• A Method for Developing Algorithms for Assessing Cyber-Risk Cost 

      Erdogan, Gencer; Refsdal, Atle; Seehusen, Fredrik; Gonzalez, Alejandra (Chapter, 2017)
      We present a method for developing executable algorithms for quantitative cyber-risk assessment. Exploiting techniques from security risk modeling and actuarial approaches, the method pragmatically combines use of available ...
    • A Method for Model-Driven Information Flow Security 

      Seehusen, Fredrik; Stølen, Ketil (Research report, 2009)
      We present a method for software development in which information flow security is taken into consideration from start to finish. Initially, the user of the method (i.e., a software developer) specifies the  ...
    • A Transformational Approach to Facilitate Monitoring of High Level Policies 

      Seehusen, Fredrik; Lund, Mass Soldal; Stølen, Ketil (Research report, 2009)
      We present a method for specifying high level security policies that can be enforced by runtime monitoring mechanisms. The method has three main steps: (1) the user of our method formalizes a set of policy rules using UML ...
    • An Evaluation of a Test-driven Security Risk Analysis Method Based on an Industrial Case Study 

      Erdogan, Gencer; Seehusen, Fredrik; Li, Yan (SINTEF Rapport;, Research report, 2013)
      This report is an evaluation describing the experiences obtained from a case study, carried out in a period of eight months from June 2012 to January 2013, in which we conducted a test-driven security risk analysis. ...
    • Assessing the Usefulness of Testing for Validating the Correctness of Security Risk Models Based on an Industrial Case Study 

      Erdogan, Gencer; Seehusen, Fredrik; Stølen, Ketil; Aagedal, Jan Øyvind (SINTEF Rapport;, Research report, 2014)
      We present the results of an evaluation in which the objective was to assess how useful testing is for validating and gaining confidence in the correctness of security risk models. The evaluation is based on a case study ...
    • Conceptual Framework for the DIAMONDS Project 

      Erdogan, Gencer; Li, Yan; Runde, Ragnhild Kobro; Seehusen, Fredrik; Stølen, Ketil (SINTEF Rapport;, Research report, 2012)
      DIAMONDS is a research project addressing the combination of security testing and risk analysis. The main objective is to develop guidelines and a supporting framework to help businesses find a balanced approach within the ...
    • Facing uncertainty in cyber insurance policies 

      Meland, Per Håkon; Tøndel, Inger Anne; Moe, Marie Elisabeth Gaup; Seehusen, Fredrik (Journal article; Peer reviewed, 2017)
      Cyber insurance has gained less ground in Europe than in the U.S., but with emerging laws and regulations, the prospect of considerable fines for security breaches is pushing many organisations into this market. A qualitative ...
    • Information Flow Property Preserving Transformation of UML Intraction Diagrams 

      Seehusen, Fredrik; Stølen, Ketil (Research report, 2006)
      STF90 A06030We present an approach for secure information flow property preserving refinement and transformation of UML inspired interaction diagrams. The approach is formally underpinned by trace-semantics. The semantics ...
    • Maintaining Information Flow Security under Refinement and Transformation 

      Seehusen, Fredrik; Stølen, Ketil (Research report, 2006)
      We address the problem of maintaining information flow security under refinement and transformation. To this end we define a schema for the specification of secure information flow properties and show that all security ...
    • When to Treat Security Risks with Cyber Insurance 

      Meland, Per Håkon; Seehusen, Fredrik (Journal article; Peer reviewed, 2018)
      Transferring security risk to a third party through cyber insurance is an unfamiliar playing field for a lot of organisations, and therefore many hesitate to make such investments. Indeed, there is a general need for ...
    • When to Treat Security Risks with Cyber Insurance 

      Meland, Per Håkon; Seehusen, Fredrik (Chapter, 2018)
      Transferring security risk to a third party through cyber insurance is an unfamiliar playing field for a lot of organisations, and therefore many hesitate to make such investments. Indeed, there is a general need for ...