The ENFORCE Dissemination

PhD theses

• Tobias Mahler. Legal risk management. Developing and evaluating elements of a method for proactive legal analyses, with a particular focus on contracts. PhD thesis, University of Oslo, 2010.
• Bjørnar Solhaug. Policy specification using sequence diagrams - Applied to trust management. PhD thesis, University of Bergen, 2009.

Edited books

• Ketil Stølen, William H. Winsborough, Fabio Martinelli, Fabio Massacci. Proceedings of 4th International Conference on Trust Management, LNCS 3986, Pisa, Italy, May 16-19, 2006.

Papers in periodicals

• Mahler, Tobias. Una definición de riesgo legal. Foro de Derecho Mercantil: Revista Internacional, volume 22, pages 78-113, 2009.
• Atle Refsdal, Sune Jakobsson. Adding soft real-time requirements in a step-wise development process. Telektronikk, 105(1):69-80, 2009.
• Bjørnar Solhaug, Tor Hjalmar Johannessen. Specification of policies using UML sequence diagrams. Telektronikk, 105(1):90-97, 2009.
• Fredrik Seehusen, Bjørnar Solhaug, Ketil Stølen. Adherence preserving refinement of trace-set properties in STAIRS: exemplified for information flow properties and policies. In Journal of Software and Systems Modelling, volume 8, pages 45-65, 2009.
• Atle Refsdal, Ketil Stølen. Extending UML sequence diagrams to model trust-dependent behavior with the aim to support risk analysis. In Science of Computer Programming, volume 74, no. 1-2, pages 34-42, 2008.
• Thomas Olsen, Tobias Mahler. Identity management and data protection law: Risk, responsibility and compliance in 'circles of trust'. Part II.
Computer Law & Security Report 2007, volume 23, no. 5, pages 415-426, Elsevier, 2007.
• Thomas Olsen, Tobias Mahler. Identity management and data protection law: Risk, responsibility and compliance in 'circles of trust'. Part I.
Computer Law & Security Report 2007, volume 23, no. 4, pages 342-351, Elsevier, 2007.
• Tobias Mahler, Jon Bing. Contractual risk management in an ICT context - Searching for a possible interface between legal methods and risk analysis. Scandinavian Studies in Law (ISSN 0085-5944), volume 49, pages 339-357, 2006.
• Tobias Mahler, Fredrik Vraalsen. Legal risk management for an e-learning web services collaboration. Complex (ISSN 0806-1912), volume 3, pages 503-523, 2006.

Papers at major international conferences and workshops

• Mahler, Tobias. Visualising Legal Risk. In Proc. Internationales Rechtsinformatik Symposion IRIS 2009: Semantisches Web und Soziale Netzwerke im Recht, Austrian Computer Society, 2009.
• Tobias Mahler. A roadmap towards tool-supported legal risk management. In Proc. Conference on law and technology: The future of ... , European University Institute of Florence, 2008.
• Tobias Mahler. Defining legal risk. In Corporate Contracting Capabilities : Conference proceedings and other writings, pages 51-77, University of Joensuu, Department of Law, 2008.
• Bjørnar Solhaug, Ketil Stølen. Compositional refinement of policies in UML - Exemplified for access control. In Proc. 13th European Symposium on Research in Computer Security (ESORICS'08), LNCS 5283, pages 300-316, Springer, 2008.
• Atle Refsdal, Bjørnar Solhaug, Ketil Stølen. A UML-based method for the development of policies to support trust management. In Proc. 2nd Joint iTrust and PST Conferences on Privacy, Trust Management and Security (IFIPTM'08), pages 33-49. Springer, 2008.
• Atle Refsdal, Ketil Stølen. Extending UML sequence diagrams to model trust-dependent behavior with the aim to support risk analysis. In Proc. 3rd International Workshop on Security and Trust Management (STM'07), Electronic Notes in Theoretical Computer Science, volume 197, issue 2, pages 15-29, 2008.
• Bjørnar Solhaug, Dag Elgesem, Ketil Stølen. Specifying policies using UML Sequence Diagrams – An evaluation based on a case study. In Proc. 8th IEEE Workshop on Policies for Distributed Systems and Networks (POLICY'07), pages 19-28, IEEE Computer Society, 2007.
• Bjørnar Solhaug, Dag Elgesem, Ketil Stølen. Why trust is not proportional to risk. In Proc. 2nd International Conference on Availability, Reliability and Security (AReS'07), pages 11-18, IEEE Computer Society, 2007.
• Tobias Mahler, Alvaro Arenas, Lutz Schubert. Contractual frameworks for enterprise networks & virtual organisations in e-learning. In Proc. The eChallenges e-2006 Conference, pages 217-278, IOS Press, 2006.
• Dag Elgesem. Normative structures in trust management. In Proc. 4th International Conference on Trust Management (iTrust'06), LNCS 3986, pages 48-61, Springer, 2006.
• Tobias Mahler, Fredrik Vraalsen. Legal risk analysis with respect to IPR in a collaborative engineering virtual organization. In Proc. 6’th IFIP Working Conference on Virtual Enterprises (PRO-VE'05), pages 513-520, Springer, 2005.
• Arild Waaler, Bjørnar Solhaug. Semantics for multi-agent only knowing (Extended Abstract). In Proc. 10th Conference on Theoretical Aspects of Rationality and Knowledge (TARK X), pages 109-125, National University of Singapore, 2005.
• Dag Elgesem. P3P and the new market for personal information: an ethical evaluation. In Proc. 6th International Conference of Computer Ethics: Philosophical Enquiry (CEPE'05), University of Twente, 2005.

Chapters in books

• Tobias Mahler. The state of the art of contractual risk management methodologies. In book titled “A Proactive Approach to Contracting and Law”, pages 57-74, Turku University Applied Sciences, 2008.
• Jon Bing. Trust and legal certainty in electronic commerce: an essay. In book titled “Festskrift til Peter Seipel”, pages 27-49, Norstedts Juridik, 2006.

Papers at minor conferences and workshops

• Atle Refsdal, Bjørnar Solhaug, Ketil Stølen. Modelling and analysis of trust-based behavior to assess risk in virtual organizations. In Proc. Formal Aspects of Virtual Organisations Workshop (FAVO'08).
• Tom Lysemose, Tobias Mahler, Bjørnar Solhaug, Jon Bing, Dag Elgesem, Ketil Stølen: A Conceptual Framework for Trust Management. In Proc. Nordic Workshop and Doctoral Symposium on Dependability and Security (NODES'07). Reports on Computer Science & Mathematics, Ser. B. No 37, Åbo Akademi, 2007.
• Bjørnar Solhaug, Ketil Stølen. Refinement, compliance and adherence of policies in the setting of UML interactions. In Proc.19th Nordic Workshop on Programming Theory (NWPT'07). Research Report 366, pages 90-92, Department of Informatics, University of Oslo, 2007.
• Bjørnar Solhaug, Arild Waaler. Logical spaces in multi-agent only knowing systems. In Proc. 6th International Workshop on Computational Logic in Multi-Agent Systems (CLIMA VI), LNAI 3900, pages 77-95, Springer, 2006.

Technical reports

• Bjørnar Solhaug, Ketil Stølen. Preservation of policy adherence under refinement. Technical report A11358, SINTEF ICT, 2009.
• Bjørnar Solhaug, Ketil Stølen. Compositional refinement of policies in UML – Exemplified for access control. Technical report A11359, SINTEF ICT, 2009.
• Bjørnar Solhaug, Dag Elgesem, Ketil Stølen. Specifying policies using UML sequence diagrams - An evaluation based on a case study. Technical report A1230, SINTEF ICT, 2007.
• Tom Lysemose, Tobias Mahler, Bjørnar Solhaug, Jon Bing, Dag Elgesem, Ketil Stølen. ENFORCE conceptual framework. Technical report A1209, SINTEF ICT, 2007.

Invited presentations and presentations at events without proceedings

• Tobias Mahler. Hvordan analysere legale risikoaspekter i tillitshåndtering? Presentation at seminar organised by SINTEF titled: `` Håndtering av tillit i elektronisk samvirke´´, Oslo, November 5, 2009.
• Dag Elgesem. Spillbasert tillitsanalyse. Presentation at seminar organised by SINTEF titled: `` Håndtering av tillit i elektronisk samvirke´´, Oslo, November 5, 2009.
• Atle Refsdal. Analyse av tillit i elektronisk samvirke. Presentation at seminar organised by SINTEF titled: `` Håndtering av tillit i elektronisk samvirke´´, Oslo, November 5, 2009.
• Bjørnar Solhaug. Hvordan lage og bruke policyer i tillitshåndtering. Presentation at seminar organised by SINTEF titled: `` Håndtering av tillit i elektronisk samvirke´´, Oslo, November 5, 2009.
• Tobias Mahler. Rettslig risiko og compliance. Guest lecture in Masters course Helhetlig risikostyring (ERM), University of Stavanger September 09, 2008.
• Tobias Mahler. Visualising legal risk. Presentation at seminar organized at the Faculty of Law titled “Societal risk in a legal perspective”, University of Oslo, June 15, 2009.
• Tobias Mahler. Rettslige risikovurderinger: metoder og modeller. Presentation at Forum Rettsinformatikk, Sandefjord, May 07, 2009.
• Tobias Mahler. Legal risk management. Guest lecture, LL.M. in Information Technology Law, Swedish institute for legal informatics, March 09, 2009.
• Tobias Mahler. A method for legal risk management, exemplified in a case study on IT outsourcing. Presented at e-Stockholm'08 Legal Conference: IT Regulations and Policies, 2008.
• Tobias Mahler. A case study on legal risk management in ICT outsourcing. Presentation at Commercial Contracting for Strategic Advantage – Potentials and Prospects, Turku University of Applied Sciences, June 15, 2007.
• Tom Lysemose. Trustworthy computing, hva har det med tillit å gjøre? Presentation at seminar organised by Abelia Innovation titled: ``"Trustworthy computing": Hva er det, og hva er relevansen for sikkerhet og tillit?´´, Oslo, September 21, 2006.
• Tobias Mahler. The concept of legal risk in the context of legal risk management. Presentation at Risk and Regulation 2006, London School of Economics, September 21, 2006.
• Bjørnar Solhaug. On the relationship between trust and risk. Department of Information Science and Media Studies, University of Bergen, May 29, 2006.
• Tobias Mahler, Fredrik Vraalsen. Legal risk management for an e-learning web services collaboration. Presentation at 1st International Conference on Legal, Privacy and Security Issues in IT. April 30, 2006.
• Bjørnar Solhaug. State-of-the-art innen policyspesifikasjon. Presentation at seminar organised by Abelia Innovation titled: ``Hva er en sikkerhetspolicy, og hvorfor er den viktig?´´, Oslo, March 23, 2006.
• Dag Elgesem. Modellering og håndtering av tillit. Invited presentation at the Norwegian Conference for Enterprise Use of Information Technology, (NOKOBIT 2005), November 22, 2005.
• Tobias Mahler. Searching for interfaces between legal methods and risk analysis. Seminar on legal risk management. NRCCL, University of Oslo, November 10, 2005.
• Tom Lysemose, Bjørnar Solhaug. The ENFORCE-project. Presentation at seminar and workshop organised by the IKT-SOS research program, Gardermoen, March 2, 2005.
• Ketil Stølen. Experiences from CORAS and other EU-projects. Presentation at seminar and workshop organised by the IKT-SOS research program, Gardermoen, March 1, 2005.

Public seminars and conferences

• Håndtering av tillit i elektronisk samvirke. Seminar organised by SINTEF. Oslo, November 5, 2009.
• Sikkerhetspolicies: Kun pynt, eller lar de seg håndheve? Seminar organised by Abelia Innovation & SINTEF. Oslo, November 23, 2006.
• "Trustworthy computing": Hva er det, og hva er relevansen for sikkerhet og tillit? Seminar organised by Abelia Innovation & SINTEF. Oslo, September 21, 2006.
• Hva er en sikkerhetspolicy, og hvorfor er den viktig? Seminar organised by Abelia Innovation & SINTEF. Oslo, March 23, 2006.
• Ketil Stølen was program co-chair for 4th Interantional Conference on Trust Management. Pisa, Italy, May 16-19, 2006.
• Sikkerhet og tillit: Fra et tverrfaglig perspektiv. Seminar organised by Abelia Innovation & SINTEF. Oslo, March 17, 2005.

Press coverage

• Vil forenkle dataspråket. Article by Olav Røli. På Høyden, November 4, 2009.
• Digital tillit. Article by Bjarne Røsjø. Forskning.no, April 21, CET 05:00, 2009.
• Tverrfaglig forskning på tillit. Article by Arne Søiland. Computerworld, February 18, 2005.

Popular scientific articles

• Tobias Mahler. How can we analyze contractual risk? Contracting Excellence, volume 1, no. 5, pp. 15-16, 2008.
• Folker den Braber, Ketil Stølen. Tillit, sikkerhet og personvern. Computerworld, February 11, 2005.

Public presentations organized by the project

• Jon Bing. Uncertainty in legal decisions processes. Invited talk at SINTEF, Oslo, June 23, 2006.
• Christian Damkjær Jensen. Why trust is not bad for security. Invited talk at SINTEF, Oslo, June 22, 2006.
• Fabio Massacci. Abduction and deduction in logic for access control for web services. Invited talk at SINTEF, Oslo, June 21, 2005.
• Fabio Massacci. Security requirements engineering in i*/TROPOS. Invited talk at the University of Oslo, June 16, 2005.
• Jakka Sairamesh. Deep sensing in business value chains: Complexity, contracts, transactions and trust. Invited talk at SINTEF, Oslo, June 15, 2005.