Browsing SINTEF Open by Author "Seehusen, Fredrik"
Now showing items 1-11 of 11
-
A Method for Developing Algorithms for Assessing Cyber-Risk Cost
Erdogan, Gencer; Refsdal, Atle; Seehusen, Fredrik; Gonzalez, Alejandra (Chapter, 2017)We present a method for developing executable algorithms for quantitative cyber-risk assessment. Exploiting techniques from security risk modeling and actuarial approaches, the method pragmatically combines use of available ... -
A Method for Model-Driven Information Flow Security
Seehusen, Fredrik; Stølen, Ketil (Research report, 2009)We present a method for software development in which information flow security is taken into consideration from start to finish. Initially, the user of the method (i.e., a software developer) specifies the ... -
A Transformational Approach to Facilitate Monitoring of High Level Policies
Seehusen, Fredrik; Lund, Mass Soldal; Stølen, Ketil (Research report, 2009)We present a method for specifying high level security policies that can be enforced by runtime monitoring mechanisms. The method has three main steps: (1) the user of our method formalizes a set of policy rules using UML ... -
An Evaluation of a Test-driven Security Risk Analysis Method Based on an Industrial Case Study
Erdogan, Gencer; Seehusen, Fredrik; Li, Yan (SINTEF Rapport;, Research report, 2013)This report is an evaluation describing the experiences obtained from a case study, carried out in a period of eight months from June 2012 to January 2013, in which we conducted a test-driven security risk analysis. ... -
Assessing the Usefulness of Testing for Validating the Correctness of Security Risk Models Based on an Industrial Case Study
Erdogan, Gencer; Seehusen, Fredrik; Stølen, Ketil; Aagedal, Jan Øyvind (SINTEF Rapport;, Research report, 2014)We present the results of an evaluation in which the objective was to assess how useful testing is for validating and gaining confidence in the correctness of security risk models. The evaluation is based on a case study ... -
Conceptual Framework for the DIAMONDS Project
Erdogan, Gencer; Li, Yan; Runde, Ragnhild Kobro; Seehusen, Fredrik; Stølen, Ketil (SINTEF Rapport;, Research report, 2012)DIAMONDS is a research project addressing the combination of security testing and risk analysis. The main objective is to develop guidelines and a supporting framework to help businesses find a balanced approach within the ... -
Facing uncertainty in cyber insurance policies
Meland, Per Håkon; Tøndel, Inger Anne; Moe, Marie Elisabeth Gaup; Seehusen, Fredrik (Journal article; Peer reviewed, 2017)Cyber insurance has gained less ground in Europe than in the U.S., but with emerging laws and regulations, the prospect of considerable fines for security breaches is pushing many organisations into this market. A qualitative ... -
Information Flow Property Preserving Transformation of UML Intraction Diagrams
Seehusen, Fredrik; Stølen, Ketil (Research report, 2006)STF90 A06030We present an approach for secure information flow property preserving refinement and transformation of UML inspired interaction diagrams. The approach is formally underpinned by trace-semantics. The semantics ... -
Maintaining Information Flow Security under Refinement and Transformation
Seehusen, Fredrik; Stølen, Ketil (Research report, 2006)We address the problem of maintaining information flow security under refinement and transformation. To this end we define a schema for the specification of secure information flow properties and show that all security ... -
When to Treat Security Risks with Cyber Insurance
Meland, Per Håkon; Seehusen, Fredrik (Journal article; Peer reviewed, 2018)Transferring security risk to a third party through cyber insurance is an unfamiliar playing field for a lot of organisations, and therefore many hesitate to make such investments. Indeed, there is a general need for ... -
When to Treat Security Risks with Cyber Insurance
Meland, Per Håkon; Seehusen, Fredrik (Chapter, 2018)Transferring security risk to a third party through cyber insurance is an unfamiliar playing field for a lot of organisations, and therefore many hesitate to make such investments. Indeed, there is a general need for ...