Now showing items 21-40 of 47

    • Evaluation of experiences from applying the PREDIQT method in an industrial case study 

      Omerovic, Aida; Solhaug, Bjørnar; Stølen, Ketil (Chapter, 2011)
      We have developed a method called PREDIQT for model-based prediction of impacts of architectural design changes on system quality. A recent case study indicated feasibility of the PREDIQT method when applied on a real-life ...
    • Experiences from Using Indicators to Validate Expert Judgments in Security Risk Analysis 

      Ligaarden, Olav Skjelkvåle; Refsdal, Atle; Stølen, Ketil (SINTEF Rapport;, Research report, 2012)
      Expert judgments are often used to estimate likelihood values in a security risk analysis. These judgments are subjective and their correctness rely on the competence, training, and experience of the experts. Thus, there ...
    • Generic functionality in user interfaces for emergency response 

      Nilsson, Erik Gösta; Stølen, Ketil (Research report, 2011)
      In this report we use findings from a number of empirical studies involving different emergency response actors to identify shared or overlapping needs for user interfaces functionality.  By analyzing the findings ...
    • Generic functionality in user interfaces for emergency response 

      Nilsson, Erik Gøsta; Stølen, Ketil (Chapter, 2011)
      In this paper we use findings from a number of empirical studies involving different emergency response actors to identify shared or overlapping needs for user interfaces functionality. By analyzing the findings from these ...
    • Information Flow Property Preserving Transformation of UML Intraction Diagrams 

      Seehusen, Fredrik; Stølen, Ketil (Research report, 2006)
      STF90 A06030We present an approach for secure information flow property preserving refinement and transformation of UML inspired interaction diagrams. The approach is formally underpinned by trace-semantics. The semantics ...
    • Investigating Preferences in Graphical Risk Modeling 

      Hogganvik, Ida; Stølen, Ketil (Research report, 2007)
      In a security analysis it is often helpful to draw diagrams to illustrate threat and risk scenarios. To ensure the effectiveness of such diagrams, it is essential that they are easily understood by people without training ...
    • ISMS-CORAS: A Structured Method for Establishing an ISO 27001 Compliant Information Security Management System 

      Beckers, Kristian; Heisel, Maritta; Solhaug, Bjørnar; Stølen, Ketil (SINTEF Rapport;, Research report, 2013)
      Realizing security and risk management standards may be challenging, partly because the descriptions of what to realize are often generic and have to be refined by security experts. Removing this ambiguity is time intensive ...
    • Maintaining Information Flow Security under Refinement and Transformation 

      Seehusen, Fredrik; Stølen, Ketil (Research report, 2006)
      We address the problem of maintaining information flow security under refinement and transformation. To this end we define a schema for the specification of secure information flow properties and show that all security ...
    • Mandatory and Potential Choice: Comparing Event-B and STAIRS 

      Refsdal, Atle; Runde, Ragnhild Kobro; Stølen, Ketil (Chapter, 2016)
      In order to decide whether a software system fulfills a specification, or whether a detailed specification preserves the properties of a more abstract specification, we need an understanding of what it means for one ...
    • Preservation of Policy Adherence under Refinement 

      Solhaug, Bjørnar; Stølen, Ketil (Research report, 2009)
      Policy-based management is an approach to the management of systems with respect to issues such as security, access control and trust by the enforcement of policy rules. This paper addresses the problem of integrating the ...
    • Quality Evaluation of the CORAS UmL Profile 

      Hogganvik, Ida; Lund, Mass Soldal; Stølen, Ketil (Research report, 2007)
      This report contains an evaluation of the CORAS UML profile and consists og two parts:Modeling a benchmarking test called ""the core security risk scenarios"" using the CORAS UML profileAssessing the quality og the CORAS ...
    • Relating computer systems to sequence diagrams: the impact of underspecification and inherent nondeterminism 

      Runde, Ragnhild Kobro; Refsdal, Atle; Stølen, Ketil (Journal article; Peer reviewed, 2013)
      Having a sequence diagram specification and a computer system, we need to answer the question: Is the system compliant with the sequence diagram specification in the desired way? We present a procedure for answering this ...
    • Schematic Generation of English-prose Semantics for a Risk Analysis Language Based on UML Interactions 

      Erdogan, Gencer; Refsdal, Atle; Stølen, Ketil (Chapter, 2014)
      To support risk-driven testing, we have developed CORAL, a language for risk analysis based on UML interactions. In this paper, we present its semantics as a translation of CORAL diagrams into English prose. The CORAL ...
    • Schematic Generation of English-prose Semantics for a Risk Analysis Language Based on UML Interactions 

      Erdogan, Gencer; Refsdal, Atle; Stølen, Ketil (SINTEF Rapport;, Research report, 2014)
      To support risk-driven testing, we have developed CORAL, a language for risk analysis based on UML interactions. In this paper, we present its semantics as a translation of CORAL diagrams into English prose. The CORAL ...
    • Security risk analysis of system changes exemplified within the oil and gas domain 

      Refsdal, Atle; Solhaug, Bjørnar; Stølen, Ketil (Journal article; Peer reviewed, 2015)
      Changes, such as the introduction of new technology, may have considerable impact on the risk to which a system or organization is exposed. For example, in the oil & gas domain, introduction of technology that allows ...
    • Specifying Policies Using UML Sequence Diagrams - An Evaluation Based on a Case Study 

      Solhaug, Bjørnar; Elgesem, Dag; Stølen, Ketil (Research report, 2007)
      This report provides a case study based evaluation of UML sequence diagrams as a notation for policy specification. Policy rules are defined on the basis of deontic logic, and provided a trace based semantics interpreted ...
    • Stepwise refinement of sequence diagrams with soft real-time constraints 

      Refsdal, Atle; Runde, Ragnhild Kobro; Stølen, Ketil (Journal article; Peer reviewed, 2015)
      UML sequence diagrams and similar notations are much used to specify and analyze computer systems and their requirements. Probabilities are often essential, in particular for capturing soft real-time constraints. It is ...
    • Stepwise refinement of sequence diagrams with soft real-time requirements 

      Refsdal, Atle; Runde, Ragnhild Kobro; Stølen, Ketil (Research report, 2011)
      UML sequence diagrams and similar notations are much used to specify computer systems, serving for example as specifications for programmers, or as a means for validating requirements. When specifying and analyzing computer ...
    • Structured Semantics for the CORAS Security Risk Modelling Language 

      Dahl, Heidi Elisabeth Iuell; Stølen, Ketil; Hogganvik, Ida (Research report, 2007)
      The CORAS security risk modelling language is a customised graphical language for com- munication, documentation and analysis of security threat and risk scenarios. We present a textual syntax and a structured semantics ...
    • Technology Research Explained 

      Solheim, Ida; Stølen, Ketil (Research report, 2007)
      The purpose of this report is to contribute to a better understanding of technology research and the way to conduct it. The report pinpoints similarities and dissimilarities between classical research and technology research, ...