• A Lightweight Approach to Secure Software Engineering 

      JAATUN, Martin Gilje; Jensen, Jostein; Meland, Per Håkon; Tøndel, Inger Anne (Chapter, 2011)
      Secure software engineering is much more than developing critical software. History has shown us that software bugs and design flaws also represent exploitable security vulnerabilities in seemingly innocuous applications ...
    • An experimental evaluation of bow-tie analysis for cybersecurity requirements 

      Meland, Per Håkon; Bernsmed, Karin; Frøystad, Christian; Li, Jingyue; Sindre, Guttorm (Journal article; Peer reviewed, 2019)
      Bow-tie analysis includes a graphical representation for depicting threats and consequences related to unwanted events, and shows how preventive and reactive barriers can provide control over such situations. This kind of ...
    • Assessing cyber threats for storyless systems 

      Meland, Per Håkon; Nesheim, Dag Atle; Bernsmed, Karin; Sindre, Guttorm (Peer reviewed; Journal article, 2021)
      A proper assessment of potential cyber threats is vital for security decision-making. This becomes an even more challenging task when dealing with new system designs and industry sectors where there is little or no historical ...
    • Assessing cyber threats for storyless systems 

      Meland, Per Håkon; Nesheim, Dag Atle; Bernsmed, Karin; Sindre, Guttorm (Peer reviewed; Journal article, 2021)
      A proper assessment of potential cyber threats is vital for security decision-making. This becomes an even more challenging task when dealing with new system designs and industry sectors where there is little or no historical ...
    • Breaking the Cyber Kill Chain by Modelling Resource Costs 

      Haga, Kristian; Meland, Per Håkon; Sindre, Guttorm (Chapter, 2020)
      To combat cybercrime, a clearer understanding of the attacks and the offenders is necessary. When there is little available data about attack incidents, which is usually the case for new technology, one can make estimations ...
    • Cloud Security Requirements - A checklist with security and privacy requirements for public cloud services 

      Bernsmed, Karin; Meland, Per Håkon; Jaatun, Martin Gilje (Research report, 2015)
      This document contains a checklist that can be used to develop or evaluate security and privacy requirements for Cloud computing services. The content has been gathered from established industry standards and best practices, ...
    • Cyber Attacks for Sale 

      Meland, Per Håkon; Sindre, Guttorm (Chapter, 2020)
      The infamous darknet hosts an underground economy for illegal goods and services, some of which can be purchased and used for cyber attacks. By analyzing the properties and popularity of such items, we can get indications ...
    • D2.2 Updated cyber risk assessment for the maritime industry 

      Meland, Per Håkon; Bernsmed, Karin; Wille, Egil; Rødseth, Ørnulf Jan; Nesheim, Dag Atle (SINTEF Rapport;2021:00341, Research report, 2021)
      This report presents an updated assessment of the cyberthreat landscape in the context of CySiMS-SE. It is based on the previous work from CySiMS “D1.1 Risk Model and Analysis” and the methodology from CySiMS-SE “D2.1 ...
    • D4.3 Multi-modal communication - Securing future communication across different sectors and technologies 

      Bernsmed, Karin; Bour, Guillaume; Meland, Per Håkon; Borgaonkar, Ravishankar Bhaskarrao; Wille, Egil (SINTEF rapport;2021:00314, Research report, 2021)
      This document introduces the concept of multi-modal communication, using the coordination of a Search and Rescue (SAR) operation as an illustrating scenario, identifies challenges for secure information exchange and ...
    • Facing uncertainty in cyber insurance policies 

      Meland, Per Håkon; Tøndel, Inger Anne; Moe, Marie Elisabeth Gaup; Seehusen, Fredrik (Journal article; Peer reviewed, 2017)
      Cyber insurance has gained less ground in Europe than in the U.S., but with emerging laws and regulations, the prospect of considerable fines for security breaches is pushing many organisations into this market. A qualitative ...
    • Keeping the human element to secure autonomous shipping operations 

      Meland, Per Håkon; Nesheim, Dag Atle; Rødseth, Ørnulf Jan (Peer reviewed; Journal article, 2023)
      Autonomous shipping operations are becoming economically and technically feasible, but this development also requires new human roles and responsibilities onshore for managing cyber events. The goal of this paper is to ...
    • The need for a public key infrastructure for automated and autonomous ships 

      Rødseth, Ørnulf Jan; Frøystad, Christian; Meland, Per Håkon; Bernsmed, Karin; Nesheim, Dag Atle (Peer reviewed; Journal article, 2020)
      Shipping undergoes rapid digitization, covering safety and security reporting, mandatory ship documentation, electronic port clearance as well as commercial and operational information exchanges. Increasing automation of ...
    • On the Certificate Revocation Problem in the Maritime Sector 

      Bour, Guillaume; Bernsmed, Karin; Meland, Per Håkon; Borgaonkar, Ravishankar Bhaskarrao (Peer reviewed; Journal article, 2021)
      Maritime shipping is currently undergoing rapid digitalization, but with increasing exposure to cyber threats, there is a need to improve the security of the ship communication technology used during operations across ...
    • Ontology-based Use Cases for Design-time and Runtime Composition of Mobile Services 

      Rój, Michal Konrad; Meland, Per Håkon; Floch, Jacqueline; Domaszewicz, Jaroslaw (Chapter, 2009)
      This paper presents application of ontology-based modelling and reasoning related to the different phases of the lifecycle of mobile services. Ontology-based descriptions complement traditional design-time and runtime ...
    • Protecting Future Maritime Communication 

      Frøystad, Christian; Bernsmed, Karin; Meland, Per Håkon (Chapter, 2017)
      Our oceans are filled with ships that take care of the most important distribution of goods in the world economy. Evolving from isolated chunks of hollow metal containers, ships are becoming more and more like interconnected ...
    • The Ransomware-as-a-Service economy within the darknet 

      Meland, Per Håkon; Bayoumy, Yara; Sindre, Guttorm (Peer reviewed; Journal article, 2020)
      Ransomware is an epidemic that adversely affects the lives of both individuals and large companies, where criminals demand payments to release infected digital assets. In the wake of the ransomware success, Ransomware-as-a-Service ...
    • A Retrospective Analysis of Maritime Cyber Security Incidents 

      Meland, Per Håkon; Bernsmed, Karin; Wille, Egil; Rødseth, Ørnulf Jan; Nesheim, Dag Atle (Peer reviewed; Journal article, 2021)
      The maritime industry is undergoing a rapid evolution through the introduction of new technology and the digitization of existing services. At the same time, the digital attack surface is increasing, and incidents can lead ...
    • Safety Critical Software and Security - How Low Can You Go? 

      Bernsmed, Karin; Meland, Per Håkon; Jaatun, Martin Gilje (Chapter, 2018)
      The safety of aviation software is ensured by performing development according to the DO-178C standard. However, this standard has a blind spot in that it fails to consider software security aspects in development. The ...
    • Security Requirements for SATCOM Datalink Systems for Future Air Traffic Management 

      Bernsmed, Karin; Frøystad, Christian; Meland, Per Håkon; Myrvoll, Tor Andre (Chapter, 2017)
      Aircraft equipped with satellite communication (SATCOM) systems will enable advanced Air Traffic Management (ATM) operations over datalink on a global basis. A key concept of future ATM is 4D trajectory management, which ...