• A server-side approach to privacy policy matching 

      Nyre, Åsmund Ahlmann; Bernsmed, Karin; Bø, Solvår; Pedersen, Stian (Chapter, 2011)
      With the increasing use of online services that require sharing of information there is a need for Privacy Enhancing Technology tailored for personal information con- trol. Commonly, web privacy is handled through matching ...
    • Accountability Requirements for the Cloud 

      Jaatun, Martin Gilje; Tøndel, Inger Anne; Moe, Nils Brede; Cruzes, Daniela Soares; Bernsmed, Karin; Haugset, Børge (Chapter, 2017)
      In order to be responsible stewards of other people’s data, cloud providers must be accountable for their data handling practices. The potential long provider chains in cloud computing introduces additional accountability ...
    • Accountability Requirements in the Cloud Provider Chain 

      Jaatun, Martin Gilje; Tøndel, Inger Anne; Moe, Nils Brede; Cruzes, Daniela Soares; Bernsmed, Karin; Haugset, Børge (Journal article; Peer reviewed, 2018)
      In order to be responsible stewards of other people’s data, cloud providers must be accountable for their data handling practices. The potential long provider chains in cloud computing introduce additional accountability ...
    • An experimental evaluation of bow-tie analysis for cybersecurity requirements 

      Meland, Per Håkon; Bernsmed, Karin; Frøystad, Christian; Li, Jingyue; Sindre, Guttorm (Journal article; Peer reviewed, 2019)
      Bow-tie analysis includes a graphical representation for depicting threats and consequences related to unwanted events, and shows how preventive and reactive barriers can provide control over such situations. This kind of ...
    • Assessing cyber threats for storyless systems 

      Meland, Per Håkon; Nesheim, Dag Atle; Bernsmed, Karin; Sindre, Guttorm (Peer reviewed; Journal article, 2021)
      A proper assessment of potential cyber threats is vital for security decision-making. This becomes an even more challenging task when dealing with new system designs and industry sectors where there is little or no historical ...
    • Assessing cyber threats for storyless systems 

      Meland, Per Håkon; Nesheim, Dag Atle; Bernsmed, Karin; Sindre, Guttorm (Peer reviewed; Journal article, 2021)
      A proper assessment of potential cyber threats is vital for security decision-making. This becomes an even more challenging task when dealing with new system designs and industry sectors where there is little or no historical ...
    • Challenges and Experiences with Applying Microsoft Threat Modeling in Agile Development Projects 

      Cruzes, Daniela Soares; Jaatun, Martin Gilje; Bernsmed, Karin; Tøndel, Inger Anne (Journal article; Peer reviewed, 2018)
      The goal of secure software engineering is to create software that keeps performing as intended even when exposed to attacks. Threat modeling is considered to be a key activity, but can be challenging to perform for ...
    • Cloud Security Requirements - A checklist with security and privacy requirements for public cloud services 

      Bernsmed, Karin; Meland, Per Håkon; Jaatun, Martin Gilje (Research report, 2015)
      This document contains a checklist that can be used to develop or evaluate security and privacy requirements for Cloud computing services. The content has been gathered from established industry standards and best practices, ...
    • Controlled Sharing of Personal Information in Android 

      Bø, Solvår; Pedersen, Stian; Nyre, Åsmund Ahlmann; Bernsmed, Karin (Journal article; Peer reviewed, 2011)
      Smartphones with third-party applications have become very popular. Recently, they have received attention for quietly monitoring and transferring personal information without the users’ knowledge. The objective of this ...
    • D2.2 Updated cyber risk assessment for the maritime industry 

      Meland, Per Håkon; Bernsmed, Karin; Wille, Egil; Rødseth, Ørnulf Jan; Nesheim, Dag Atle (SINTEF Rapport;2021:00341, Research report, 2021)
      This report presents an updated assessment of the cyberthreat landscape in the context of CySiMS-SE. It is based on the previous work from CySiMS “D1.1 Risk Model and Analysis” and the methodology from CySiMS-SE “D2.1 ...
    • D2.3 CySiMS Cyber Event Exercise Handbook 

      Bernsmed, Karin; Borgaonkar, Ravishankar Bhaskarrao (SINTEF rapport;2021:00319, Research report, 2021)
      This document is a handbook for developing cyber event exercises relevant for the intended users of the CySiMS-SE secure communication solution. The document includes a selected set of scenarios that are relevant to ...
    • D4.3 Multi-modal communication - Securing future communication across different sectors and technologies 

      Bernsmed, Karin; Bour, Guillaume; Meland, Per Håkon; Borgaonkar, Ravishankar Bhaskarrao; Wille, Egil (SINTEF rapport;2021:00314, Research report, 2021)
      This document introduces the concept of multi-modal communication, using the coordination of a Search and Rescue (SAR) operation as an illustrating scenario, identifies challenges for secure information exchange and ...
    • Ensuring ATM cyber security by applying SecRAM 

      Bernsmed, Karin; Bour, Guillaume (Lecture, 2019)
    • An evaluation of practitioners’ perceptions of a security risk assessment methodology in air traffic management projects 

      Bernsmed, Karin; Bour, Guillaume; Lundgren, Martin; Bergström, Erik (Peer reviewed; Journal article, 2022)
      Cyber security is a key enabler for safe Air Traffic Management (ATM). This paper presents results from an empirical study, in which we have investigated and evaluated the use of the Security Risk Assessment Methodology ...
    • Grunnprinsipper for IKT-sikkerhet i industrielle IKT-systemer 

      JAATUN, Martin Gilje; Wille, Egil; Bernsmed, Karin; Kilskar, Stine Skaufel (SINTEF rapport;2021:00055, Research report, 2021)
      Formålet med denne rapporten er å gi økt forståelse for grunnprinsipper for IKT sikkerhet i industrielle IKT-systemer (OT-systemer) i norsk petroleumsvirksomhet basert på NSMs grunnprinsipper for IKT-sikkerhet. Vi har ...
    • Learning Privacy Preferences 

      Tøndel, Inger Anne; Nyre, Åsmund Ahlmann; Bernsmed, Karin (Chapter, 2011)
      This paper suggests a machine learning approach to preference generation in the context of privacy agents. With this solution, users are relieved from the complex task of specifying their preferences beforehand, disconnected ...
    • The need for a public key infrastructure for automated and autonomous ships 

      Rødseth, Ørnulf Jan; Frøystad, Christian; Meland, Per Håkon; Bernsmed, Karin; Nesheim, Dag Atle (Peer reviewed; Journal article, 2020)
      Shipping undergoes rapid digitization, covering safety and security reporting, mandatory ship documentation, electronic port clearance as well as commercial and operational information exchanges. Increasing automation of ...
    • On the Certificate Revocation Problem in the Maritime Sector 

      Bour, Guillaume; Bernsmed, Karin; Meland, Per Håkon; Borgaonkar, Ravishankar Bhaskarrao (Peer reviewed; Journal article, 2021)
      Maritime shipping is currently undergoing rapid digitalization, but with increasing exposure to cyber threats, there is a need to improve the security of the ship communication technology used during operations across ...
    • Play2Prepare: A Board Game Supporting IT Security Preparedness Exercises for Industrial Control Organizations 

      Graffer, Ingrid; Bartnes, Maria; Bernsmed, Karin (Conference object, 2015)
      Industrial control organizations need to perform IT security preparedness exercises more frequently than today. However, limited support material currently exists. This paper presents a board game, Play2Prepare, ...
    • Protecting Future Maritime Communication 

      Frøystad, Christian; Bernsmed, Karin; Meland, Per Håkon (Chapter, 2017)
      Our oceans are filled with ships that take care of the most important distribution of goods in the world economy. Evolving from isolated chunks of hollow metal containers, ships are becoming more and more like interconnected ...