Blar i SINTEF Open på forfatter "Solhaug, Bjørnar"
-
An Approach to Select Cost-Effective Risk Countermeasures Exemplified in CORAS
Tran, Le Minh Sang; Solhaug, Bjørnar; Stølen, Ketil (SINTEF Rapport;, Research report, 2013)Security risk analysis should be conducted regularly for organizations to maintain an acceptable level of security. In principle, all risks that are unacceptable according to the predefined criteria should be mitigated. ... -
Compositional Refinement of Policies in UML – Exemplified for Access Control
Solhaug, Bjørnar; Stølen, Ketil (Research report, 2009)The UML is the de facto standard for system specification, but offers little specialized support for the specification and analysis of policies. This paper presents Deontic STAIRS, an extension of the UML sequence diagram ... -
DeSPoT: A Method for the Development and Specification of Policies for Trust Negotiation
Håvaldsrud, Tormod; Møller-Pedersen, Birger; Solhaug, Bjørnar; Stølen, Ketil (SINTEF Rapport;, Research report, 2012)Information systems are ever more connected to the Internet, which gives wide opportunities for interacting with other actors, systems and resources and for exploiting the open and vast marked. This pushes the limits for ... -
Divide and Conquer – Towards a Notion of Risk Model Encapsulation
Refsdal, Atle; Rideng, Øyvind; Solhaug, Bjørnar; Stølen, Ketil (Lecture Notes in Computer Science;8431, Chapter, 2014)The criticality of risk management is evident when considering the information society of today, and the emergence of Future Internet technologies such as Cloud services. Information systems and services become ever more ... -
ENFORCE Conceptual Framework
Lysemoset, Tom; Mahler, Tobias; Solhaug, Bjørnar; Bing, Jon; Elgesom, Dag; Stølen, Ketil (Research report, 2007)ENFORCE is a multi-disciplinary research project addressing trust management. The research objectives include the development of a methodology for the capture and analysis of policies for security and trust management, the ... -
Evaluation of a Method for the Analysis and Development of Policies for Trust Negotiation
Håvaldsrud, Tormod; Solhaug, Bjørnar; Stølen, Ketil (Research report, 2011)This report documents the evaluation of our method for the analysis and development of policies for trust negotiation. The method was evaluated in an industrial case study with evaluation criteria focusing on ... -
Evaluation of experiences from applying the PREDIQT method in an industrial case study
Omerovic, Aida; Solhaug, Bjørnar; Stølen, Ketil (Research report, 2011)We have developed a method called PREDIQT for model-based prediction of impacts of architectural design changes on system quality. A recent case study indicated feasibility of the PREDIQT method when applied on a real-life ... -
Evaluation of experiences from applying the PREDIQT method in an industrial case study
Omerovic, Aida; Solhaug, Bjørnar; Stølen, Ketil (Chapter, 2011)We have developed a method called PREDIQT for model-based prediction of impacts of architectural design changes on system quality. A recent case study indicated feasibility of the PREDIQT method when applied on a real-life ... -
Evaluations of methodology and tools used during the 8th SECURIS field trail
Refsdal, Atle; Solhaug, Bjørnar (Research report, 2007)This report presents the evaluation of the risk analysis in the 8th SECURIS field trial carried out the autumn 2006 and early 2007. FLO/IKT was the client and the target of the analysis was work with/handling of information ... -
ISMS-CORAS: A Structured Method for Establishing an ISO 27001 Compliant Information Security Management System
Beckers, Kristian; Heisel, Maritta; Solhaug, Bjørnar; Stølen, Ketil (SINTEF Rapport;, Research report, 2013)Realizing security and risk management standards may be challenging, partly because the descriptions of what to realize are often generic and have to be refined by security experts. Removing this ambiguity is time intensive ... -
Preservation of Policy Adherence under Refinement
Solhaug, Bjørnar; Stølen, Ketil (Research report, 2009)Policy-based management is an approach to the management of systems with respect to issues such as security, access control and trust by the enforcement of policy rules. This paper addresses the problem of integrating the ... -
Report on ESUMS Risk Analysis
Omerovic, Aida; Kofod-Petersen, Anders; Solhaug, Bjørnar; Svagård, Ingrid Storruste; Tran, Le Minh Sang (Research report, 2012)This report documents the results of the first case study in the FRISK project, namely a risk analysis. The target of analysis is the ESUMS (Enhanced Sustained Use Monitoring System) prototype system and services for remote ... -
Security risk analysis of system changes exemplified within the oil and gas domain
Refsdal, Atle; Solhaug, Bjørnar; Stølen, Ketil (Journal article; Peer reviewed, 2015)Changes, such as the introduction of new technology, may have considerable impact on the risk to which a system or organization is exposed. For example, in the oil & gas domain, introduction of technology that allows ... -
Specifying Policies Using UML Sequence Diagrams - An Evaluation Based on a Case Study
Solhaug, Bjørnar; Elgesem, Dag; Stølen, Ketil (Research report, 2007)This report provides a case study based evaluation of UML sequence diagrams as a notation for policy specification. Policy rules are defined on the basis of deontic logic, and provided a trace based semantics interpreted ... -
Using Cyber-Insurance as a Risk Management Strategy: Knowledge Gaps and Recommendations for Further Research
Tøndel, Inger Anne; Meland, Per Håkon; Omerovic, Aida; Gjære, Erlend Andreas; Solhaug, Bjørnar (Research report, 2015)Risk transfer can be an economically favorable way of handling security and privacy issues, but choosing this option indiscriminately and without proper knowledge is a risk in itself. This report provides an overview of ...