Books

• Ketil Stølen. Technology research explained: Design of software, architectures, methods, and technology in general. ISBN 9783031258166, Springer, 2023. (https://doi.org/10.1007/978-3-031-25817-6)
• Ketil Stølen. Teknologivitenskap: Forskningsmetode for teknologer. ISBN 9788215034270, Universitetsforlaget, 2019.
• Atle Refsdal, Bjørnar Solhaug, Ketil Stølen. Cyber-risk management. ISBN 9783319235707, Springer, 2015. (https://doi.org/10.1007/978-3-319-23570-7)
• Mass Soldal Lund, Bjørnar Solhaug, Ketil Stølen. Model-driven risk analysis: The CORAS approach. ISBN 9783642123238, Springer, 2011. (https://doi.org/10.1007/978-3-642-12323-8)
• Manfred Broy, Ketil Stølen. Specification and development of interactive systems: FOCUS on streams, interfaces and refinement. ISBN 9781461300915, Springer, 2001. (https://doi.org/10.1007/10.1007/978-1-4613-0091-5)
• Ketil Stølen. Development of parallel programs on shared data-structures. PhD thesis, Manchester University, 1990. Available as UMCS-91-1-1, Manchester University, January 1991. (pdf)

Articles

• Ketil Stølen. Rely-guarantee interpretation of sequence diagrams. In book titled The Practice of Formal Methods. LNCS 14781, pages 120-140, Springer, 2024. (https://doi.org/10.1007/978-3-031-66673-5_7) (pdf –preprint)
• Shukun Tokas, Gencer Erdogan, Ketil Stølen. Privacy-aware IoT: State-of-the-art and challenges. In Proc. 9th International Conference on Information Systems Security and Privacy (ICISSP'23), pages 450-461, SCITEPRESS, 2023. (https://doi.org/10.5220/0011656400003405) (pdf –preprint)
• Roman Wirtz, Maritta Heisel, Angela Borchert, Rene Meis, Aida Omerovic, Ketil Stølen. Risk-based elicitation of security requirements according to the ISO 27005 standard. In Postproc. 13th International Conference on Evaluation of Novel Approaches to Software Engineering (ENASE'18), CCIS 1023, Springer, 2019. (https://doi.org/10.1007/978-3-030-22559-9_4) (pdf – preprint)
• Gencer Erdogan, Phu H. Nguyen, Fredrik Seehusen, Ketil Stølen, Jon Hofstad, Jan øyvind Aagedal. An evaluation of a test-driven security risk analysis approach based on two industrial case studies. In book titled Exploring Security in Software Architecture and Design, pages 69-103, IGI Global, 2019. (https://doi.org/10.4018/978-1-5225-6313-6.ch004) (pdf – preprint)
• Roman Wirtz, Maritta Heisel, Rene Meis, Aida Omerovic, Ketil Stølen. Problem-based elicitation of security requirements: The ProCOR method. In Proc. 13th International Conference on Evaluation of Novel Approaches to Software Engineering (ENASE'18), pages 26-38, SCITEPRESS, 2018. (https://doi.org/10.5220/0006669400260038) (pdf – preprint)
• Gencer Erdogan, Ketil Stølen. Design decisions in the development of a graphical language for risk-driven security testing. In Proc. 4th Workshop on Risk Assessment and Risk-Driven Quality Assurance (RISK'16), LNCS 10224, pages 99-114, 2017. (https://doi.org/10.1007/978-3-319-57858-3_8) ( pdf – © 2017 Springer)
• Atle Refsdal, Ragnhild Kobro Runde, Ketil Stølen. Mandatory and potential choice: Comparing Event-B and STAIRS. In book titled From Action System to Distributed Systems: The Refinement Approach, pages 15-28, CRC Press, 2016. (https://doi.org/10.1201/b20053) (pdf – preprint)
• Erik G. Nilsson, Ketil Stølen. A case-based assessment of the FLUIDE framework for specifying emergency response user interfaces. In Proc. 8th ACM SIGCHI Symposium on Engineering Interactive Computing Systems (EICS'16), pages 97-107, 2016. (https://doi.org/10.1145/2933242.2933253) ( pdf – © 2016 ACM)
• Erik G. Nilsson, Ketil Stølen. The FLUIDE framework for specifying emergency response user interfaces employed to a search and rescue case. In Proc. 13th International Conference on Information Systems for Crisis Response and Management (ISCRAM'16), ISBN 9788271177881, 2016. (pdf)
• Gencer Erdogan, Ketil Stølen, Jan øyvind Aagedal. Evaluation of the CORAL approach for risk-driven security testing based on an industrial case study. In Proc. 2nd International Conference on Information Systems Security and Privacy (ICISSP'16), pages 219-226, 2016. (https://doi.org/10.5220/0005650902190226) ( pdf – © 2016 SCITEPRESS)
• Atle Refsdal, Bjørnar Solhaug, Ketil Stølen. Security risk analysis of system changes exemplified within the oil and gas domain. In International Journal on Software Tools for Technology Transfer, volume 17, pages 251-266, 2015. (https://doi.org/10.1007/s10009-014-0351-0) ( pdf – © 2014 Springer)
• Gencer Erdogan, Fredrik Seehusen, Ketil Stølen, Jon Hofstad, Jan øyvind Aagedal. Assessing the usefulness of testing for validating and correcting security risk models based on two industrial case studies. In International Journal of Secure Software Engineering, volume 6, pages 90-112, 2015. (https://doi.org/10.4018/IJSSE.2015040105) (pdf – preprint)
• Atle Refsdal, Ragnhild Kobro Runde, Ketil Stølen. Stepwise refinement of sequence diagrams with soft real-time constraints. In Journal of Computer and System Sciences, volume 81, pages 1221-1251, 2015. (https://doi.org/10.1016/j.jcss.2015.03.003) ( pdf – © 2015 Elsevier)
• Katsiaryna Labunets, Yan Li, Fabio Massacci, Federica Paci, Martina Ragosta, Bjørnar Solhaug, Ketil Stølen, Alessandra Tedeschi. Preliminary experiments on the relative comprehensibility of tabular and graphical risk models. In Proc. 5th SESAR Innovation Days, ISSN 07701268, 2015. (pdf)
• Gencer Erdogan, Yan Li, Ragnhild Kobro Runde, Fredrik Seehusen, Ketil Stølen. Approaches for the combined use of risk analysis and testing: A systematic literature review. In International Journal on Software Tools for Technology Transfer, volume 16, pages 627-642, 2014. (https://doi.org/10.1007/s10009-014-0330-5) ( pdf – © 2014 Springer)
• Andre Alexandersen Hauge, Ketil Stølen. An analytic evaluation of the SaCS pattern language for conceptualisation of safety critical systems. In International Journal on Advances in Software, volume 7, pages 653-674, ISBN 9781612083438, 2014. (pdf)
• Katsiaryna Labunets, Fabio Massacci, Federica Paci, Martina Ragosta, Bjørnar Solhaug, Ketil Stølen, Alessandra Tedeschi. A first empirical evaluation framework for security risk assessment methods in the ATM domain. In Proc. 4th SESAR Innovation Days, ISBN 9782874970771, 2014. (pdf)
• Gencer Erdogan, Atle Refsdal, Ketil Stølen. Schematic generation of English-prose semantics for a risk analysis language based on UML interactions. In Proc. 2nd International Workshop on Risk Assessment and Risk-driven Testing (RISK'14), pages 205-310, IEEE, 2014. (https://doi.org/10.1109/ISSREW.2014.73) ( pdf – © 2014 IEEE)
• Andre Alexandersen Hauge, Ketil Stølen. An analytic evaluation of the SaCS pattern language Including explanations of major design choices. In Proc. 6th International Conferences on Pervasive Patterns and Applications (PATTERNS'14), pages 79-88, ISBN 9781612083438, IARIA, 2014. (pdf)
• Kristian Beckers, Maritta Heisel, Bjørnar Solhaug, Ketil Stølen. ISMS-CORAS: A structured method for establishing an ISO 27001 compliant information security management system. In book titled Engineering Secure Future Internet Services, LNCS 8431, pages 315 344, 2014. (https://doi.org/10.1007/978-3-319-07452-8_13) ( pdf – © 2014 Springer)
• Atle Refsdal, øyvind Rideng, Bjørnar Solhaug, Ketil Stølen. Divide and conquer Towards a notion of risk model encapsulation. In book titled Engineering Secure Future Internet Services, LNCS 8431, pages 345 365, 2014. (https://doi.org/10.1007/978-3-319-07452-8_14) ( pdf – © 2014 Springer)
• Gencer Erdogan, Atle Refsdal, Ketil Stølen. A systematic method for risk-driven test case design using annotated sequence diagrams. In Proc. 1st International Workshop on Risk Assessment and Risk-driven Testing (RISK'13), LNCS 8418, pages 93-108, 2014. (https://doi.org/10.1007/978-3-319-07076-6_7) ( pdf – © 2014 Springer)
• Ragnhild Kobro Runde, Atle Refsdal, Ketil Stølen. Relating computer systems to sequence diagrams The impact of underspecification and inherent nondeterminism. In Formal Aspects of Computing, volume 25, pages 159 187, Springer, 2013. (https://doi.org/10.1007/s00165-011-0192-5) ( pdf – © 2013 Springer)
• Aida Omerovic, Ketil Stølen. Characterizing and fulfilling traceability needs in the PREDIQT method for model-based prediction of system quality. In International Journal on Advances in Systems and Measurements, volume 6, pages 1-25, ISSN 1942261X, IARA, 2013. (pdf)
• Le Minh Sang Tran, Bjørnar Solhaug, Ketil Stølen. An approach to select cost-effective risk countermeasures exemplified in CORAS. In Proc. 27th IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSEC'13), LNCS 7964, pages 266 273, Springer, 2013. (https://doi.org/10.1007/978-3-642-39256-6_18) ( pdf – © 2013 Springer)
• Bjørnar Solhaug, Ketil Stølen. The CORAS Language Why it is designed the way it is. In Proc. 11th International Conference on Structural Safety & Reliability (ICOSSAR'13), pages 3155-3162, ISBN 9781138000865, Taylor and Francis, 2013. ( pdf – © 2013 Taylor and Francis)
• Andre Alexandersen Hauge, Ketil Stølen. Developing safe control systems using patterns for assurance. In Proc. 3rd International Conference on Performance, Safety and Robustness in Complex Systems and Applications (PESARO'13), pages 1-8, ISBN 97816120826842013, IARIA, 2013. (pdf)
• Yan Li, Ragnhild Kobro Runde, Ketil Stølen. Towards a pattern language for security risk analysis of web applications. In Proc. 20th Conference on Pattern Languages of Programs (PLOP'13), ISBN = 9781941652008, 2013. (pdf)
• Aida Omerovic, Bjørnar Solhaug, Ketil Stølen. Assessing practical usefulness and performance of the PREDIQT method: An industrial case study. In Information and Software Technology, volume 52, 1377-1395, Elsevier, 2012. (https://doi.org/10.1016/j.infsof.2012.07.006) ( pdf – © 2012 Elsevier)
• Olav Skjelkvåle Ligaarden, Atle Refsdal, Ketil Stølen. Designing indicators to monitor the fulfillment of business objectives with particular focus on quality and ICT-supported monitoring of indicators. In Journal on Advances in Intelligent Systems, volume 5, pages 173-195, ISSN 19422679, IARIA, 2012. (pdf)
• Andre Alexandersen Hauge, Ketil Stølen. A pattern-based method for safe control systems exemplified within nuclear power production. In Proc. 31st International Conference on Computer Safety, Reliability and Security (Safecomp'12). LNCS 7612, pages 13-24, Springer, 2012. (https://doi.org/10.1007/978-3-642-33678-2_2) ( pdf – © 2012 Springer)
• Aslak Wegner Eide, Ketil Stølen. Geographic visualization of risk as decision support in emergency situations. In Proc. 5th International Conference on Human System Interaction (HSI'12), pages 81-88, IEEE, 2012. (https://doi.org/10.1109/HSI.2012.39) ( pdf – © 2012 IEEE)
• Olav Skjelkvåle Ligaarden, Atle Refsdal, Ketil Stølen. Using indicators to monitor security risk in systems of systems: How to capture and measure the impact of service dependencies on the security of provided services. In book titled IT Security Governance Innovations: Theory and Research, pages 256-292, IGI Global, 2012. (https://doi.org/10.4018/978-1-4666-8473-7.ch068) ( pdf – © 2012 IGI GLOBAL)
• Gyrd Brændeland, Atle Refsdal, Ketil Stølen. A denotational model for component-based risk analysis. In Proc. 8th International Symposium on Formal Aspects of Component Software (FACS'11). LNCS 7253, pages 12-41, Springer, 2012. (https://doi.org/10.1007/978-3-642-35743-5_3) ( pdf – © 2012 Springer)
• Olav Skjelkvåle Ligaarden, Atle Refsdal, Ketil Stølen. Experiences from using indicators to validate expert judgments in security risk analysis. In Proc. 3rd International Workshop on Security Measurements and Metrics (MetriSec'11), pages 88-92, IEEE, 2012. (href="https://doi.org/10.1109/Metrisec.2011.13) ( pdf – © 2012 IEEE)
• Bjørnar Solhaug, Ketil Stølen. Uncertainty, subjectivity, trust and risk how it all fits together. In Proc. 7th International Workshop on Security and Trust Management (STM'11). LNCS 7170, pages 1 5, Springer, 2012. (https://doi.org/10.1007/978-3-642-29963-6_1) ( pdf – © 2012 Springer)
• Aida Omerovic, Ketil Stølen. A practical approach to uncertainty handling and estimate acquisition in model-based prediction of system quality. In International Journal on Advances in Systems and Measurements, volume 4, pages 55-70, ISSN 1942261x, IARA, 2011. (pdf)
• Ida Hogganvik Grøndahl, Mass Soldal Lund, Ketil Stølen. Reducing the effort to comprehend risk models: text labels are often preferred over graphical means. In Risk Analysis, volume 31, pages 1813-1831, Society for Risk Analysis, 2011. (https://doi.org/10.1111/j.1539-6924.2011.01636.x) ( pdf – © 2011 Society for Risk Analysis)
• Bjørnar Solhaug, Ketil Stølen. Preservation of policy adherence under refinement. In International Journal of Software and Informatics, volume 5, pages 139-158, ISSN 16737288, ISCAS, 2011. ( pdf – © 2011 ISACS)
• Erik G. Nilsson, Ketil Stølen. Generic functionality in user interfaces for emergency response. In Proc. 23rd Australian Computer-Human Interaction Conference (OZCHI'11), pages 233-242, ACM, 2011. (https://doi.org/10.1145/2071536.2071574) ( pdf – © 2011 ACM)
• Tormod Håvaldsrud, Birger Møller-Pedersen, Bjørnar Solhaug, Ketil Stølen. DeSPoT: A method for the development and specification of policies for trust negotiation. In Proc. 3rd FTRA International Conference on Computer Science and its Applications (CSA'11), LNEE 114, pages 93-104, Springer, 2011. (https://doi.org/10.1007/978-94-007-2792-2_9) ( pdf – © 2011 Springer)
• Aida Omerovic, Ketil Stølen. Traceability handling in model-based prediction of system quality. In Proc. 3rd International Conference on Advances in System Simulation (SIMUL'11), pages 79-88, ISBN 781612081694, IARA, 2011. ( pdf – © 2011 IARA)
• Mass Soldal Lund, Bjørnar Solhaug, Ketil Stølen. Risk analysis of changing and evolving systems using CORAS. In Proc. 11th International School on Foundations of Security Analysis and Design (FOSAD'11), LNCS 6858, pages 231-274, Springer, 2011. (https://doi.org/10.1007/978-3-642-23082-0_9) ( pdf – © 2011 Springer)
• Olav Skjelkvåle Ligaarden, Mass Soldal Lund, Atle Refsdal, Fredrik Seehusen, Ketil Stølen. An architectural pattern for enterprise level monitoring tools. In Proc. 2011 IEEE International Workshop on the Maintenance and Evolution of Service-Oriented and Cloud-Based Systems (MESOCA'11), IEEE Computer Society, 2011. (https://doi.org/10.1109/MESOCA.2011.6049035) ( pdf – © 2011 IEEE)
• Olav Skjelkvåle Ligaarden, Atle Refsdal, Ketil Stølen. ValidKI: A method for designing key indicators to monitor the fulfillment of business objectives. In Proc. 1st International Conference on Business Intelligence and Technology (BusTech'11), pages 57-65, IARIA, 2011. ( pdf – © 2011 IARIA)
• Fredrik Seehusen, Ketil Stølen. An evaluation of the Graphical Modeling Framework (GMF) based on the development of the CORAS Tool. In Proc. 4th International Conference on Model Transformations (ICMT'11), LNCS 6707, pages 152 166, Springer, 2011. (https://doi.org/10.1007/978-3-642-21732-6_11) ( pdf – © 2011 Springer)
• Aida Omerovic, Bjørnar Solhaug, Ketil Stølen. Evaluation of experiences from applying the PREDIQT method in an industrial case study. In Proc. 5th IEEE International Conference on Secure Software Integration and Reliability Improvement (SSIRI'11), pages 137-146, IEEE Computer Society, 2011. (https://doi.org/10.1109/SSIRI.2011.20) ( pdf – © 2011 IEEE)
• Gyrd Brændeland, Ketil Stølen. Using model-driven risk analysis in component-based development. In book titled Dependability and Computer Engineering: Concepts for Software-Intensive Systems, 330-380, IGI Global, 2011. (https://doi.org/10.4018/978-1-60960-747-0.ch015) ( pdf – © 2011 IGI GLOBAL)
• Aida Omerovic, Amela Karahasanovic, Ketil Stølen. Uncertainty handling in weighted dependency trees: A systematic literature review. In book titled Dependability and Computer Engineering: Concepts for Software-Intensive Systems, pages 381-416, IGI Global, 2011. (https://doi.org/10.4018/978-1-60960-747-0.ch016) ( pdf – © 2011 IGI GLOBAL)
• Fredrik Seehusen, Ketil Stølen. A method for model-driven information flow security. In book titled Dependability and Computer Engineering: Concepts for Software-Intensive Systems, pages 199-229, IGI Global, 2011. (https://doi.org/10.4018/978-1-60960-747-0.ch010) ( pdf – © 2011 IGI GLOBAL)
• Andre Alexandersen Hauge, Ketil Stølen. SACS A pattern language for safe adaptive control software. In Proc. 18th Conference on Pattern Languages of Programs (PLOP'11). ACM 978-1-4503-1283-7, 2011. (https://doi.org/10.1145/2578903.2579145) (pdf)
• Erik G. Nilsson, Ketil Stølen. Ad hoc networks and mobile devices in emergency response a perfect match? In Proc. 2nd International ICST Conference on Ad Hoc Networks, ICST, 2010. (https://doi.org/10.1007/978-3-642-17994-5_2) ( pdf – © 2010 ICST)
• Gyrd Brændeland, Atle Refsdal, Ketil Stølen. Modular analysis and modelling of risk scenarios with dependencies. Journal of Systems and Software, volume 83, pages 1995-2013, Elsevier, 2010. (https://doi.org/10.1016/j.jss.2010.05.069) ( pdf – © 2010 Elsevier)
• Olav S. Ligaarden, Ketil Stølen. Analyzing security risks in critical infrastructures embedded in systems of systems How to capture the impact of interdependencies. In Proc. ESREL 2010 Annual Conference, pages 347-353, ISBN 9780415604277, Taylor and Francis Group, 2010. ( pdf – © 2010 Taylor and Francis)
• Andre A. Hauge, Terje Sivertsen, Ketil Stølen. Method for assuring that self-imposed changes made by adaptive systems do not compromise safety. In Proc. ESREL 2010 Annual Conference, pages 397-405, ISBN 9780415604277, Taylor and Francis Group, 2010. ( pdf – © 2010 Taylor and Francis)
• Tormod V. Håvaldsrud, Olav S. Ligaarden, Per Myrseth, Atle Refsdal, Ketil Stølen, Jon ølnes. Experiences from using a UML-based method for trust analysis in an industrial project on electronic procurement. In Journal of Electronic Commerce Research, volume 10, pages 441-467, Springer, 2010. (https://doi.org/10.1007/s10660-010-9063-z) (pdf)
• Mass Soldal Lund, Bjørnar Solhaug, Ketil Stølen. Evolution in relation to risk and trust management. Computer, volume 43 no 5, pages 49-55, IEEE Computer Society, 2010. (https://doi.org/10.1109/MC.2010.134) ( pdf – © 2010 IEEE)
• Aida Omerovic, Ketil Stølen. Interval-based uncertainty handling in model-based prediction of system quality. In Proc. 2nd International Conference on Advances in System Simulation (SIMUL'10), pages 99-108, IEEE Computer Society, 2010. (https://doi.org/10.1109/SIMUL.2010.17) ( pdf – © 2010 IEEE)
• Aida Omerovic, Anette Andresen, Håvard Grindheim, Per Myrseth, Atle Refsdal, Ketil Stølen, Jon ølnes. A feasibility study in model based prediction of impact of changes on system quality. In Proc. 2nd International Symposium on Engineering Secure Software and Systems (ESSOS'10), LNCS 5965, pages 231-240, Springer, 2010. (https://doi.org/10.1007/978-3-642-11747-3_18) ( pdf – © 2010 Springer)
• Mass Soldal Lund, Atle Refsdal, Ketil Stølen. Semantics of UML models for dynamic behaviour: A survey of different approaches. In book titled Model-Based Engineering of Embedded Real-Time Systems, LNCS 6100, pages 77-103, Springer, 2010. (https://doi.org/10.1007/978-3-642-16277-0_4) ( pdf – © 2010 Springer)
• Atle Refsdal, Ketil Stølen. Employing key indicators to provide a dynamic risk picture with a notion of confidence. In Proc. 3rd IFIP International Conference on Trust Management (IFIPTM'09), pages 215-233, Springer, 2009. (https://doi.org/10.1007/978-3-642-02056-8_14) (pdf – preprint)
• Fredrik Seehusen, Ketil Stølen. Information flow security, abstraction, and composition. In IET Information Security, volume 3, pages 9-33, Institution of Engineering and Technology, 2009. (https://doi.org/10.1049/IET-IFS:20080069) (pdf – preprint)
• Fredrik Seehusen, Bjørnar Solhaug, Ketil Stølen. Adherence preserving refinement of trace-set properties in STAIRS: Exemplified for information flow properties and policies. In Journal of Software and Systems Modeling, volume 8, pages 45-65, 2009. (https://doi.org/10.1007/s10270-008-0102-3) ( pdf – © 2009 Springer)
• Bjørnar Solhaug, Ketil Stølen. Compositional refinement of policies in UML exemplified for access control. In Proc. 13th European Symposium on Research in Computer Security (ESORICS'08), LNCS 5283, pages 300-316, Springer, 2008. (https://doi.org/10.1007/978-3-540-88313-5_20) ( pdf – © 2008 Springer)
• Fredrik Seehusen, Ketil Stølen. Using UML to specify high-level policies that can be enforced by run-time monitoring. In Proc. 9th IEEE Workshop on Policies for Distributed Systems and Networks (POLICY'08), pages 70-73, IEEE Computer Society, 2008. (https://doi.org/10.1109/POLICY.2008.21) ( pdf – © 2008 IEEE)
• Atle Refsdal, Bjørnar Solhaug, Ketil Stølen. A UML-based method for the development of policies to support trust management. In Proc. 2nd Joint iTrust and PST Conferences on Privacy, Trust Management and Security (IFIPTM'08), pages 33-49, Springer, 2008. (https://doi.org/10.1007/978-0-387-09428-1_3) (pdf – preprint)
• Atle Refsdal, Ketil Stølen. Extending UML sequence diagrams to model trust-dependent behavior with the aim to support risk analysis. In Science of Computer Programming, volume 74, pages 34-42, 2008. (https://doi.org/10.1016/j.scico.2008.09.003) ( pdf – © 2008 Elsevier)
• Gyrd Brændeland, Heidi E.I. Dahl, Iselin Engan, Ketil Stølen. Using dependent CORAS diagrams to analyse mutual dependency. In Proc. 2nd International Workshop on Critical Information Infrastructure Security (CRITIS'07), LNCS 5141, pages 135-148, Springer, 2008. (https://doi.org/10.1007/978-3-540-89173-4_12) ( pdf – © 2008 Springer)
• Atle Refsdal, Ketil Stølen. Extending UML sequence diagrams to model trust-dependent behavior with the aim to support risk analysis. In Proc. 3rd International Workshop on Security and Trust Management (STM'07), Electronic Notes in Theoretical Computer Science, volume 197, issue 2, pages 15-29, 2008. (https://doi.org/10.1016/j.entcs.2007.12.014) ( pdf – © 2008 Springer)
• Bjørnar Solhaug, Dag Elgesem, Ketil Stølen. Specifying policies using UML Sequence Diagrams An evaluation based on a case study. In Proc. 8th IEEE Workshop on Policies for Distributed Systems and Networks (POLICY'07), pages 19-28, IEEE Computer Society, 2007. (https://doi.org/10.1109/POLICY.2007.42) ( pdf – © 2007 IEEE)
• Bjørnar Solhaug, Dag Elgesem, Ketil Stølen. Why trust is not proportional to risk. In Proc. 2nd International Conference on Availability, Reliability and Security (AReS'07), pages 11-18, IEEE Computer Society, 2007. (https://doi.org/10.1109/ARES.2007.161) ( pdf – © 2007 IEEE)
• Heidi E.I. Dahl, Ida Hogganvik, Ketil Stølen. Structured semantics for the CORAS security risk modelling language. In Proc. 2nd International Workshop on Interoperability Solutions on Trust, Security, Policies and QoS for Enhanced Systems (IS-TSPQ'07), pages 79-92, Helsinki University Printing House, 2007. (pdf – preprint)
• Folker den Braber, Ida Hogganvik, Mass Soldal Lund, Ketil Stølen, Fredrik Vraalsen. Model-based security analysis in seven steps a guided tour to the CORAS method. In BT Techology Journal, pages 101-117, Springer, 2007. (https://doi.org/10.1007/s10550-007-0013-9) ( pdf – © 2007 Springer)
• Fredrik Vraalsen, Tobias Mahler, Mass Soldal Lund, Ida Hogganvik, Folker den Braber, Ketil Stølen. Assessing enterprise risk level: The CORAS approach. In book titled Advances in Enterprise Information Technology Security, pages 311-333, Information Science Reference, 2007. (https://doi.org/10.4018/978-1-59904-090-5.ch018) (pdf – preprint)
• Gyrd Brændeland, Ketil Stølen. A semantic paradigm for component-based specification integrating a notion of security risk. In Proc. 4th International Workshop in Formal Aspects in Security and Trust (FAST'06), LNCS 4691, pages 31-46, Springer 2007. (https://doi.org/10.1007/978-3-540-75227-1_3) ( pdf – © 2007 Springer)
• Fredrik Seehusen, Ketil Stølen. Maintaining information flow security under refinement and transformation. In Proc. 4th International Workshop in Formal Aspects in Security and Trust (FAST'06), LNCS 4691, pages 143-157, Springer 2007. (https://doi.org/10.1007/978-3-540-75227-1_10) ( pdf – © 2007 Springer)
• Mass Soldal Lund, Ketil Stølen. A fully general operational semantics for UML 2.0 sequence diagrams with potential and mandatory choice. In Proc. 14th International Symposium on Formal Methods (FM'06), LNCS 4085, pages 380-395, Springer, 2006. (https://doi.org/10.1007/11813040_26) ( pdf – © 2006 Springer)
• Atle Refsdal, Ragnhild Kobro Runde, Ketil Stølen. Underspecification, inherent nondeterminism and probability in sequence diagrams. In Proc. 8th IFIP International Conference on Formal Methods for Open Object-Based Distributed Systems (FMOODS'06), LNCS 4037, pages 138-155, Springer, 2006. (https://doi.org/10.1007/11768869_12) ( pdf – © 2006 Springer)
• Fredrik Seehusen, Ketil Stølen. Information flow property preserving transformation of UML interaction diagrams. In Proc. 11th ACM Symposium on Access Control Models and Technologies (SACMAT'06), pages 150-159, ACM, 2006. (https://doi.org/10.1145/1133058.1133080) ( pdf – © 2006 ACM)
• Ragnhild Kobro Runde, øystein Haugen, Ketil Stølen. The pragmatics of STAIRS. In Post-proc. 4th International Symposium on Formal Methods for Components and Objects (FMCO'05), LNCS 4111, pages 88-114, Springer, 2006. (https://doi.org/10.1007/11804192_5) ( pdf – © 2006 Springer)
• Ida Hogganvik, Ketil Stølen. A graphical approach to risk identification, motivated by empirical investigations. In Proc. 9th International Conference on Model Driven Engineering Languages and Systems (MoDELS'06), LNCS 4199, pages 574-588, Springer, 2006. (https://doi.org/10.1007/11880240_40) ( pdf – © 2006 Springer)
• Gyrd Brændeland, Ketil Stølen. Using model-based security assessment in component-oriented system development: A case-based evaluation. In Proc. 2nd ACM Workshop on Quality of Protection (QoP'06), pages 11-18, ACM Press, 2006. (https://doi.org/10.1145/1179494.1179498) ( pdf – © 2006 ACM)
• Mass Soldal Lund, Ketil Stølen. Deriving tests from UML 2.0 sequence diagrams with neg and assert. In Proc. 1st International Workshop on Automation of Software Test (AST'06), pages 22-28, ACM Press, 2006. (https://doi.org/10.1145/1138929.1138934) ( pdf – © 2006 ACM)
• Ragnhild Kobro Runde, øystein Haugen, Ketil Stølen. Refining UML interactions with explicit and implicit nondeterminism. In Nordic Journal of Computing, volume 12, pages 157-188, 2005. ( pdf – © 2005 Publishing Association Nordic Journal of Computing)
• øystein Haugen, Knut Eilif Husa, Ragnhild Kobro Runde, Ketil Stølen. STAIRS towards formal design with sequence diagrams. In Journal of Software and Systems Modeling, volume 4, pages 355-367, 2005. (https://doi.org/10.1007/s10270-005-0087-0) ( pdf – © 2005 Springer)
• Folker den Braber, Arne Bjørn Mildal, Jone Nes, Ketil Stølen, Fredrik Vraalsen. Experiences from using the CORAS methodology to analyze a web application. In Journal of Cases on Information Technology, volume 7, pages 110-130, 2005. (https://doi.org/10.4018/jcit.2005070107) (pdf – preprint)
• Ida Hogganvik, Ketil Stølen. Risk analysis terminology for IT-systems: Does it match intuition? In Proc. 4th International Symposium on Empirical Software Engineering (ISESE'05), pages 13-23, IEEE Computer Society, 2005. (https://doi.org/10.1109/ISESE.2005.1541810) ( pdf – © 2005 IEEE)
• Atle Refsdal, Knut Eilif Husa, Ketil Stølen. Specification and refinement of soft real-time requirements using sequence diagrams. In Proc. 3rd International Conference on Formal Modelling and Analysis of Timed Systems (FORMATS'05), LNCS 3829, pages 32-48, Springer, 2005. (https://doi.org/10.1007/11603009_4) ( pdf – © 2005 Springer)
• Fredrik Vraalsen, Mass Soldal Lund, Tobias Mahler, Xavier Parent, Ketil Stølen. Specifying legal risk scenarios using the CORAS threat modelling language Experiences and the way forward. In Proc. Third International Conference on Trust Management (iTrust'05), LNCS 3477, pages 45-60, Springer, 2005. (https://doi.org/10.1007/11429760_4) ( pdf – © 2005 Springer)
• Fredrik Vraalsen, Folker den Braber, Mass Soldal Lund, Ketil Stølen. The CORAS tool for security risk analysis. In Proc. 3rd International Conference on Trust Management (iTrust'05), LNCS 3477, pages 402-405, Springer, 2005. (https://doi.org/10.1007/11429760_30) ( pdf – © 2005 Springer)
• Fredrik Seehusen, Ketil Stølen. Graphical specification of dynamic network structure. In Proc. 7th International Conference on Enterprise Information Systems (ICEIS'05), volume 3, pages 203 209, INSTICC Press, 2005. (https://doi.org/10.5220/0002535902030210) (pdf – preprint)
• Folker den Braber, Mass Soldal Lund, Ketil Stølen, Fredrik Vraalsen. Integrating security in the development process with UML. In book titled Encyclopedia of Information Science and Technology, pages 1560-1566, 2005. (https://doi.org/10.4018/978-1-59140-553-5.ch275) (pdf – preprint)
• øystein Haugen, Knut Eilif Husa, Ragnhild Kobro Runde, Ketil Stølen. Why timed sequence diagrams require three-event semantics. In Post-proc. of Dagstuhl seminar, Scenarios: Models, Transformations and Tools, LNCS 3466, pages 1-25, Springer, 2005. (https://doi.org/10.1007/11495628_1) ( pdf – © 2005 Springer)
• Ragnhild Kobro Runde, øystein Haugen, Ketil Stølen. How to transform UML neg into a useful construct. In Proc. Norsk Informatikkkonferanse (NIK'05), pages 55-66, Tapir, 2005. (pdf – preprint)
• Ida Hogganvik, Ketil Stølen. On the comprehension of security risk scenarios. In Proc. 13th International Workshop on Program Comprehension (IWPC'05), pages 115-124, IEEE Computer Society, 2005. (https://doi.org/10.1109/WPC.2005.27) ( pdf – © 2005 IEEE)
• Gyrd Brændeland, Ketil Stølen. Using risk analysis to assess user trust A net-bank scenario. In Proc. Second International Conference on Trust Management (iTrust'04), LNCS 2995, pages 146-160, Springer, 2004. (https://doi.org/10.1007/978-3-540-24747-0_12) ( pdf – © 2004 Springer)
• øystein Haugen, Ketil Stølen. STAIRS Steps to analyze interactions with refinement semantics. In Proc. Sixth International Conference on UML (UML'03), LNCS 2863, pages 388-402, Springer, 2003. (https://doi.org/10.1007/978-3-540-45221-8_33) ( pdf – © 2003 Springer)
• Yannis Stamatiou, Eva Skipenes, Eva Henriksen, Nikos Stathiakis, Adamantios Sikianakis, Eliana Charalambous, Nikos Antonakis, Ketil Stølen, Folker den Braber, Mass Soldal Lund, Katerina Papadaki, George Valvis. The CORAS approach for model-based risk management applied to a telemedicine service. In Proc. Medical Informatics Europe (MIE'03), pages 206-211, IOS Press, 2003. (https://doi.org/10.3233/978-1-60750-939-4-206) (pdf – preprint)
• Mass Soldal Lund, Folker den Braber, Ketil Stølen. Maintaining results from security assessments. In Proc. 7th European Conference on Software Maintenance and Reengineering (CSMR'03), pages 341-350, IEEE Computer Society, 2003. (https://doi.org/10.1109/CSMR.2003.1192442) ( pdf – © 2003 IEEE)
• Folker den Braber, Theo Dimitrakos, Bjørn Axel Gran, Mass Soldal Lund, Ketil Stølen, Jan øyvind Aagedal. The CORAS methodology: model-based risk management using UML and UP. In book titled UML and the Unified Process, pages 332-357, IRM Press, 2003. (https://doi.org/10.4018/978-1-93177-744-5.ch017) (pdf – preprint)
• Ketil Stølen, Folker den Braber, Theo Dimitrakos, Rune Fredriksen, Bjørn Axel Gran, Siv-Hilde Houmb, Yannis C. Stamatiou, Jan øyvind Aagedal. Model-based risk assessment in a component-based software engineering process: The CORAS approach to identify security risks. In book titled Business Component-Based Software Engineering, pages 189-207, Kluwer, 2003. (https://doi.org/10.1007/978-1-4615-1175-5_11) (pdf – preprint)
• Mass Soldal Lund, Folker den Braber, Ketil Stølen. A component-oriented approach to security risk assessment. In Proc. 1st International Workshop on QoS in CBSE (QoSCBSE'03), organised in conjunction with Ada-Europe 2003, pages 99-110, ISBN 2854286170, C padues- ditions, 2003. (pdf – preprint)
• Rune Fredriksen, Bjørn Axel Gran, Ketil Stølen, Ivan Djordjevic. Experiences from application of model-based risk assessment. In Proc. European Conference on Safety and Reliability (ESREL'03), vol. 1, pages 643-648, Swets & Zeitlinger, 2003.
• Theo Dimitrakos, Brian Ritchie, Dimitris Raptis, Jan øyvind Aagedal, Folker den Braber, Ketil Stølen, Siv Hilde Houmb. Integrating model-based security risk management into eBusiness systems development - The CORAS approach. In Proc. 2nd IFIP Conference on E-Commerce, E-Business, E-Government (I3E'02), pages 159-175, Kluwer, 2003. (https://doi.org/10.1007/978-0-387-35617-4_11) ( pdf – © 2003 Kluwer)
• Theo Dimitrakos, Dimitris Raptis, Brian Ritchie, Ketil Stølen. Model based security risk analysis for web applications. In Proc. Euroweb'02, pages 43-55, British Computer Society, 2002. (https://doi.org/10.14236/ewic/EW2002.6) (pdf – preprint)
• Rune Fredriksen, Monica Kristiansen, Bjørn Axel Gran, Ketil Stølen, Tom Arthur Opperud, Theo Dimitrakos. The CORAS framework for a model-based risk management process. In Proc. Computer Safety, Reliability and Security (Safecomp'02), LNCS 2434, pages 94-105, Springer, 2002. (https://doi.org/10.1007/3-540-45732-1_11) ( pdf – © 2002 Springer)
• Jan øyvind Aagedal, Folker den Braber, Theo Dimitrakos, Bjørn Axel Gran, Dimitris Raptis, Ketil Stølen. Model-based risk assessment to improve enterprise security. In Proc. Enterprise Distributed Object Communication (EDOC'02), pages 51-62, IEEE Computer Society, 2002. (https://doi.org/10.1109/EDOC.2002.1137696) ( pdf – © 2002 IEEE)
• Yannis C. Stamatiou, Eva Henriksen, Mass Soldal Lund, Eva Mantzouranis, Michalis Psarros, Eva Skipenes, Nikos Stathiakos, Ketil Stølen. Experiences from using model-based risk assessment to evaluate the security of a telemedicine application. In Proc. Telemedicine in Care Delivery (TICD'02), pages 115-119, 2002. (pdf – preprint)
• Dimitris Raptis, Theo Dimitrakos, Bjørn Axel Gran, Ketil Stølen. The CORAS approach for model-based risk analysis applied to the e-commerce domain. In Proc. Communication and Multimedia Security (CMS'02), pages 169-181, Kluwer, 2002. (https://doi.org/10.1007/978-0-387-35612-9_13) (pdf – preprint)
• Ivan Djordevic, Chingwoei Gan, Eric Scharf, Raul Mondragon, Bjørn Axel Gran, Monica Kristiansen, Theo Dimitrakos, Ketil Stølen, Tom Arthur Opperud. Model-based risk management of security critical systems. In Proc. Third International Conference on Computer Simulation in Risk Analysis and Hazard Mitigation (Risk Analysis 2002), pages 253-264, WIT Press, 2002.
• Folker den Braber, Theo Dimitrakos, Bjørn Axel Gran, Ketil Stølen, Jan øyvind Aagedal. Model-based risk management using UML and UP. In Proc. Information Resources Management Association International Conference (IRMA'02), pages 925-927, 2002.
• Ketil Stølen, Folker den Braber, Rune Fredriksen, Bjørn Axel Gran, Siv-Hilde Houmb, Mass Soldal Lund, Yannis C. Stamatiou, Jan øyvind Aagedal. Model-based risk assessment The CORAS approach. In Proc. Norsk Informatikkkonferanse (NIK'02), pages 239-249, Tapir, 2002. (pdf – preprint)
• Siv-Hilde Houmb, Folker den Braber, Mass Soldal Lund, Ketil Stølen. Towards a UML profile for model-based risk assessment. In Proc. UML'2002 Satellite Workshop on Critical Systems Development with UML (CSDUML'02), pages 79-91, Munich University of Technology, 2002. (pdf – preprint)
• Radu Grosu, Ketil Stølen. Stream based specification of mobile systems. In Formal Aspects of Computing, volume 13, pages 1-31, 2001. (https://doi.org/10.1007/PL00003937) ( pdf – © 2001 Springer)
• Ketil Stølen. CORAS A framework for risk analysis of security critical systems. In supplement of the International Conference on Dependable Systems and Networks (DSN'01), pages D4 - D11, 2001. (pdf – preprint)
• Ketil Stølen, Peter Mohn. Experiences from Using MSC, UML and SDL in the Development of the FAME Communication Manager. In Proc. 2Pnd PWorkshop on SDL and MSCs (SAM'00), pages 276-291, 2000. (pdf – preprint)
• Ketil Stølen. Specification of dynamic reconfiguration in the context of input/output relations. In Proc. 3rd International Conference on Formal Methods for Open Object-based Distributed Systems (FMOODS'99), pages 259-272, Kluwer, 1999. (https://doi.org/10.1007/978-0-387-35562-7_20) (pdf – preprint)
• Ketil Stølen, Max Fuchs. An exercise in conditional refinement. In book titled Prospects for Hardware Foundations. LNCS 1546, pages 390-420, Springer, 1998. (https://doi.org/10.1007/3-540-49254-2_12) (pdf 1998 Springer)
• Ketil Stølen, Peter Mohn. Measuring the effect of formalization. In Proc. Norsk Informatikkonferanse (NIK'98), pages 173-184, Tapir, 1998. (pdf – preprint)
• Ketil Stølen, Peter Mohn. Measuring the effect of formalization. In Proc. Specialist Meeting on Design and Assessment of Instrumentation and Control System in NPP Coping with Rapid Technology Change, IAEA-IWG-NPPCI-98/3, pages 79-90, International Atomic Energy Agency, 1998.
• Ketil Stølen, Peter Mohn. Measuring the effect of formalization. In Proc. 1st Workshop of the SDL Forum Society on SDL and MSC (SAM'98), Informatik Berichte 104, pages 183-190, Humboldt University of Berlin, 1998
• Atoosa Jalashgar, Ketil Stølen. Failure analysis of real-time systems. In Proc. European Conference on Safety and Reliability (ESREL'98), pages 601-608, A.A. Balkema, 1998.
• Radu Grosu, Ketil Stølen. Specification of dynamic networks. In Selected papers from the 8th Nordic Workshop on Programming Theory (NWPT'96), Research Report 248, pages 67-76, Department of Informatics, University of Oslo, 1997. (pdf – preprint)
• Ketil Stølen. Refinement principles supporting the transition from asynchronous to synchronous communication. In Science of Computer Programming, volume 26, pages 255-272, 1996. (https://doi.org/10.1016/0167-6423(95)00031-3) (pdf 1996 Elsevier)
• Ketil Stølen, Frank Dederichs, Rainer Weber. Specification and refinement of networks of asynchronously communicating agents using the assumption/commitment paradigm. In Formal Aspects of Computing, volume 8, pages 127-161, 1996. (https://doi.org/10.1007/BF01214554) (pdf 1996 Springer)
• Radu Grosu, Ketil Stølen. A model for mobile point-to-point data-flow networks without channel sharing. In Proc. Algebraic Methodology and Software Technology (AMAST'96), LNCS 1101, pages 504-519, Springer, 1996. (https://doi.org/10.1007/BFb0014336) (pdf 1996 Springer)
• Ketil Stølen. Assumption/commitment rules for dataflow networks With an emphasis on completeness. In Proc. 6th European Symposium on Programming (ESOP'96), LNCS 1058, pages 356-372, Springer, 1996. (https://doi.org/10.1007/3-540-61055-3_48) (pdf 1996 Springer)
• Ketil Stølen. Using relations on streams to solve the RPC-memory specification problem. In Post-proc. Dagstuhl-seminar, Formal Systems Specification, the RPC-Memory Specification Case Study, LNCS 1169, pages 477-520, Springer, 1996. (https://doi.org/10.1007/BFb0024439) (pdf 1996 Springer)
• Ketil Stølen. A refinement relation supporting the transition from unbounded to bounded communication buffers. In Proc. Mathematics of Program Construction (MPC'95), LNCS 947, pages 423-451, Springer, 1995. (https://doi.org/10.1007/3-540-60117-1_23) (pdf 1995 Springer)
• Ketil Stølen. Development of SDL specifications in Focus. In Proc. 7th SDL Forum (SDL'95), pages 269-278, North-Holland, 1995. (pdf – preprint)
• Ketil Stølen. A framework for the specification and development of reactive systems. In Proc. 5th GI/ITG-Fachgespr ch, Formale Beschreibungstechniken f r verteilte Systeme, University of Kaiserslautern, pages 41-50, 1995.
• Max Fuchs, Ketil Stølen. Development of a distributed min/max component. In Proc. 3rd GI/ITG Workshop, Anwendung formaler Methoden beim Entwurf von Hardwaresystemen, pages 126-135, Verlag Shaker, 1995.
• Eckhardt Holz, Ketil Stølen. An attempt to embed a restricted version of SDL as a target language in Focus. In Proc. Formal Description Techniques VII (FORTE'94), pages 324-339, Chapman and Hall, 1994. (https://doi.org/10.1007/978-0-387-34878-0_26) (pdf – preprint)
• Manfred Broy, Ketil Stølen. Specification and refinement of finite dataflow networks A relational approach. In Proc. Formal Techniques in Real-Time and Fault Tolerant Systems (FTRTFT'94), LNCS 863, pages 247-267, Springer, 1994. (https://doi.org/10.1007/3-540-58468-4_169) (pdf 1994 Springer)
• Manfred Broy, Claus Dendorfer, Ketil Stølen. HOPSA A high-level programming language for parallel computations. In Proc. Europ ischer Informatik Kongress Architektur von Rechensystemen (Euro-ARCH'93), pages 636-646, Springer, 1993. (https://doi.org/10.1007/978-3-642-78565-8_51) (pdf – preprint)
• Ketil Stølen. Shared-state design modulo weak and strong process fairness. In Proc. Formal Description Techniques V (FORTE'92), pages 479-498, North-Holland, 1992. (pdf – preprint) (pdf – preprint)
• Ketil Stølen. Top-down design of totally correct shared-state parallel programs. In Proc. Software Seminar organised by Czechoslovak Society for Computer Science (SOFSEM'92), pages 291-310, 1992. (pdf – preprint)
• Ketil Stølen. Proving total correctness with respect to a fair (shared-state) parallel language. In Proc. 5th BCS-FACS Refinement Workshop, pages 320-341, Springer, 1992. (https://doi.org/10.1007/978-1-4471-3550-0_17) (pdf – preprint)
• Ketil Stølen. An attempt to reason about shared-state concurrency in the style of VDM. In Proc. 4th International Symposium of VDM Europe (VDM'91), LNCS 551, pages 324-342, Springer, 1991. (https://doi.org/10.1007/3-540-54834-3_20) (pdf 1991 Springer)
• Ketil Stølen. A method for the development of totally correct shared-state parallel programs. In Proc. 2nd International Conference on Concurrency Theory (CONCUR'91), LNCS 527, pages 510-525, Springer, 1991. (https://doi.org/10.1007/3-540-54430-5_110) (pdf 1991 Springer)

Created: January 1, 1999. Last updated: September 16, 2024.