• A server-side approach to privacy policy matching 

      Nyre, Åsmund Ahlmann; Bernsmed, Karin; Bø, Solvår; Pedersen, Stian (Chapter, 2011)
      With the increasing use of online services that require sharing of information there is a need for Privacy Enhancing Technology tailored for personal information con- trol. Commonly, web privacy is handled through matching ...
    • Accountability Requirements for the Cloud 

      Jaatun, Martin Gilje; Tøndel, Inger Anne; Moe, Nils Brede; Cruzes, Daniela Soares; Bernsmed, Karin; Haugset, Børge (Chapter, 2017)
      In order to be responsible stewards of other people’s data, cloud providers must be accountable for their data handling practices. The potential long provider chains in cloud computing introduces additional accountability ...
    • Accountability Requirements in the Cloud Provider Chain 

      Jaatun, Martin Gilje; Tøndel, Inger Anne; Moe, Nils Brede; Cruzes, Daniela Soares; Bernsmed, Karin; Haugset, Børge (Journal article; Peer reviewed, 2018)
      In order to be responsible stewards of other people’s data, cloud providers must be accountable for their data handling practices. The potential long provider chains in cloud computing introduce additional accountability ...
    • An experimental evaluation of bow-tie analysis for cybersecurity requirements 

      Meland, Per Håkon; Bernsmed, Karin; Frøystad, Christian; Li, Jingyue; Sindre, Guttorm (Journal article; Peer reviewed, 2019)
      Bow-tie analysis includes a graphical representation for depicting threats and consequences related to unwanted events, and shows how preventive and reactive barriers can provide control over such situations. This kind of ...
    • Challenges and Experiences with Applying Microsoft Threat Modeling in Agile Development Projects 

      Cruzes, Daniela Soares; Jaatun, Martin Gilje; Bernsmed, Karin; Tøndel, Inger Anne (Journal article; Peer reviewed, 2018)
      The goal of secure software engineering is to create software that keeps performing as intended even when exposed to attacks. Threat modeling is considered to be a key activity, but can be challenging to perform for ...
    • Cloud Security Requirements - A checklist with security and privacy requirements for public cloud services 

      Bernsmed, Karin; Meland, Per Håkon; Jaatun, Martin Gilje (Research report, 2015)
      This document contains a checklist that can be used to develop or evaluate security and privacy requirements for Cloud computing services. The content has been gathered from established industry standards and best practices, ...
    • Controlled Sharing of Personal Information in Android 

      Bø, Solvår; Pedersen, Stian; Nyre, Åsmund Ahlmann; Bernsmed, Karin (Journal article; Peer reviewed, 2011)
      Smartphones with third-party applications have become very popular. Recently, they have received attention for quietly monitoring and transferring personal information without the users’ knowledge. The objective of this ...
    • Ensuring ATM cyber security by applying SecRAM 

      Bernsmed, Karin; Bour, Guillaume (Lecture, 2019)
    • Grunnprinsipper for IKT-sikkerhet i industrielle IKT-systemer 

      JAATUN, Martin Gilje; Wille, Egil; Bernsmed, Karin; Kilskar, Stine Skaufel (SINTEF rapport;2021:00055, Research report, 2021)
      Formålet med denne rapporten er å gi økt forståelse for grunnprinsipper for IKT sikkerhet i industrielle IKT-systemer (OT-systemer) i norsk petroleumsvirksomhet basert på NSMs grunnprinsipper for IKT-sikkerhet. Vi har ...
    • Learning Privacy Preferences 

      Tøndel, Inger Anne; Nyre, Åsmund Ahlmann; Bernsmed, Karin (Chapter, 2011)
      This paper suggests a machine learning approach to preference generation in the context of privacy agents. With this solution, users are relieved from the complex task of specifying their preferences beforehand, disconnected ...
    • On the Certificate Revocation Problem in the Maritime Sector 

      Bour, Guillaume; Bernsmed, Karin; Meland, Per Håkon; Borgaonkar, Ravishankar Bhaskarrao (Peer reviewed; Journal article, 2021)
      Maritime shipping is currently undergoing rapid digitalization, but with increasing exposure to cyber threats, there is a need to improve the security of the ship communication technology used during operations across ...
    • Play2Prepare: A Board Game Supporting IT Security Preparedness Exercises for Industrial Control Organizations 

      Graffer, Ingrid; Bartnes, Maria; Bernsmed, Karin (Conference object, 2015)
      Industrial control organizations need to perform IT security preparedness exercises more frequently than today. However, limited support material currently exists. This paper presents a board game, Play2Prepare, ...
    • Protecting Future Maritime Communication 

      Frøystad, Christian; Bernsmed, Karin; Meland, Per Håkon (Chapter, 2017)
      Our oceans are filled with ships that take care of the most important distribution of goods in the world economy. Evolving from isolated chunks of hollow metal containers, ships are becoming more and more like interconnected ...
    • Safety Critical Software and Security - How Low Can You Go? 

      Bernsmed, Karin; Meland, Per Håkon; Jaatun, Martin Gilje (Chapter, 2018)
      The safety of aviation software is ensured by performing development according to the DO-178C standard. However, this standard has a blind spot in that it fails to consider software security aspects in development. The ...
    • Security in Service Level Agreements for Cloud Computing 

      Bernsmed, Karin; JAATUN, Martin Gilje; Undheim, Astrid (Chapter, 2011)
      The Cloud computing paradigm promises reliable services, accessible from anywhere in the world, in an on-demand manner. Insufficient security has been identified as a major obstacle to adopting Cloud services. To deal with ...
    • Security Requirements for SATCOM Datalink Systems for Future Air Traffic Management 

      Bernsmed, Karin; Frøystad, Christian; Meland, Per Håkon; Myrvoll, Tor Andre (Chapter, 2017)
      Aircraft equipped with satellite communication (SATCOM) systems will enable advanced Air Traffic Management (ATM) operations over datalink on a global basis. A key concept of future ATM is 4D trajectory management, which ...
    • A Systematic Mapping Study on Cyber Security Indicator Data 

      Meland, Per Håkon; Tokas, Shukun; Erdogan, Gencer; Bernsmed, Karin; Omerovic, Aida (Peer reviewed; Journal article, 2021)
      A security indicator is a sign that shows us what something is like or how a situation is changing and can aid us in making informed estimations on cyber risks. There are many different breeds of security indicators, ...
    • User agents for matching privacy policies with user preferences 

      Bernsmed, Karin; Nyre, Åsmund Ahlmann; JAATUN, Martin Gilje (Chapter, 2011)
      Privacy policies are commonly used by service providers to state how personal data obtained from users will be handled. However, the complexity and sheer length of such policies make them incomprehensible to the common web ...
    • Visualizing Cyber Security Risks with Bow-Tie Diagrams 

      Bernsmed, Karin; Frøystad, Christian; Meland, Per Håkon; Nesheim, Dag Atle; Rødseth, Ørnulf Jan (Journal article; Peer reviewed, 2018)
      Safety and security risks are usually analyzed independently, by different people using different tools. Consequently, the system analyst may fail to realize cyber attacks as a contributing factor to safety impacts or, on ...
    • Visualizing Cyber Security Risks with Bow-Tie Diagrams 

      Bernsmed, Karin; Frøystad, Christian; Meland, Per Håkon; Nesheim, Dag Atle; Rødseth, Ørnulf Jan (Journal article; Peer reviewed, 2018-01-19)
      Safety and security risks are usually analyzed independently, by different people using different tools. Consequently, the system analyst may fail to realize cyber attacks as a contributing factor to safety impacts or, on ...