Diamonds Dissemination

PhD Theses

• Gencer Erdogan. CORAL: A model-based approach to risk-driven security testing. PhD-thesis, University of Oslo, 2015.

Books

• Atle Refsdal, Bjørnar Solhaug, Ketil Stølen. Cyber-risk management. Springer, 2015.

Scientific Articles

• Katsiaryna Labunets, Yan Li, Fabio Massacci, Federica Paci, Martina Ragosta, Bjørnar Solhaug, Ketil Stølen, Alessandra Tedeschi. Preliminary experiments on the relative comprehensibility of tabular and graphical risk models. In Proc. 5th SESAR Innovation Days, 2015.
• Gencer Erdogan, Fredrik Seehusen, Ketil Stølen, Jon Hofstad, Jan Øyvind Aagedal. Assessing the usefulness of testing for validating and correcting security risk models based on two industrial case studies. In International Journal of Secure Software Engineering, volume 6, pages 90-112, 2015.
• Gencer Erdogan, Atle Refsdal, Ketil Stølen. Schematic generation of English-prose semantics for a risk analysis language based on UML interactions. In Proc. 2nd International Workshop on Risk Assessment and Risk-driven Testing (RISK'14), pages 205-310, IEEE, 2014. (pdf - ©2014 IEEE)
• Atle Refsdal, Bjørnar Solhaug, Ketil Stølen. Security risk analysis of system changes exemplified within the oil and gas domain. In International Journal on Software Tools for Technology Transfer. (pdf - ©2014 Springer)
• Atle Refsdal, Øyvind Rideng, Bjørnar Solhaug, Ketil Stølen. Divide and conquer – Towards a notion of risk model encapsulation. In book titled Engineering Secure Future Internet Services, LNCS 8431, pages 345–365, 2014. (pdf - ©2014 Springer)
• Gencer Erdogan, Yan Li, Ragnhild Kobro Runde, Fredrik Seehusen, Ketil Stølen. Approaches for the combined use of risk analysis and testing: A systematic literature review. In International Journal on Software Tools for Technology Transfer, volume 16, pages 627-642, 2014. (pdf - ©2014 Springer)
• Gencer Erdogan, Atle Refsdal, Ketil Stølen. A systematic method for risk-driven test case design using annotated sequence diagrams. In Proc. 1st International Workshop on Risk Assessment and Risk-driven Testing (RISK'13), LNCS 8418, pages 93-108, 2014. (pdf - ©2014 Springer)
• Yan Li, Ragnhild Kobro Runde, Ketil Stølen. Towards a pattern language for security risk analysis of web applications. To appear in Proc. 20th Conference on Pattern Languages of Programs (PLOP'13). (pdf)
• Le Minh Sang Tran, Bjørnar Solhaug, Ketil Stølen. An approach to select cost-effective risk countermeasures exemplified in CORAS. In Proc. 27th IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSEC'13), LNCS 7964, pages 266–273, Springer, 2013. (pdf - ©2013 Springer)
• Bjørnar Solhaug, Ketil Stølen. The CORAS Language – Why it is designed the way it is. To appear in Proc. 11th International Conference on Structural Safety & Reliability (ICOSSAR'13). (pdf)
• Yan Li. Conceptual framework for security testing, security risk analysis and their combinations. In Proc. 9th Workshop on Systems Testing and Validation (STV'12), Fraunhofer, pages 17-21, 2012. (pdf)
• Gencer Erdogan, Fredrik Seehusen, Ketil Stølen, Jan Aagedal. Assessing the usefulness of testing for validating the correctness of security risk models based on an industrial case study. In Proc. International Workshop on Quantitative Aspects in Security Assurance, 2012. (pdf)
• Gencer Erdogan. Risk-driven security testing versus test-driven security risk analysis. In Proc. 1st Doctoral Symposium on Engineering Secure Software und Systems, pages 5-10, CEUR-WS.org, ISSN 1613-0073, 2012. (pdf)

Public Seminars

• Estimering av sikkerhetsnivå: Fra et tverrfaglig perspektiv. Oslo, September 29, 2015.
• Kost-nytte-analyse i en risikoevaluering. Oslo, February 18, 2015.
• Cyberrisk – Hva slags risk er det og hva er konsekvensene for analyse og testing? Oslo, June 18, 2014.
• Hvordan verdisette og estimere risk. Oslo, March 20, 2014.
• Hvordan aggregere risiko og risikoanalyser. Oslo, November 7, 2013.
• Risikoanalyse og testing innen sikkerhet. Oslo, June 11, 2013.

Presentations

• Li Yan. A systematic architectural cecurity risk management approach and a supporting framework. EVRY, May 19, 2015.
• Li Yan. A systematic architectural cecurity risk management approach and a supporting framework. EVRY, May 18, 2015.
• Ketil Stølen. Cyberspace, cybersecurity and cyber-risk – What is new and what are the real challenges? Universitetet i Bergen, Institute for Informatics, May 7, 2015.
• Li Yan. How to select an effective IT security risk analysis method? University of Oslo, February 17, 2015.
• Li Yan. Er det trygt å bruke web-applikasjoner? University of Oslo, March 6, 2014.
• Ketil Stølen. Test-based risk assessment. Workshop on Security Assessment for Systems, Services and Infrastructures (SASSI'13). Technical University (TU) in Berlin, Germany, September 19, 2013.
• Ketil Stølen. Uncertainty, subjectivity, trust and risk - How it all fits together. Malaga Spring PhD School on Trustworthy and Secure Service Composition. 2 hours. Malaga, Spain, May 31, 2013.
• Ketil Stølen. Risk and evolution. NESSOS Workshop on Security and Privacy of Evolvable, Adaptive and Mobile Systems. Malaga, Spain, May 30, 2013.
• Ketil Stølen. Hvordan gjennomføre risikoanalyse og testing mht informasjonssikkerhet? Tekna-seminar titled "Risiko og Sikkerhet i IKT-Systemer", Oslo, March 13, 2013.
• Ketil Stølen. Risk analysis and testing: Experiences from industrial cases within information security. Presentation at the seminar "Sikkerhet og Sårbarhet" organized by the Norwegian Computer Society, Trondheim, May 8, 2012.

Technical Reports

• Gencer Erdogan, Ketil Stølen, Jan Øyvind Aagedal. Evaluation of the CORAL approach for risk-driven security testing based on an industrial case study. Technical Report SINTEF A27097, SINTEF ICT, July 2015. (pdf)
• Gencer Erdogan, Fredrik Seehusen, Ketil Stølen, Jan Øyvind Aagedal. Assessing the usefulness of testing for validating the correctness of security risk models based on an industrial case study. Technical Report A26187, SINTEF ICT, 2014. (pdf)
• Gencer Erdogan, Atle Refsdal, Ketil Stølen. A systematic method for risk-driven test case design using annotated sequence diagrams. Technical Report A26036, SINTEF ICT, 2014. (pdf)
• Gencer Erdogan, Fredrik Seehusen, Yan Li. An evaluation of a test-driven security risk analysis method based on an industrial case study. Technical Report A25605, SINTEF ICT, 2013. (pdf)
• Le Minh Sang Tran, Bjørnar Solhaug, Ketil Stølen. An approach to select cost-effective risk countermeasures exemplified in CORAS. Technical Report A24343, SINTEF ICT, 2013. (pdf)
• Gencer Erdogan, Yan Li, Ragnhild Kobro Runde, Fredrik Seehusen, Ketil Stølen: Conceptual framework for the DIAMONDS project. Technical Report A22798, SINTEF ICT, 2012. (pdf)