DIGIT Dissemination

PhD Theses

Olav Skjelkvåle Ligaarden. A framework for analyzing and monitoring the impact of dependencies on quality. PhD-thesis, University of Oslo, 2013.
Aida Omerovic. PREDIQT: A method for model-based prediction of impacts of architectural design changes on system quality. PhD-thesis, University of Oslo, 2012.

Authored Books

Bjørnar Solhaug, Mass Soldal Lund, Ketil Stølen. Model-Driven Risk Analysis: The CORAS Approach. Springer, 2011.

Scientific Articles

Aida Omerovic, Bjørnar Solhaug, Ketil Stølen. Assessing practical usefulness and performance of the PREDIQT method: An industrial case study. In Information and Software Technology, volume 52, 1377-1395, Elsevier, 2012.
Olav Skjelkvåle Ligaarden, Atle Refsdal, Ketil Stølen. Designing indicators to monitor the fulfillment of business objectives with particular focus on quality and ICT-supported monitoring of indicators. In Journal on Advances in Intelligent Systems, volume 5, pages 173-195, IARIA, 2012.
Olav Skjelkvåle Ligaarden, Atle Refsdal, Ketil Stølen. Using indicators to monitor security risk in systems of systems: How to capture and measure the impact of service dependencies on the security of provided services. In book titled IT Security Governance Innovations: Theory and Research, pages 256-292, IGI Global, 2012.
Olav Skjelkvåle Ligaarden, Atle Refsdal, Ketil Stølen. Experiences from using indicators to validate expert judgments in security risk analysis. In Proc. 3rd International Workshop on Security Measurements and Metrics (MetriSec'11), pages 88-92, IEEE, 2012.
Olav Skjelkvåle Ligaarden, Mass Soldal Lund, Atle Refsdal, Fredrik Seehusen, and Ketil Stølen. An architectural pattern for enterprise level monitoring tools. In Proc. International Workshop on the Maintenance and Evolution of Service-Oriented and Cloud-Based Systems (MESOCA'11), IEEE Computer Society, 2011.
Olav Skjelkvåle Ligaarden, Atle Refsdal, and Ketil Stølen. ValidKI: A method for designing key indicators to monitor the fulfillment of business objectives. In Proc. 1st International Conference on Business Intelligence and Technology (BUSTECH'11), pages 57-65, IARIA, 2011.
Tormod Håvaldsrud, Birger Møller-Pedersen, Bjørnar Solhaug, Ketil Stølen. DeSPoT: A method for the development and specification of policies for trust negotiation. In Proc. 3rd FTRA International Conference on Computer Science and its Applications (CSA'11), LNEE 114, pages 93-104, Springer, 2011.
Aida Omerovic, Ketil Stølen. Traceability handling in model-based prediction of system quality. In Proc. 3rd International Conference on Advances in System Simulation (SIMUL'11), pages 79-88, IEEE Computer Society, 2011.
Aida Omerovic, Ketil Stølen. A practical approach to uncertainty handling and estimate acquisition in model-based prediction of system quality. In International Journal on Advances in Systems and Measurements. volume 4, pages 55-70, IARIA, 2011.
Fredrik Seehusen, Ketil Stølen. A method for model-driven information flow security. In book titled Dependability and Computer Engineering: Concepts for Software-Intensive Systems, pages 199-229, IGI Global, 2011.
Ida Hogganvik Grøndahl, Mass Soldal Lund, Ketil Stølen. Reducing the effort to comprehend risk models: text labels are often preferred over graphical means. In Risk Analysis, volume 31, pages 1813-1831, Society for Risk Analysis, 2011.
Aida Omerovic, Amela Karahasanovic, Ketil Stølen. Uncertainty handling in weighted dependency trees. In book titled Dependability and Computer Engineering: Concepts for Software-Intensive Systems, pages 381-416, IGI Global, 2011.
Aida Omerovic, Ketil Stølen. Evaluation of experiences from applying the PREDIQT method in an industrial case study. In Proc. 5th IEEE International Conference on Secure Software Integration and Reliability Improvement (SSIRI'11), pages 137-146, IEEE Computer Society, 2011.
Gyrd Brændeland, Atle Refsdal, Ketil Stølen. Modular analysis and modelling of risk scenarios with dependencies. Journal of Systems and Software, volume 83, pages 1995-2013, Elsevier, 2010.
Olav S. Ligaarden, Ketil Stølen. Analyzing security risks in critical infrastructures embedded in systems of systems - How to capture the impact of interdependencies. In Proc. ESREL 2010 Annual Conference, pages 347-353, Taylor and Francis Group, 2010.
Tormod V. Håvaldsrud, Olav S. Ligaarden, Per Myrseth, Atle Refsdal, Ketil Stølen, Jon Ølnes. Experiences from using a UML-based method for trust analysis in an industrial project on electronic procurement. In Journal of Electronic Commerce Research, volume 10, pages 441-467, Springer, 2010.
Aida Omerovic, Ketil Stølen. Interval-based uncertainty handling in model-based prediction of system quality. In Proc. 2nd International Conference on Advances in System Simulation (SIMUL'10), pages 99-108, IEEE Computer Society, 2010.
Mass Soldal Lund, Bjørnar Solhaug, Ketil Stølen. Evolution in relation to risk and trust management. Computer, volume 43 no 5, pages 49-55, IEEE Computer Society, 2010.
Aida Omerovic, Anette Andresen, Håvard Grindheim, Per Myrseth, Atle Refsdal, Ketil Stølen, Jon Ølnes. A feasibility study in model based prediction of impact of changes on system quality. In Proc. 2nd International Symposium on Engineering Secure Software and Systems (ESSOS'10), LNCS 5965, pages 231-240, Springer, 2010.
Tormod Vaksvik Håvaldsrud, Birger Møller-Pedersen. Nested and specialized associations. In Proc. 2nd Workshop on Relationships and Associations in Object-Oriented Languages (RAOOL'09), pages 25-31, ACM Press, 2009.
Fredrik Seehusen, Bjørnar Solhaug, Ketil Stølen. Adherence preserving refinement of trace-set properties in STAIRS: exemplified for information flow properties and policies. In Journal of Software and Systems Modeling, volume 8, pages 45-65, 2009.
Bjørnar Solhaug, Ketil Stølen. Compositional refinement of policies in UML - Exemplified for access control. In Proc. 13th European Symposium on Research in Computer Security (ESORICS'08), LNCS 5283, pages 300-316, Springer, 2008.
Gyrd Brændeland, Heidi E.I. Dahl, Iselin Engan, Ketil Stølen. Using dependent CORAS diagrams to analyse mutual dependency. In Proc. 2nd International Workshop on Critical Information Infrastructure Security (CRITIS'07), LNCS 5141, pages 135-148, Springer, 2008.
Heidi E.I. Dahl, Ida Hogganvik, Ketil Stølen. Structured semantics for the CORAS security risk modelling language. In Proc. 2nd International Workshop on Interoperability Solutions on Trust, Security, Policies and QoS for Enhanced Systems (IS-TSPQ'07), pages 79-92, Helsinki University Printing House, 2007.

Public Seminars

Sikkerhetsstyring: Hvordan analysere, predikere, monitorere og håndheve sikkerhet med hensyn til endring. Oslo, April 19, 2012.
Modelldrevet risikoanalyse med CORAS. Oslo, December 7, 2011
Hvordan å forutsi effekten av endring på IT-systemer. Oslo, September 30, 2010.
Skjulte avhengigheter i komplekse systemer. Oslo, January 15, 2009.

Panels

Aida Omerovic. Participation in panel "Pedagogy of Modeling and Simulation: A Scaffolded Approach?" Special symposium panel at International Conference on Advances in System Simulation (SIMUL'11) Barcelona, October 26, 2011.
Ketil Stølen. Participation in panel "Integration of certification and legal and organizational policies in MDE" at 3rd Workshop on Non-functional System Properties in Domain Specific Modeling Languages (NFPinDSML'10), Oslo, October 3, 2010.
Ketil Stølen. Participation in panel "How to Make Decisions for Security Governance" at 1st ACM Workshop on Information Security Governance, Chicago, November 13, 2009.
Ketil Stølen. Participation in panel "Engineering Secure Complex Software Systems and Services: Research Advances and Perspectives" at EC-ERCIM Seminar on ICT Security, Brussels, Belgium, October 16, 2008.

Presentations

Ketil Stølen. Model-Driven Risk Analysis: The CORAS Approach. Presentation at Humboldt Univerisity, Berlin, Germany, January 26, 2012.
Aida Omerovic. Metoder og verktøy for å adressere utfordringer ved risikostyring og kvalitetsledelse. Presentation at seminar on "Helhetlig risikostyring og kvalitetsledelse" organized by Den Norske Dataforening, Oslo, December 5, 2011
Tormod Vaksvik Håvaldsrud. A method for the development and analysis of policies for trust negotiation. Presentation at NESSoS meeting, Madrid, Spain, February 7, 2011.
Aida Omerovic. Model based prediction of impacts of architecture design changes on system security. Presentation at Workshop on Security Predictions, Pisa, Italy, February 5, 2010.
Aida Omerovic. Simplifying parametrization of Bayesian networks for prediction of impact of changes on system quality. Presented at Institute of Informatics, University of Oslo, Oslo, April 30, 2009.
Olav Skjelkvåle Ligaarden. Using UML to model dependencies in systems of systems. Fourth International CRIS Conference on Critical Infrastructures (CRIS'09), Linköping, Sweden, April 29, 2009.
Heidi E. I. Dahl, Mass Soldal Lund. Risk management in practice. Model based security risk analysis with the CORAS method. Tutorial at "International Symposium on Engineering Secure Software and Systems (ESSoS'09)", Leuven, Belgium, February 4, 2009.
Ketil Stølen. Employing key indicators to provide a dynamic risk picture. Presentation at Security Workshop, University of Trento, January 20, 2009.
Heidi E. I. Dahl. The CORAS method for security risk analysis. Tutorial presentation at 7th Estonian Summer School on Computer and Systems Science in cooperation with the Nordic Network On Dependable Systems (NODES), Otepää, Estonia, August 24-29, 2008.
Ketil Stølen. A reductionistic approach to security analysis. Presentation at Modeling Security Workshop (ModSec'08), Toulouse, September 28, 2008.
Ketil Stølen. Nyere forskningsresultater relatert til sikkerhet og tillit. Presented for “SOA i praksis” – a resource network of the Norwegian Computer Society – in a meeting focusing on “Security and SOA”, Oslo, December 5, 2007.

Posters

Olav Skjelkvåle Ligaarden. Analyzing security risks in critical infrastructures embedded in systems of systems: How to capture the impact of interdependencies. VERDIKT-konferansen, Oslo, November 3, 2009.
Tormod Vaksvik Håvaldsrud. Modeling trust mechanisms in software. VERDIKT-konferansen, Oslo, November 3, 2009.
Aida Omerovic. Quantifying uncertainty in a model based prediction of system security. VERDIKT-konferansen, Oslo, November 3, 2009.
Olav Skjelkvåle Ligaarden. Evaluation of languages for modelling dependencies in systems of systems. VERDIKT-konferansen, Bergen, October 30, 2008.
Tormod Vaksvik Håvaldsrud. Modeling electronic trust. VERDIKT-konferansen, Bergen, October 30, 2008.
Aida Omerovic. A method for prediction of architecture quality. VERDIKT-konferansen, Bergen, October 30, 2008.
Tormod Vaksvik Håvaldsrud. Model driven trust analysis. 7th Estonian Summer School in Computer and Systems Science (ESSCaSS'08), Otepää. Estonia, August 24-29, 2008.
Olav Skjelkvåle Ligaarden. Modelling and analysing dependencies in systems of systems. 7th Estonian Summer School in Computer and Systems Science (ESSCaSS'08), Otepää. Estonia, August 24-29, 2008.
Gyrd Brændeland. System of systems: Modelling and analyses of mutual dependencies. VERDIKT-konferansen, Trondheim, October 29, 2007.
Aida Omerovic. Interoperability and trust within and across collaborating architectures. VERDIKT-konferansen, Trondheim, October 29, 2007.

Abstracts

Olav Skjelkvåle Ligaarden, Ketil Stølen. Assessing the usefulness of key indicators. In Proc. 4th Nordic Workshop on Dependability and Security (NODES'10), DTU, 2010.
Aida Omerovic, Ketil Stølen. Simplifying parametrization of Bayesian networks in prediction of system quality. In Proc. 3rd IEEE International Conference on Secure Software Integration and Reliability Improvement (SSIRI'09), pages 447-448, IEEE, 2009.
Olav Skjelkvåle Ligaarden, Ketil Stølen. A contract-oriented view on threat modelling. In Proc. 2nd Workshop on Formal Languages and Analysis of Contract-Oriented Software (FLACOS'08), pages 61-68, Research report 377, Department of Informatics, University of Oslo, 2008.
Gyrd Brændeland, Heidi E. I. Dahl, Iselin Engan, Ketil Stølen. Using Dependent CORAS diagrams to analyse mutual dependency. Nordic workshop and doctoral symposium on Dependability and Security (NODES'07). Åbo Akademi Reports on Computer Science & Mathematics, Ser. B, No 37, 2007.
Aida Omerovic, Ketil Stølen. Interoperability and trustworthiness: What are the challenges? Nordic workshop and doctoral symposium on Dependability and Security (NODES'07). Åbo Akademi Reports on Computer Science & Mathematics, Ser. B, No 37, 2007.

Technical Reports (Public ones)

Olav Skjelkvåle Ligaarden, Atle Refsdal, Ketil Stølen. ValidKI: A method for designing indicators to monitor the fulfillment of business objectives with particular focus on quality and ICT-supported monitoring of indicators. SINTEF A23413, SINTEF ICT, October 2012.
Olav Skjelkvåle Ligaarden, Atle Refsdal, Ketil Stølen. Using indicators to monitor risk in interconnected systems: How to capture and measure the impact of service dependencies on the quality of provided services. SINTEF A22301, SINTEF ICT, October 2012.
Tormod Vaksvik Håvaldsrud, Birger Møller-Pedersen, Bjørnar Solhaug, Ketil Stølen. DeSPoT: A method for the development and specification of policies for trust negotiation. SINTEF A20174, SINTEF ICT, January 2012.
Olav Skjelkvåle Ligaarden, Atle Refsdal, Ketil Stølen. Experiences from using indicators to validate expert judgments in security risk analysis. Techical report SINTEF A21560, SINTEF ICT, 2012.
Aida Omerovic, Ketil Stølen. Traceability Handling in Model-based Prediction of System Quality. Technical report A19348, SINTEF ICT, 2011.
Aida Omerovic, Bjørnar Solhaug, Ketil Stølen. Evaluation of experiences from applying the PREDIQT method in an industrial case study. SINTEF A17562, SINTEF ICT, January 2011.
Tormod Vaksvik Håvaldsrud, Bjørnar Solhaug, Ketil Stølen. Evaluation of a method for the analysis and development of policies for trust negotiation. SINTEF A18834, SINTEF ICT, March 2011.
Aida Omerovic, Anette Andresen, Håvard Grindheim, Per Myrseth, Atle Refsdal, Ketil Stølen, Jon Ølnes. A feasibility study in model-based prediction of changes on system quality. SINTEF A13339, SINTEF ICT, January 2010.
Fredrik Seehusen, Ketil Stølen. A method for model-driven information flow security. SINTEF A11357, SINTEF ICT, 2009.
Fredrik Seehusen, Mass Soldal Lund, Ketil Stølen. A transformational approach to facilitate monitoring of high level policies. SINTEF A11356, SINTEF ICT, 2009.
Bjørnar Solhaug, Ketil Stølen. Compositional refinement of policies in UML - Exemplified for access control. Technical report A11359, SINTEF ICT, 2009.
Gyrd Brændeland, Heidi E. I. Dahl, Ketil Stølen. A modular approach to the modelling and analysis of risk scenarios with mutual depenencies. Technical report A8360, SINTEF ICT, 2008.
Mass Soldal Lund, Emese Lujza Bogya. Evaluation of the 1st DIGIT field trial. Technical report A6129, SINTEF ICT, 2008.
Heidi E. I. Dahl, Ida Hogganvik, Ketil Stølen. Structured semantics for the CORAS security risk modelling language. Technical report STF07 A970, SINTEF Information and Communication Technology, 2007.

Proceedings

Aida Omerovic, Diglio A. Simoni, Georgiy Bobashev, (eds.) Proceedings of the 3rd International Conference on Advances in System Simulation (SIMUL'11).
Andy Ozment, Ketil Stølen (eds.) Proceedings of the 4th ACM workshop on Quality of protection (QoP'08). ACM Press, 2008.
Gunther Karjoth, Ketil Stølen (eds.) Proceedings of the 3rd ACM workshop on Quality of protection (QoP'07). ACM Press, 2007.

Created: June 29, 2007. Last updated: June 4, 2013.