specifically this prototype adapt the Open Services for Lifecycle Collaboration(OSLC) specification for data-integration. The prototype allows users, to design OSLC-interfaces between product management tools and OSLC-links between their data. The user is further allowed to apply constraints on the data conforming to the OSLC validation language Resource Shapes(ReSh). The problem lies in the prototype conforming only to the language of Resource Shapes whose constraints are often too coarse-grained for Scania’s needs, and that there exists no standardised language for the validation of linked data. Thus, for framing this study two research questions was formulated (1) How can a common graphical language be created for supporting all validation technologies of RDF-data? and (2) How can this graphical language support the automatic generation of RDF-graphs? A case study is conducted where the specific case consists of a software tool named SESAMM-tool at Scania. The case study included a constraint language comparison and a prototype extension. Furthermore, a design science research strategy is followed, where an effective artefact was searched for answering the stated research questions. Design science promotes an iterative process including implementation and evaluation. Data has been empirically collected in an iterative development process and evaluated using the methods of informed argument and controlled experiment, respectively, for the constraint language comparison and the extension of the prototype. Two constraint languages were investigated Shapes Constraint Language (SHACL) and Shapes Expression (ShEx). The result of the constraint language comparison concluded SHACL as the constraint language with a larger domain of constraints having finer-grained constraints also with the possibility of defining new constraints. This was based on that SHACL constraints was measured to cover 89.5% of ShEx constraints and 67.8% for the converse. The SHACL and ShEx coverage on ReSh property constraints was measured to 75% and 50%. SHACL was recommended and chosen for extending the prototype. On extending the prototype abstract super classes was introduced into the underlying data model. Constraint language classes were stated as subclasses. SHACL was additionally stated as such a subclass. This design offered an increased code reuse within the prototype but gave rise to issues relating to the plug-in technologies that the prototype is based upon. The current solution still has the issue that properties of one constraint language may be added to classes of another constraint language. / En mängd olika inbyggda system används inom design och konstruktion av lastbilar inom Scania. På grund av deras heterogenitet och komplexitet kräver sådana system användningen av många mjukvaruverktyg för att stödja inbyggd systemutveckling. Dessa verktyg måste bilda en välintegrerad och effektiv utvecklingsmiljö för att säkerställa att produktdata är konsekventa och korrekta över utvecklingsorganisationen.En prototyp håller på att utvecklas som anpassar en länkad datainriktning för dataintegration, mer specifikt anpassar denna prototyp en dataintegration specifikation utvecklad av Open Services for Lifecycle Collaboration(OSLC). Prototypen tillåter användare att utforma OSLC-gränssnitt mellan produkthanteringsverktyg och OSLC-länkar mellan deras data. Användaren får vidare tillämpa begränsningar på de data som överensstämmer med OSLC-valideringsspråket Resource Shapes. Problemet ligger i prototypen som endast överensstämmer med Resource Shapes, vars begränsningar ofta är för grova för Scanias behov och att det inte finns något standardiserat språk för validering av länkad data. Således, för att utforma denna studie formulerades två forskningsfrågor (1) Hur kan ett gemensamt grafiskt språk skapas för att stödja alla valideringsteknologier av RDF-data? och (2) Hur kan detta grafiska språk stödja Automatisk generering av RDF-grafer? En fallstudie genomförs där det specifika fallet består av ett mjukvaruverktyg som heter SESAMM-tool hos Scania. Fallstudien innehöll en jämförelse av valideringsspråk och vidareutveckling av prototypen. Vidare följs Design Science som forskningsstrategi där en effektiv artefakt sökts för att svara på de angivna forskningsfrågorna. Design Science främjar en iterativ process inklusive genomförande och utvärdering. Data har empiriskt samlats på ett iterativt sätt och utvärderats med hjälp av utvärderingsmetoderna informerat argument och kontrollerat experiment, för valideringsspråkjämförelsen och vidareutvecklingen av prototypen. Två valideringsspråk undersöktes Shapes Constraint Language (SHACL) och Shapes Expression (ShEx).Resultatet av valideringsspråksjämförelsen konkluderade SHACL som valideringsspråket med en större domän av begränsningar, mer finkorniga begränsningar och med möjligheten att definiera nya begränsningar. Detta var baserat på att SHACL-begränsningarna uppmättes täcka 89,5 % av ShEx-begränsningarna och 67,8 % för det omvända. SHACL- och ShEx-täckningen för Resource Shapes-egenskapsbegränsningar mättes till 75 % respektive 50 %. SHACL rekommenderades och valdes för att vidareutveckla prototypen.Vid vidareutveckling av prototypen infördes abstrakta superklasser i den underliggande datamodellen. Superklasserna tog i huvudsak rollen som tidigare klasser för valideringsspråk, som istället utgjordes som underklasser. SHACL anges som en sådan underklass. Denna design erbjöd hög kodåteranvändning inom prototypen men gav också upphov till problem som relaterade till plugin-teknologier som prototypen bygger på. Den nuvarande lösningen har fortfarande problemet att egenskaper hos ett valideringsspråk kan läggas till klasser av ett annat valideringsspråk.

Linked data

constraint language

SHACL

ShEx

Shapes constraint language

Shape expression

Lyo

toolchain

design science

Computer Sciences

Datavetenskap (datalogi)