Homepage for Ketil Stølen
https://orcid.org/0000-0002-8810-9902
Positions
Qualifications
Project management
-
2023-2024: Project Leader of Network for Cybersecurity and Innovation, funded by Viken County Municipality, on behalf of Østfold University College
-
2018-2023: Leader of the Gemini Centre on Internet of Things linking and harmonizing research activities on IoT at NTNU, UiO and SINTEF
-
2014-2018: Project Leader of AGRA – Aggregated Risk Assessment and Management (236657) – funded by the Research Council of Norway under the BIA research programme
-
2012-2015: Technical Coordinator of RASEN – Compositional Risk Assessment and Security Testing of Networked Systems (316853) – under the 7th Framework EU programme User-Friendly Information Society (IST)
-
2010-2015: Project Leader of DIAMONDS – Effort-dependent Technologies for Multi-domain Risk-based Security Testing (201579/S10) – funded by the Research Council of Norway under the VERDIKT research programme
-
2008-2012: Project Leader of EMERGENCY – Mobile Decision Support in Emergency Situations (187799/S10) – funded by the Research Council of Norway under the VERDIKT research programme
-
2007-2012: Project Leader of DIGIT – Digital Interoperability with Trust (180052/S10) – funded by the Research Council of Norway under the VERDIKT research programme
-
2005-2009: Project Leader of ENFORCE – Tool Supported Methodology for the Formalization, Analysis
and Enforcement of Policies within Trust Managment (164382/V30) – funded by the Research Council of Norway under the ICT SOS research programme
-
2004-2008: Project Leader of COMA – Component-oriented Model-based Security-analysis (160317/V30) – funded by the Research Council of Norway
-
2003-2008: Project Leader of SARDAS – Securing Availability by Robust Design, Assessment and Specification (15295/431) – funded by the Research Council of Norway under the Basic ICT research programme
-
2003-2007: Project Leader of SECURIS – Model-driven Development and Analysis of Secure Information Systems (152839/220) – funded by the Research Council of Norway as a Competence Project with User-Involvement
-
2002-2003: Project Leader of COBRA – Component-based Security Assessment (152209/431) – funded by the Research Council of Norway under the Basic ICT Research programme
-
2001-2003: Technical Coordinator of CORAS – A Platform for Risk Analysis of Security Critical Systems (IST-2000-25031) – under the
5th Framework EU programme User-Friendly Information Society (IST)
Editorial boards
Books
Selected articles
On the rely-guarantee method
On stream processing
-
Manfred Broy, Ketil Stølen. Specification and refinement of finite dataflow networks – A relational approach. In Proc. Formal
Techniques in Real-Time and Fault Tolerant Systems (FTRTFT'94), LNCS 863, pages 247-267, Springer, 1994.
(https://doi.org/10.1007/3-540-58468-4_169)
(pdf – ©1994 Springer)
-
Eckhardt Holz, Ketil Stølen. An attempt to embed a restricted version of SDL as a target language in Focus. In Proc. Formal
Description Techniques VII (FORTE'94), pages 324-339, Chapman and Hall, 1994.
(https://doi.org/10.1007/978-0-387-34878-0_26)
(pdf – preprint)
-
Ketil Stølen. Refinement principles supporting the transition from asynchronous to synchronous communication. In Science of
Computer Programming, volume 26, pages 255-272, 1996.
(https://doi.org/10.1016/0167-6423(95)00031-3)
(pdf – ©1996 Elsevier)
-
Ketil Stølen, Frank Dederichs, Rainer Weber. Specification and refinement of networks of asynchronously communicating agents
using the assumption/commitment paradigm. In Formal Aspects of Computing, volume 8, pages 127-161, 1996.
(https://doi.org/10.1007/BF01214554)
(pdf – ©1996 Springer)
-
Radu Grosu, Ketil Stølen. A model for mobile point-to-point data-flow networks without channel sharing. In Proc. Algebraic
Methodology and Software Technology (AMAST'96), LNCS 1101, pages 504-519, Springer, 1996.
(https://doi.org/10.1007/BFb0014336)
(pdf – ©1996 Springer)
-
Ketil Stølen. Assumption/commitment rules for dataflow networks – With an emphasis on completeness. In Proc. 6th European
Symposium on Programming (ESOP'96), LNCS 1058, pages 356-372, Springer, 1996.
(https://doi.org/10.1007/3-540-61055-3_48)
(pdf – ©1996 Springer)
-
Ketil Stølen. Using relations on streams to solve the RPC-memory specification problem. In Post-proc. Dagstuhl-seminar,
Formal Systems Specification, the RPC-Memory Specification Case Study, LNCS 1169, pages 477-520, Springer, 1996.
(https://doi.org/10.1007/BFb0024439)
(pdf – ©1996 Springer)
-
Radu Grosu, Ketil Stølen. Stream based specification of mobile systems. In Formal Aspects of Computing, volume 13,
pages 1-31, 2001.
(https://doi.org/10.1007/PL00003937)
(pdf – ©2001 Springer)
On sequence diagrams and their semantics
-
Øystein Haugen, Knut Eilif Husa, Ragnhild Kobro Runde, Ketil Stølen. STAIRS towards formal design with sequence diagrams.
In Journal of Software and Systems Modeling, volume 4, pages 355-367, 2005.
(https://doi.org/10.1007/s10270-005-0087-0)
(pdf – ©2005 Springer)
-
Ragnhild Kobro Runde, Øystein Haugen, Ketil Stølen. Refining UML interactions with explicit and implicit nondeterminism.
In Nordic Journal of Computing, volume 12, pages 157-188, 2005.
(pdf – ©2005 Publishing Association Nordic Journal of Computing)
-
Mass Soldal Lund, Ketil Stølen. A fully general operational semantics for UML 2.0 sequence diagrams with potential and
mandatory choice. In Proc. 14th International Symposium on Formal Methods (FM'06), LNCS 4085, pages 380-395, Springer, 2006. (https://doi.org/10.1007/11813040_26)
(pdf – ©2006 Springer)
-
Atle Refsdal, Ragnhild Kobro Runde, Ketil Stølen. Underspecification, inherent nondeterminism and
probability in sequence diagrams. In Proc. 8th IFIP International Conference on Formal Methods for Open Object-Based Distributed
Systems (FMOODS'06), LNCS 4037, pages 138-155, Springer, 2006.
(https://doi.org/10.1007/11768869_12)
(pdf – ©2006 Springer)
-
Ragnhild Kobro Runde, Øystein Haugen, Ketil Stølen. The pragmatics of STAIRS. In Post-proc. 4th International Symposium on Formal
Methods for Components and Objects (FMCO'05), LNCS 4111, pages 88-114, Springer, 2006.
(https://doi.org/10.1007/11804192_5)
(pdf – ©2006 Springer)
-
Fredrik Seehusen, Ketil Stølen. Information flow property preserving transformation of UML interaction diagrams. In Proc. 11th ACM
Symposium on Access Control Models and Technologies (SACMAT'06), pages 150-159, ACM, 2006.
(https://doi.org/10.1145/1133058.1133080)
(pdf – ©2006 ACM)
-
Fredrik Seehusen, Bjørnar Solhaug, Ketil Stølen. Adherence preserving refinement of trace-set properties in STAIRS: Exemplified for
information flow properties and policies. In Journal of Software and Systems Modeling, volume 8, pages 45-65, 2009.
(https://doi.org/10.1007/s10270-008-0102-3)
(pdf – ©2009 Springer)
-
Bjørnar Solhaug, Ketil Stølen. Preservation of policy adherence under refinement. In International Journal of
Software and Informatics, volume 5, pages 139-158, ISSN 16737288, ISCAS, 2011.
(pdf – ©2011 ISACS)
-
Ragnhild Kobro Runde, Atle Refsdal, Ketil Stølen. Relating computer systems to sequence diagrams – The impact of
underspecification and inherent nondeterminism. In Formal Aspects of Computing, volume 25, pages 159–187, Springer, 2013.
(https://doi.org/10.1007/s00165-011-0192-5)
(pdf – ©2013 Springer)
-
Atle Refsdal, Ragnhild Kobro Runde, Ketil Stølen. Stepwise refinement of sequence diagrams with soft real-time constraints.
In Journal of Computer and System Sciences,
volume 81, pages 1221-1251, 2015.
(https://doi.org/10.1016/j.jcss.2015.03.003)
(pdf – ©2015 Elsevier)
On security risk analysis
-
Folker den Braber, Ida Hogganvik, Mass Soldal Lund, Ketil Stølen, Fredrik Vraalsen. Model-based security analysis in seven
steps – A guided tour to the CORAS method. In BT Techology Journal, pages 101-117, Springer, 2007.
(https://doi.org/10.1007/s10550-007-0013-9)
(pdf – ©2007 Springer)
-
Bjørnar Solhaug, Dag Elgesem, Ketil Stølen. Why trust is not proportional to risk. In Proc. 2nd International Conference on
Availability, Reliability and Security (AReS'07), pages 11-18, IEEE Computer Society, 2007.
(https://doi.org/10.1109/ARES.2007.161)
(pdf – ©2007 IEEE)
-
Atle Refsdal, Ketil Stølen. Employing key indicators to provide a dynamic risk picture with a notion of confidence. In Proc.
3rd IFIP International Conference on Trust Management (IFIPTM'09), pages 215-233, Springer, 2009.
(https://doi.org/10.1007/978-3-642-02056-8_14)
(pdf – preprint)
-
Mass Soldal Lund, Bjørnar Solhaug, Ketil Stølen. Evolution in relation to risk and trust management. Computer, volume 43 no 5,
pages 49-55, IEEE Computer Society, 2010.
(https://doi.org/10.1109/MC.2010.134)
(pdf – ©2010 IEEE)
-
Gyrd Brændeland, Atle Refsdal, Ketil Stølen. Modular analysis and modelling of risk scenarios with dependencies. Journal of Systems and
Software, volume 83, pages 1995-2013, Elsevier, 2010.
(https://doi.org/10.1016/j.jss.2010.05.069)
(pdf – ©2010 Elsevier)
-
Mass Soldal Lund, Bjørnar Solhaug, Ketil Stølen. Risk analysis of changing and evolving systems using CORAS.
In Proc. 11th International School on Foundations of Security Analysis and Design (FOSAD'11),
LNCS 6858, pages 231-274, Springer, 2011.
(https://doi.org/10.1007/978-3-642-23082-0_9)
(pdf – ©2011 Springer)
-
Ida Hogganvik Grøndahl, Mass Soldal Lund, Ketil Stølen. Reducing the effort to comprehend risk models:
Text labels are often preferred over
graphical means. In Risk Analysis, volume 31, pages 1813-1831, Society for Risk Analysis, 2011.
(https://doi.org/10.1111/j.1539-6924.2011.01636.x)
(pdf – ©2011 Society for Risk Analysis)
-
Gyrd Brændeland, Atle Refsdal, Ketil Stølen. A denotational model for component-based risk analysis.
In Proc. 8th International Symposium on Formal Aspects of Component Software (FACS'11). LNCS 7253, pages 12-41, Springer, 2012.
(https://doi.org/10.1007/978-3-642-35743-5_3)
(pdf – ©2012 Springer)
-
Bjørnar Solhaug, Ketil Stølen. Uncertainty, subjectivity, trust and risk – How it all fits together. In Proc.
7th International Workshop on Security and Trust Management (STM'11). LNCS 7170, pages 1–5, Springer, 2012.
(https://doi.org/10.1007/978-3-642-29963-6_1)
(pdf – ©2012 Springer)
All publications
Supervision
Teaching
- Danish Technical University, DTU Compute – MSc-course: Risk management (5 ECTS) – 2 iterations
- SINTEF School – Research method – 29 iterations
- University of Oslo, Department of Informatics – MSc-course: Unassailable IT systems (10 ECTS) – 25 iterations
- University of Oslo, Department of Informatics – MSc-course: System development and tools based on formal methods (10 ECTS) – 2 iterations
- University of Oslo, Department of Media and Communication – PhD-course: Methods (3 ECTS) – 1 iteration
Miscellaneous
Created: January 1, 1999. Last updated: September 16, 2024.