Homepage for Ketil Stølen

https://orcid.org/0000-0002-8810-9902

Positions

2022– Lecturer, Writer and Advisor – Stølen Rådgiving og Undervisning, Norway
1999–2023 Chief Scientist and Group Leader – SINTEF Digital, Norway
1998– Adjunct Professor in Computer Science – University of Oslo, Norway
1996–1999 Research Scientist at the OECD Halden Reactor Project – Institute for Energy Technology, Norway
1991–1996 Research Associate – Munich University of Technology, Germany
1990–1991 Postdoctoral Fellow funded by the Wolfson Foundation – University of Manchester, UK
1987–1990 PhD Fellow (personal fellowship) – University of Manchester, UK
1986–1987 Research Assistant (military service) – Norwegian Defence Research Establishment, Norway

Elected member of Norges Tekniske Vitenskapsakademi

Qualifications

PhD in Computer Science, University of Manchester (1990)
Cand Scient (comparable to MSc) in Computer Science, University of Oslo (1986)

Project management

2023-2024: Project Leader of Network for Cybersecurity and Innovation, funded by Viken County Municipality, on behalf of Østfold University College
2018-2023: Leader of the Gemini Centre on Internet of Things linking and harmonizing research activities on IoT at NTNU, UiO and SINTEF
2014-2018: Project Leader of AGRA – Aggregated Risk Assessment and Management (236657) – funded by the Research Council of Norway under the BIA research programme
2012-2015: Technical Coordinator of RASEN – Compositional Risk Assessment and Security Testing of Networked Systems (316853) – under the 7th Framework EU programme User-Friendly Information Society (IST)
2010-2015: Project Leader of DIAMONDS – Effort-dependent Technologies for Multi-domain Risk-based Security Testing (201579/S10) – funded by the Research Council of Norway under the VERDIKT research programme
2008-2012: Project Leader of EMERGENCY – Mobile Decision Support in Emergency Situations (187799/S10) – funded by the Research Council of Norway under the VERDIKT research programme
2007-2012: Project Leader of DIGIT – Digital Interoperability with Trust (180052/S10) – funded by the Research Council of Norway under the VERDIKT research programme
2005-2009: Project Leader of ENFORCE – Tool Supported Methodology for the Formalization, Analysis and Enforcement of Policies within Trust Managment (164382/V30) – funded by the Research Council of Norway under the ICT SOS research programme
2004-2008: Project Leader of COMA – Component-oriented Model-based Security-analysis (160317/V30) – funded by the Research Council of Norway
2003-2008: Project Leader of SARDAS – Securing Availability by Robust Design, Assessment and Specification (15295/431) – funded by the Research Council of Norway under the Basic ICT research programme
2003-2007: Project Leader of SECURIS – Model-driven Development and Analysis of Secure Information Systems (152839/220) – funded by the Research Council of Norway as a Competence Project with User-Involvement
2002-2003: Project Leader of COBRA – Component-based Security Assessment (152209/431) – funded by the Research Council of Norway under the Basic ICT Research programme
2001-2003: Technical Coordinator of CORAS – A Platform for Risk Analysis of Security Critical Systems (IST-2000-25031) – under the 5th Framework EU programme User-Friendly Information Society (IST)

Editorial boards

Software and Systems Modeling, Springer

Books

Book on Technology Science (Springer 2023)
How to order
Errata

Book on Technology Science (Universitetsforlaget 2019)
In Norwegian
How to order
Errata

Book on Cyber-Risk Management (Springer 2015)
How to order
Flyer

PhD thesis (University of Manchester 1990)
Read it
Errata

Selected articles

On the rely-guarantee method

Ketil Stølen. A method for the development of totally correct shared-state parallel programs. In Proc. 2nd International Conference on Concurrency Theory (CONCUR'91), LNCS 527, pages 510-525, Springer, 1991. (https://doi.org/10.1007/3-540-54430-5_110) (pdf – ©1991 Springer)
Ketil Stølen. An attempt to reason about shared-state concurrency in the style of VDM. In Proc. 4th International Symposium of VDM Europe (VDM'91), LNCS 551, pages 324-342, Springer, 1991. (https://doi.org/10.1007/3-540-54834-3_20) (pdf – ©1991 Springer)

On stream processing

Manfred Broy, Ketil Stølen. Specification and refinement of finite dataflow networks – A relational approach. In Proc. Formal Techniques in Real-Time and Fault Tolerant Systems (FTRTFT'94), LNCS 863, pages 247-267, Springer, 1994. (https://doi.org/10.1007/3-540-58468-4_169) (pdf – ©1994 Springer)
Eckhardt Holz, Ketil Stølen. An attempt to embed a restricted version of SDL as a target language in Focus. In Proc. Formal Description Techniques VII (FORTE'94), pages 324-339, Chapman and Hall, 1994. (https://doi.org/10.1007/978-0-387-34878-0_26) (pdf – preprint)
Ketil Stølen. Refinement principles supporting the transition from asynchronous to synchronous communication. In Science of Computer Programming, volume 26, pages 255-272, 1996. (https://doi.org/10.1016/0167-6423(95)00031-3) (pdf – ©1996 Elsevier)
Ketil Stølen, Frank Dederichs, Rainer Weber. Specification and refinement of networks of asynchronously communicating agents using the assumption/commitment paradigm. In Formal Aspects of Computing, volume 8, pages 127-161, 1996. (https://doi.org/10.1007/BF01214554) (pdf – ©1996 Springer)
Radu Grosu, Ketil Stølen. A model for mobile point-to-point data-flow networks without channel sharing. In Proc. Algebraic Methodology and Software Technology (AMAST'96), LNCS 1101, pages 504-519, Springer, 1996. (https://doi.org/10.1007/BFb0014336) (pdf – ©1996 Springer)
Ketil Stølen. Assumption/commitment rules for dataflow networks – With an emphasis on completeness. In Proc. 6th European Symposium on Programming (ESOP'96), LNCS 1058, pages 356-372, Springer, 1996. (https://doi.org/10.1007/3-540-61055-3_48) (pdf – ©1996 Springer)
Ketil Stølen. Using relations on streams to solve the RPC-memory specification problem. In Post-proc. Dagstuhl-seminar, Formal Systems Specification, the RPC-Memory Specification Case Study, LNCS 1169, pages 477-520, Springer, 1996. (https://doi.org/10.1007/BFb0024439) (pdf – ©1996 Springer)
Radu Grosu, Ketil Stølen. Stream based specification of mobile systems. In Formal Aspects of Computing, volume 13, pages 1-31, 2001. (https://doi.org/10.1007/PL00003937) (pdf – ©2001 Springer)

On sequence diagrams and their semantics

Øystein Haugen, Knut Eilif Husa, Ragnhild Kobro Runde, Ketil Stølen. STAIRS towards formal design with sequence diagrams. In Journal of Software and Systems Modeling, volume 4, pages 355-367, 2005. (https://doi.org/10.1007/s10270-005-0087-0) (pdf – ©2005 Springer)
Ragnhild Kobro Runde, Øystein Haugen, Ketil Stølen. Refining UML interactions with explicit and implicit nondeterminism. In Nordic Journal of Computing, volume 12, pages 157-188, 2005. (pdf – ©2005 Publishing Association Nordic Journal of Computing)
Mass Soldal Lund, Ketil Stølen. A fully general operational semantics for UML 2.0 sequence diagrams with potential and mandatory choice. In Proc. 14th International Symposium on Formal Methods (FM'06), LNCS 4085, pages 380-395, Springer, 2006. (https://doi.org/10.1007/11813040_26) (pdf – ©2006 Springer)
Atle Refsdal, Ragnhild Kobro Runde, Ketil Stølen. Underspecification, inherent nondeterminism and probability in sequence diagrams. In Proc. 8th IFIP International Conference on Formal Methods for Open Object-Based Distributed Systems (FMOODS'06), LNCS 4037, pages 138-155, Springer, 2006. (https://doi.org/10.1007/11768869_12) (pdf – ©2006 Springer)
Ragnhild Kobro Runde, Øystein Haugen, Ketil Stølen. The pragmatics of STAIRS. In Post-proc. 4th International Symposium on Formal Methods for Components and Objects (FMCO'05), LNCS 4111, pages 88-114, Springer, 2006. (https://doi.org/10.1007/11804192_5) (pdf – ©2006 Springer)
Fredrik Seehusen, Ketil Stølen. Information flow property preserving transformation of UML interaction diagrams. In Proc. 11th ACM Symposium on Access Control Models and Technologies (SACMAT'06), pages 150-159, ACM, 2006. (https://doi.org/10.1145/1133058.1133080) (pdf – ©2006 ACM)
Fredrik Seehusen, Bjørnar Solhaug, Ketil Stølen. Adherence preserving refinement of trace-set properties in STAIRS: Exemplified for information flow properties and policies. In Journal of Software and Systems Modeling, volume 8, pages 45-65, 2009. (https://doi.org/10.1007/s10270-008-0102-3) (pdf – ©2009 Springer)
Bjørnar Solhaug, Ketil Stølen. Preservation of policy adherence under refinement. In International Journal of Software and Informatics, volume 5, pages 139-158, ISSN 16737288, ISCAS, 2011. (pdf – ©2011 ISACS)
Ragnhild Kobro Runde, Atle Refsdal, Ketil Stølen. Relating computer systems to sequence diagrams – The impact of underspecification and inherent nondeterminism. In Formal Aspects of Computing, volume 25, pages 159–187, Springer, 2013. (https://doi.org/10.1007/s00165-011-0192-5) (pdf – ©2013 Springer)
Atle Refsdal, Ragnhild Kobro Runde, Ketil Stølen. Stepwise refinement of sequence diagrams with soft real-time constraints. In Journal of Computer and System Sciences, volume 81, pages 1221-1251, 2015. (https://doi.org/10.1016/j.jcss.2015.03.003) (pdf – ©2015 Elsevier)

On security risk analysis

Folker den Braber, Ida Hogganvik, Mass Soldal Lund, Ketil Stølen, Fredrik Vraalsen. Model-based security analysis in seven steps – A guided tour to the CORAS method. In BT Techology Journal, pages 101-117, Springer, 2007. (https://doi.org/10.1007/s10550-007-0013-9) (pdf – ©2007 Springer)
Bjørnar Solhaug, Dag Elgesem, Ketil Stølen. Why trust is not proportional to risk. In Proc. 2nd International Conference on Availability, Reliability and Security (AReS'07), pages 11-18, IEEE Computer Society, 2007. (https://doi.org/10.1109/ARES.2007.161) (pdf – ©2007 IEEE)
Atle Refsdal, Ketil Stølen. Employing key indicators to provide a dynamic risk picture with a notion of confidence. In Proc. 3rd IFIP International Conference on Trust Management (IFIPTM'09), pages 215-233, Springer, 2009. (https://doi.org/10.1007/978-3-642-02056-8_14) (pdf – preprint)
Mass Soldal Lund, Bjørnar Solhaug, Ketil Stølen. Evolution in relation to risk and trust management. Computer, volume 43 no 5, pages 49-55, IEEE Computer Society, 2010. (https://doi.org/10.1109/MC.2010.134) (pdf – ©2010 IEEE)
Gyrd Brændeland, Atle Refsdal, Ketil Stølen. Modular analysis and modelling of risk scenarios with dependencies. Journal of Systems and Software, volume 83, pages 1995-2013, Elsevier, 2010. (https://doi.org/10.1016/j.jss.2010.05.069) (pdf – ©2010 Elsevier)
Mass Soldal Lund, Bjørnar Solhaug, Ketil Stølen. Risk analysis of changing and evolving systems using CORAS. In Proc. 11th International School on Foundations of Security Analysis and Design (FOSAD'11), LNCS 6858, pages 231-274, Springer, 2011. (https://doi.org/10.1007/978-3-642-23082-0_9) (pdf – ©2011 Springer)
Ida Hogganvik Grøndahl, Mass Soldal Lund, Ketil Stølen. Reducing the effort to comprehend risk models: Text labels are often preferred over graphical means. In Risk Analysis, volume 31, pages 1813-1831, Society for Risk Analysis, 2011. (https://doi.org/10.1111/j.1539-6924.2011.01636.x) (pdf – ©2011 Society for Risk Analysis)
Gyrd Brændeland, Atle Refsdal, Ketil Stølen. A denotational model for component-based risk analysis. In Proc. 8th International Symposium on Formal Aspects of Component Software (FACS'11). LNCS 7253, pages 12-41, Springer, 2012. (https://doi.org/10.1007/978-3-642-35743-5_3) (pdf – ©2012 Springer)
Bjørnar Solhaug, Ketil Stølen. Uncertainty, subjectivity, trust and risk – How it all fits together. In Proc. 7th International Workshop on Security and Trust Management (STM'11). LNCS 7170, pages 1–5, Springer, 2012. (https://doi.org/10.1007/978-3-642-29963-6_1) (pdf – ©2012 Springer)

All publications

Books and articles (most of which available in pdf)
Technical reports (most of which available in pdf)
Essays (in Norwegian)
Editorial work

Supervision

PhD: graduates (theses available in pdf)
MSc: graduates
MSc: currently active

Teaching

Danish Technical University, DTU Compute – MSc-course: Risk management (5 ECTS) – 2 iterations
SINTEF School – Research method – 29 iterations
University of Oslo, Department of Informatics – MSc-course: Unassailable IT systems (10 ECTS) – 25 iterations
University of Oslo, Department of Informatics – MSc-course: System development and tools based on formal methods (10 ECTS) – 2 iterations
University of Oslo, Department of Media and Communication – PhD-course: Methods (3 ECTS) – 1 iteration

Miscellaneous

The CORAS tool (3rd version – released 2022)
STAIRS and its publications
Public seminars (in Norwegian)
Follow me at Linked-in
Follow me at Research-gate
My entry in the Mathematics Genealogy Project
Citations according to Google Scholar
Contact information

Created: January 1, 1999. Last updated: September 16, 2024.