Blar i SINTEF Open på forfatter "Stølen, Ketil"
-
Evaluation of experiences from applying the PREDIQT method in an industrial case study
Omerovic, Aida; Solhaug, Bjørnar; Stølen, Ketil (Chapter, 2011)We have developed a method called PREDIQT for model-based prediction of impacts of architectural design changes on system quality. A recent case study indicated feasibility of the PREDIQT method when applied on a real-life ... -
Experiences from Using Indicators to Validate Expert Judgments in Security Risk Analysis
Ligaarden, Olav Skjelkvåle; Refsdal, Atle; Stølen, Ketil (SINTEF Rapport;, Research report, 2012)Expert judgments are often used to estimate likelihood values in a security risk analysis. These judgments are subjective and their correctness rely on the competence, training, and experience of the experts. Thus, there ... -
Generic functionality in user interfaces for emergency response
Nilsson, Erik Gösta; Stølen, Ketil (Research report, 2011)In this report we use findings from a number of empirical studies involving different emergency response actors to identify shared or overlapping needs for user interfaces functionality. By analyzing the findings ... -
Generic functionality in user interfaces for emergency response
Nilsson, Erik Gøsta; Stølen, Ketil (Chapter, 2011)In this paper we use findings from a number of empirical studies involving different emergency response actors to identify shared or overlapping needs for user interfaces functionality. By analyzing the findings from these ... -
Information Flow Property Preserving Transformation of UML Intraction Diagrams
Seehusen, Fredrik; Stølen, Ketil (Research report, 2006)STF90 A06030We present an approach for secure information flow property preserving refinement and transformation of UML inspired interaction diagrams. The approach is formally underpinned by trace-semantics. The semantics ... -
Investigating Preferences in Graphical Risk Modeling
Hogganvik, Ida; Stølen, Ketil (Research report, 2007)In a security analysis it is often helpful to draw diagrams to illustrate threat and risk scenarios. To ensure the effectiveness of such diagrams, it is essential that they are easily understood by people without training ... -
ISMS-CORAS: A Structured Method for Establishing an ISO 27001 Compliant Information Security Management System
Beckers, Kristian; Heisel, Maritta; Solhaug, Bjørnar; Stølen, Ketil (SINTEF Rapport;, Research report, 2013)Realizing security and risk management standards may be challenging, partly because the descriptions of what to realize are often generic and have to be refined by security experts. Removing this ambiguity is time intensive ... -
Maintaining Information Flow Security under Refinement and Transformation
Seehusen, Fredrik; Stølen, Ketil (Research report, 2006)We address the problem of maintaining information flow security under refinement and transformation. To this end we define a schema for the specification of secure information flow properties and show that all security ... -
Mandatory and Potential Choice: Comparing Event-B and STAIRS
Refsdal, Atle; Runde, Ragnhild Kobro; Stølen, Ketil (Chapter, 2016)In order to decide whether a software system fulfills a specification, or whether a detailed specification preserves the properties of a more abstract specification, we need an understanding of what it means for one ... -
Preservation of Policy Adherence under Refinement
Solhaug, Bjørnar; Stølen, Ketil (Research report, 2009)Policy-based management is an approach to the management of systems with respect to issues such as security, access control and trust by the enforcement of policy rules. This paper addresses the problem of integrating the ... -
Privacy-Aware IoT: State-of-the-Art and Challenges
Tokas, Shukun; Erdogan, Gencer; Stølen, Ketil (Chapter, 2023)The consumer IoT is now prevalent and creates an enormous amount of fine-grained, detailed information about consumers’ everyday actions, personalities, and preferences. Such detailed information brings new and unique ... -
Quality Evaluation of the CORAS UmL Profile
Hogganvik, Ida; Lund, Mass Soldal; Stølen, Ketil (Research report, 2007)This report contains an evaluation of the CORAS UML profile and consists og two parts:Modeling a benchmarking test called ""the core security risk scenarios"" using the CORAS UML profileAssessing the quality og the CORAS ... -
Relating computer systems to sequence diagrams: the impact of underspecification and inherent nondeterminism
Runde, Ragnhild Kobro; Refsdal, Atle; Stølen, Ketil (Journal article; Peer reviewed, 2013)Having a sequence diagram specification and a computer system, we need to answer the question: Is the system compliant with the sequence diagram specification in the desired way? We present a procedure for answering this ... -
Schematic Generation of English-prose Semantics for a Risk Analysis Language Based on UML Interactions
Erdogan, Gencer; Refsdal, Atle; Stølen, Ketil (Chapter, 2014)To support risk-driven testing, we have developed CORAL, a language for risk analysis based on UML interactions. In this paper, we present its semantics as a translation of CORAL diagrams into English prose. The CORAL ... -
Schematic Generation of English-prose Semantics for a Risk Analysis Language Based on UML Interactions
Erdogan, Gencer; Refsdal, Atle; Stølen, Ketil (SINTEF Rapport;, Research report, 2014)To support risk-driven testing, we have developed CORAL, a language for risk analysis based on UML interactions. In this paper, we present its semantics as a translation of CORAL diagrams into English prose. The CORAL ... -
Security risk analysis of system changes exemplified within the oil and gas domain
Refsdal, Atle; Solhaug, Bjørnar; Stølen, Ketil (Journal article; Peer reviewed, 2015)Changes, such as the introduction of new technology, may have considerable impact on the risk to which a system or organization is exposed. For example, in the oil & gas domain, introduction of technology that allows ... -
Specifying Policies Using UML Sequence Diagrams - An Evaluation Based on a Case Study
Solhaug, Bjørnar; Elgesem, Dag; Stølen, Ketil (Research report, 2007)This report provides a case study based evaluation of UML sequence diagrams as a notation for policy specification. Policy rules are defined on the basis of deontic logic, and provided a trace based semantics interpreted ... -
Stepwise refinement of sequence diagrams with soft real-time constraints
Refsdal, Atle; Runde, Ragnhild Kobro; Stølen, Ketil (Journal article; Peer reviewed, 2015)UML sequence diagrams and similar notations are much used to specify and analyze computer systems and their requirements. Probabilities are often essential, in particular for capturing soft real-time constraints. It is ... -
Stepwise refinement of sequence diagrams with soft real-time requirements
Refsdal, Atle; Runde, Ragnhild Kobro; Stølen, Ketil (Research report, 2011)UML sequence diagrams and similar notations are much used to specify computer systems, serving for example as specifications for programmers, or as a means for validating requirements. When specifying and analyzing computer ... -
Structured Semantics for the CORAS Security Risk Modelling Language
Dahl, Heidi Elisabeth Iuell; Stølen, Ketil; Hogganvik, Ida (Research report, 2007)The CORAS security risk modelling language is a customised graphical language for com- munication, documentation and analysis of security threat and risk scenarios. We present a textual syntax and a structured semantics ...