Stølen, Ketil - Institutt for Informatikk, Universitetet i Oslo

• &25$6 $ )UDPHZRUN IRU 5LVN $QDO\VLV RI 6HFXULW\ &ULWLFDO 6\VWHPV Ketil Stlen
• The CORAS approach for model-based risk management
• An Exercise in Conditional Re nement Ketil St len1 and Max Fuchs2
• Model-based Risk Assessment What does model-based mean?
• BT Technology Journal Vol 25 No 1 January 2007 101 Model-based security analysis in seven steps
• A Component-oriented Approach to Security Risk Mass Soldal Lund, Folker den Braber, Ketil Stlen
• An Attempt to Embed a Restricted Version of SDL as a Target Language in Focus
• SPECIFICATION OF DYNAMIC RECONFIGURATION IN THE CONTEXT
• Ad Hoc Networks and Mobile Devices in Emergency Response a Perfect Match?
• Fredrik Seehusen -Hovedfagsoppgave Institutt for Informatikk, Universitetet i Oslo SINTEF Tele og Data Et dataflytsprk for modellering av store heterogene nettverk (del 2)
• Specifying Legal Risk Scenarios Using the CORAS Threat Modelling Language
• Why Risk Assessment? Because ...
• An Attempt to Embed a Restricted Version of SDL as a Target Language in Focus
• SINTEF A2199 -Unrestricted Quality Evaluation of the
• Employing key indicators to provide a dynamic risk picture with a notion of confidence
• Specification and Refinement of Finite Dataflow Networks --a Relational Approach*
• STF90 A04042 -Unrestricted Graphical Specification of Dynamic
• TABLE OF CONTENTS 1 Introduction.................................................................................................................................... 1
• Specifying Computer Systems with Probabilistic Sequence Diagrams
• The CORAS Framework for a Model-Based Risk Management Process
• Extending UML Sequence Diagrams to Model Trust-dependent Behavior With the Aim to
• A Method for the Development of Totally Correct Shared-State Parallel Programs
• P. Stevens et al. (Eds.): UML 2003, LNCS 2863, pp. 388402, 2003. Springer-Verlag Berlin Heidelberg 2003
• Model-Driven Risk Analysis
• CORAS Integration Platform About Coras Platform
• Formal Aspects of Computing (2001) 13: 131 c 2001 BCS Formal Aspects
• 4 Semantics of UML Models for Dynamic A Survey of Different Approaches
• 0DLQWDLQLQJ 5HVXOWV IURP 6HFXULW\ $VVHVVPHQWV Mass Soldal Lund, Folker den Braber, Ketil Stlen
• Speci cation of Dynamic Networks Ketil St leny
• MSc-topics offered by Ketil Stlen Email: kst@sintef.no
• A Model for Mobile Point-to-Point Data-flow Networks without Channel Sharing
• Reliability, Risk and Safety Ale, Papazoglou & Zio (eds) 2010 Taylor & Francis Group, London, ISBN 978-0-415-60427-7
• Euroweb 2002 --The Web and the GRID: from e-science to e-business 1 Model based Security Risk Analysis for Web
• A Transformational Approach to Facilitate Monitoring of High Level Policies
• The CORAS Tool for Security Risk Analysis Fredrik Vraalsen, Folker den Braber, Mass Soldal Lund, and Ketil Stlen
• A Method for Model-Driven Information Flow Fredrik Seehusen1,2
• Reliability, Risk and Safety Ale, Papazoglou & Zio (eds) 2010 Taylor & Francis Group, London, ISBN 978-0-415-60427-7
• Electron Commer Res DOI 10.1007/s10660-010-9063-z
• 49MAY 2010Published by the IEEE Computer Society0018-9162/10/$26.00 2010 IEEE COVER FEATURECOVER FEATURE
• Idea: A Feasibility Study in Model Based Prediction of Impact of Changes on System
• Softw Syst Model DOI 10.1007/s10270-008-0102-3
• This article appeared in a journal published by Elsevier. The attached copy is furnished to the author for internal non-commercial research
• Why Trust is not proportional to Risk Bjornar Solha~g'?~,Dag Elgesem' and Ketil S t ~ l e n ~ . ~
• Structured Semantics for the CORAS Security Risk Modelling Language
• A Fully General Operational Semantics for UML 2.0 Sequence Diagrams
• O. Nierstrasz et al. (Eds.): MoDELS 2006, LNCS 4199, pp. 574 588, 2006. Springer-Verlag Berlin Heidelberg 2006
• Deriving Tests from UML 2.0 Sequence Diagrams with neg Mass Soldal Lund and Ketil Stlen
• 0-7803-9508-5/05/$20.00 2005 IEEE Risk Analysis Terminology for IT-systems: Does it match intuition?
• Specification and Refinement of Soft Real-Time Requirements Using Sequence Diagrams
• How to transform UML neg into a useful construct Ragnhild Kobro Runde1 ystein Haugen1 Ketil Stlen1,2
• ([SHULHQFHV IURP 8VLQJ 06& 80/ DQG 6'/ LQ WKH 'HYHORSPHQW RI WKH )$0( &RPPXQLFDWLRQ 0DQDJHU
• Measuring the Effect Of Formalization KETIL STLEN, PETER MOHN*
• Using Relations on Streams to Solve the RPC-Memory Specification Problem
• A Refinement Relation Supporting the Transition from Unbounded
• HOPSA | a High-level Programming Language for Parallel Computations
• SOFSEM'92 | Zdiar, Magura, Vysoke Tatry, 22.11. | 4.12.1992 TOP-DOWN DESIGN OF TOTALLY CORRECT
• An Attempt to Reason about Shared-State Concurrency in the Style of VDM
• Compositional Refinement of Policies in UML Exemplified for Access Control
• STF07 A970 -Unrestricted Structured Semantics for the
• Specifying Policies Using UML Interactions An Evaluation Based on a Case Study
• SINTEF A57 -Unrestricted Investigating Preferences
• UNIVERSITY OF OSLO Department of Informatics
• STF90 A05041 Empirical Investigations of the CORAS
• STF90 A04036 -Unrestricted A Conceptual Specification for
• STF90 A04015 -Unrestricted The CORAS Tool-Supported
• UNIVERSITAT INSTITUT FUR INFORMATIK
• UNIVERSITAT INSTITUT FUR INFORMATIK
• A Re nement Relation Supporting the Transition from Unbounded to Bounded Communication Bu ers
• Specification and Refinement of Finite Dataflow Networks --a Relational Approach
• Policy Specification Using Sequence Diagrams
• Judith E. Y. Rosseb Dynamic Composition of Services
• Model-Driven Security: Exemplified for Information Flow Properties and Policies
• Operational analysis of sequence diagram specifications
• Fredrik Seehusen -Hovedfagsoppgave Institutt for Informatikk, Universitetet i Oslo SINTEF Tele og Data Et dataflytsprk for modellering av store heterogene nettverk (del 1)
• Testing Decomposition of Component Specifications Based on a Rule for Formal Verification
• .HWLO 6WOHQ ([HFXWLYH VXPPDU\
• The Consortium The CORAS consortium consists
• SINTEF REPORT UML profile for security assessment
• UNIVERSITAT INSTITUT FUR INFORMATIK
• An Attempt to Reason about Shared-State Concurrency in the Style of VDM
• University of Oslo Department of Informatics
• Maintaining Information Flow Security Under Refinement and Transformation
• A Method for the Development of Totally Correct Shared-State Parallel Programs
• Compositional Refinement of Policies in UML Exemplified for Access Control
• Assumption/Commitment Rules for Dataflow Networks with an
• Information Flow Security, Abstraction, and Composition
• Using Model-based Security Analysis in Component-oriented System Development
• GRAPHICAL SPECIFICATION OF DYNAMIC NETWORK Fredrik Seehusen and Ketil Stlen
• Page 1 27/09/2010 Effort-dependent technologies for multi-domain risk-based
• This article appeared in a journal published by Elsevier. The attached copy is furnished to the author for internal non-commercial research
• UNIVERSITAT INSTITUT FUR INFORMATIK
• Preservation of Policy Adherence under Refinement Bjrnar Solhaug1,2
• A Semantic Paradigm for Component-Based Specification Integrating a Notion of Security Risk
• DIGIT Project description Recent years we have seen an unprecedented acceleration in the evolution and expansion of
• STFY40 A03062 -Unrestricted An Experience Repository Supporting
• SpecifyingPolicies Using UML SequenceDiagrams -An EvaluationBased on a Case Study
• Towards a UML Profile for Model-Based Risk Siv Hilde Houmb1
• Programming Science of ComputerProgramming26 (1996) 255-272
• Model-based Risk Assessment to Improve Enterprise Security Jan yvind Aagedal
• Risk Analysis Terminology for IT systems: Does it match Intuition?
• Using Dependent CORAS Diagrams to Analyse Mutual Dependency
• Formal Aspects of Computing (1996) 8:127-161 9 1996 BCS Formal Aspects
• UNIVERSITY OF OSLO Department of Informatics
• A UML-based Method for the Development of Policies to Support Trust Management
• SINTEF REPORT A modular approach to the modelling and analysis of risk
• The CORAS Approach for Model-based Risk Management applied to e-Commerce Domain
• University of Oslo Department of Informatics
• TABLE OF CONTENTS 1 Introduction ...........................................................................................................................5
• SINTEF REPORT A UML profile for the identification and analysis of security
• 1 Introduction 1.1 Background
• Besks adresse: Forskningsparken
• Information Flow Property Preserving Transformation of UML Interaction Diagrams
• Using Risk Analysis to Assess User Trust A Net-Bank Scenario
• Development of a Distributed Min/Max Component
• Interval-based Uncertainty Handling in Model-based Prediction of System Quality Aida Omerovic and Ketil Stlen
• ([SHULHQFHV IURP XVLQJ PRGHOEDVHG ULVN DVVHVVPHQW WR HYDOXDWH WKH VHFXULW\ RI D WHOHPHGLFLQH DSSOLFDWLRQ
• On the Comprehension of Security Risk Scenarios Ida Hogganvik, Ketil Stlen
• University of Oslo Department of Informatics
• 0RGHOEDVHG ULVN DVVHVVPHQW WKH &25$6 DSSURDFK .HWLO 6WOHQ1
• SINTEF REPORT Using the CORAS Threat Modelling Language to Document
• University of Oslo Department of Informatics
• A Transformational Approach to Facilitate Monitoring of High-level Policies Fredrik Seehusen and Ketil Stlen
• Shared-state design modulo weak and strong process fairness Institut fur Informatik, Technischen Universitat Munchen, Postfach 20 24 20, Arcisstrasse 21,
• UNIVERSITETET I OSLO Institutt for informatikk
• Validation of Contract Decomposition by Testing Mass Soldal Lund
• UNIVERSITAT INSTITUT FUR INFORMATIK
• Development of SDL Speci cations in Focus Ketil St len
• A Graphical Approach to Security Risk Analysis
• UNIVERSITY OF OSLO Department of Informatics
• UNIVERSITY OF OSLO Department of Informatics
• Generic functionality in user interfaces for emergency Erik G. Nilsson
• Component-based risk analysis Doctoral Dissertation by
• Luigia Petre bo Akademi University, Finland
• SINTEF REPORT A UML profile for the identification and analysis of security
• Operational analysis of sequence diagram specifications
• A Re nement Relation Supporting the Transition from Unbounded to Bounded Communication Bu ers
• STF90 A05041 Empirical Investigations of the CORAS
• Development of a Distributed Min/Max Component
• University of Oslo Department of Informatics
• An Attempt to Reason about Shared-State Concurrency in the Style of VDM
• A Transformational Approach to Facilitate Monitoring of High Level Policies
• University of Oslo Department of Informatics
• Luigia Petre bo Akademi University, Finland
• University of Oslo Department of Informatics
• A Graphical Approach to Security Risk Analysis
• STFY40 A03062 -Unrestricted An Experience Repository Supporting
• UNIVERSITAT INSTITUT FUR INFORMATIK
• UNIVERSITAT INSTITUT FUR INFORMATIK
• UNIVERSITAT INSTITUT FUR INFORMATIK
• The Requirement and Design Speci cation Language Spectrum
• STF90 A04015 -Unrestricted The CORAS Tool-Supported
• A Method for the Development of Totally Correct Shared-State Parallel Programs
• Risk Analysis, Vol. 31, No. 11, 2011 DOI: 10.1111/j.1539-6924.2011.01636.x Reducing the Effort to Comprehend Risk Models: Text
• An Evaluation of the Graphical Modeling Framework (GMF) Based on the Development
• UNIVERSITY OF OSLO Department of Informatics
• SINTEF REPORT Using the CORAS Threat Modelling Language to Document
• Policy Specification Using Sequence Diagrams
• Generic functionality in user interfaces for emergency Erik G. Nilsson
• UNIVERSITY OF OSLO Department of Informatics
• Specifying Computer Systems with Probabilistic Sequence Diagrams
• University of Oslo Department of Informatics
• University of Oslo Department of Informatics
• 1 Introduction 1.1 Background
• University of Oslo Department of Informatics
• Specifying Policies Using UML Interactions An Evaluation Based on a Case Study
• UNIVERSITAT INSTITUT FUR INFORMATIK
• Preservation of Policy Adherence under Refinement Bjrnar Solhaug1,2
• Risk Analysis of Changing and Evolving Systems Using CORAS
• A Practical Approach to Uncertainty Handling and Estimate Acquisition in Model-based Prediction of System Quality
• TABLE OF CONTENTS 1 Introduction ...........................................................................................................................5
• Testing Decomposition of Component Specifications Based on a Rule for Formal Verification
• UNIVERSITETET I OSLO Institutt for informatikk
• STF07 A970 -Unrestricted Structured Semantics for the
• Assumption/Commitment Rules for Networks of
• UNIVERSITAT INSTITUT FUR INFORMATIK
• Int J Software Informatics, Volume 5, Issue 1-2 (2011), Part I, pp. 139157 E-mail: ijsi@iscas.ac.cn International Journal of Software and Informatics, ISSN 1673-7288 http://www.ijsi.org
• Besks adresse: Forskningsparken
• An Architectural Pattern for Enterprise Level Monitoring Tools Olav Skjelkvale Ligaarden, Mass Soldal Lund, Atle Refsdal, Fredrik Seehusen, and Ketil Stlen
• Traceability Handling in Model-based Prediction of System Quality Aida Omerovic and Ketil Stlen
• STF90 A04036 -Unrestricted A Conceptual Specification for
• University of Oslo Department of Informatics
• SINTEF REPORT A modular approach to the modelling and analysis of risk
• UNIVERSITY OF OSLO Department of Informatics
• Summary of Case Studies in FOCUS -a Design Method for Distributed Systems1
• DeSPoT: A Method for the Development and Specification of Policies for Trust
• Component-based risk analysis Doctoral Dissertation by
• Networked Systems and Services A19749-Unrestricted
• Judith E. Y. Rosseb Dynamic Composition of Services
• University of Oslo Department of Informatics
• SINTEF A2199 -Unrestricted Quality Evaluation of the
• A Method for Model-Driven Information Flow Fredrik Seehusen1,2
• Compositional Refinement of Policies in UML Exemplified for Access Control
• UNIVERSITAT INSTITUT FUR INFORMATIK
• PREDIQT: A Method for Model-based Prediction of Impacts of Architectural Design Changes on
• Specification and Refinement of Finite Dataflow Networks --a Relational Approach
• Model-Driven Security: Exemplified for Information Flow Properties and Policies
• Risk Analysis Terminology for IT systems: Does it match Intuition?
• ValidKI: A Method for Designing Key Indicators to Monitor the Fulfillment of Business Objectives
• University of Oslo Department of Informatics
• Uncertainty, Subjectivity, Trust and Risk: How It All Fits Together
• SINTEF REPORT UML profile for security assessment
• TABLE OF CONTENTS 1 Introduction.................................................................................................................................... 1
• STF90 A04042 -Unrestricted Graphical Specification of Dynamic
• An Attempt to Embed a Restricted Version of SDL as a Target Language in Focus
• STAIRS --Understanding and Developing Specifications Expressed as UML Interaction Diagrams
• UNIVERSITAT INSTITUT FUR INFORMATIK
• Evaluation of Experiences from Applying the PREDIQT Method in an Industrial Case Study
• SINTEF A57 -Unrestricted Investigating Preferences