Blar i SINTEF Open på forfatter "Stølen, Ketil"
-
A case-based assessment of the FLUIDE framework for specifying emergency response user interfaces
Nilsson, Erik Gøsta; Stølen, Ketil (Chapter, 2016) -
A Case-based Assessment of the FLUIDE Framework for Specifying Emergency Response User Interfaces
Nilsson, Erik Gøsta; Stølen, Ketil (SINTEF Rapport;, Research report, 2016)In this report, we present the results from assessing the FLUIDE Framework for model-based specification of user interfaces supporting emergency responders. First, we outline the special challenges faced when developing ... -
A feasibility study in model based prediction of impact of changes on system quality
Omerovic, Aida; Andresen, Anette; Grindheim, Håvard; Myrseth, Per; Refsdal, Atle; Stølen, Ketil; Ølnes, Jon (Research report, 2010)We propose a method, called PREDIQT, for model based prediction of impact of architecture design changes on system quality attributes. PREDIQT supports simultaneous analysis of several quality attributes and their trade-offs. ... -
A feasibility study in model based prediction of impact of changes on system quality
Omerovic, Aida; Andresen, Anette; Grindheim, Håvard; Myrseth, Per; Refsdal, Atle; Stølen, Ketil; Ølnes, Jon (Research report, 2010)We propose a method, called PREDIQT, for model based prediction of impact of architecture design changes on system quality attributes. PREDIQT supports simultaneous analysis of several quality attributes and their trade-offs. ... -
A Method for Model-Driven Information Flow Security
Seehusen, Fredrik; Stølen, Ketil (Research report, 2009)We present a method for software development in which information flow security is taken into consideration from start to finish. Initially, the user of the method (i.e., a software developer) specifies the ... -
A modular approach to the modelling and analysis of risk scenarios with mutual depenencies
Brændeland, Gyrd; Dahl, Heidi Elisabeth Iuell; Stølen, Ketil (Research report, 2008)This report describes a modular approach to the modelling and analysis of risk scenarios with mutual dependencies. The presented approach may be used to deduce the risk-level of an overall system from previous risk analyses ... -
A Systematic Method for Risk-driven Test Case Design Using Annotated Sequence Diagrams
Erdogan, Gencer; Refsdal, Atle; Stølen, Ketil (SINTEF Rapport;, Research report, 2014)Risk-driven testing is a testing approach that aims at focusing the testing on the aspects or features of the system under test that are most exposed to risk. Current risk-driven testing approaches succeed in identifying ... -
A Systematic Method for Risk-Driven Test Case Design Using Annotated Sequence Diagrams
Erdogan, Gencer; Refsdal, Atle; Stølen, Ketil (Chapter, 2014)Risk-driven testing is a testing approach that aims at focusing the testing process on the aspects or features of the system under test that are most exposed to risk. Current risk-driven testing approaches succeed in ... -
A Transformational Approach to Facilitate Monitoring of High Level Policies
Seehusen, Fredrik; Lund, Mass Soldal; Stølen, Ketil (Research report, 2009)We present a method for specifying high level security policies that can be enforced by runtime monitoring mechanisms. The method has three main steps: (1) the user of our method formalizes a set of policy rules using UML ... -
Ad Hoc Networks and Mobile Devices in Emergency Response – A Perfect Match?
Nilsson, Erik Gøsta; Stølen, Ketil (Journal article; Peer reviewed, 2010)In this paper we use findings from three empirical studies to analyze how the use of wireless ad hoc networks as part of an ICT solution for emergency response imposes requirements to the user interface of these solutions. ... -
An Approach to Select Cost-Effective Risk Countermeasures Exemplified in CORAS
Tran, Le Minh Sang; Solhaug, Bjørnar; Stølen, Ketil (SINTEF Rapport;, Research report, 2013)Security risk analysis should be conducted regularly for organizations to maintain an acceptable level of security. In principle, all risks that are unacceptable according to the predefined criteria should be mitigated. ... -
Assessing the Usefulness of Testing for Validating the Correctness of Security Risk Models Based on an Industrial Case Study
Erdogan, Gencer; Seehusen, Fredrik; Stølen, Ketil; Aagedal, Jan Øyvind (SINTEF Rapport;, Research report, 2014)We present the results of an evaluation in which the objective was to assess how useful testing is for validating and gaining confidence in the correctness of security risk models. The evaluation is based on a case study ... -
Compositional Refinement of Policies in UML – Exemplified for Access Control
Solhaug, Bjørnar; Stølen, Ketil (Research report, 2009)The UML is the de facto standard for system specification, but offers little specialized support for the specification and analysis of policies. This paper presents Deontic STAIRS, an extension of the UML sequence diagram ... -
Conceptual Framework for the DIAMONDS Project
Erdogan, Gencer; Li, Yan; Runde, Ragnhild Kobro; Seehusen, Fredrik; Stølen, Ketil (SINTEF Rapport;, Research report, 2012)DIAMONDS is a research project addressing the combination of security testing and risk analysis. The main objective is to develop guidelines and a supporting framework to help businesses find a balanced approach within the ... -
Design decisions in the development of a graphical language for risk-driven security testing
Erdogan, Gencer; Stølen, Ketil (Journal article; Peer reviewed, 2017)We have developed a domain-specific modeling language named CORAL that employs risk assessment to help security testers select and design test cases based on the available risk picture. In this paper, we present CORAL and ... -
DeSPoT: A Method for the Development and Specification of Policies for Trust Negotiation
Håvaldsrud, Tormod; Møller-Pedersen, Birger; Solhaug, Bjørnar; Stølen, Ketil (SINTEF Rapport;, Research report, 2012)Information systems are ever more connected to the Internet, which gives wide opportunities for interacting with other actors, systems and resources and for exploiting the open and vast marked. This pushes the limits for ... -
Divide and Conquer – Towards a Notion of Risk Model Encapsulation
Refsdal, Atle; Rideng, Øyvind; Solhaug, Bjørnar; Stølen, Ketil (Lecture Notes in Computer Science;8431, Chapter, 2014)The criticality of risk management is evident when considering the information society of today, and the emergence of Future Internet technologies such as Cloud services. Information systems and services become ever more ... -
ENFORCE Conceptual Framework
Lysemoset, Tom; Mahler, Tobias; Solhaug, Bjørnar; Bing, Jon; Elgesom, Dag; Stølen, Ketil (Research report, 2007)ENFORCE is a multi-disciplinary research project addressing trust management. The research objectives include the development of a methodology for the capture and analysis of policies for security and trust management, the ... -
Evaluation of a Method for the Analysis and Development of Policies for Trust Negotiation
Håvaldsrud, Tormod; Solhaug, Bjørnar; Stølen, Ketil (Research report, 2011)This report documents the evaluation of our method for the analysis and development of policies for trust negotiation. The method was evaluated in an industrial case study with evaluation criteria focusing on ... -
Evaluation of experiences from applying the PREDIQT method in an industrial case study
Omerovic, Aida; Solhaug, Bjørnar; Stølen, Ketil (Research report, 2011)We have developed a method called PREDIQT for model-based prediction of impacts of architectural design changes on system quality. A recent case study indicated feasibility of the PREDIQT method when applied on a real-life ...