The SECURIS Dissemination

PhD theses

  • Fredrik Seehusen. Model driven security: Exemplified for information flow properties and policies. PhD-thesis, Faculty of Mathematics and Natural Sciences, University of Oslo, 2009.
  • Id Hogganvik. A graphical approach to security risk analysis. PhD-thesis, Faculty of Mathematics and Natural Sciences, University of Oslo, 2007.

Papers in periodicals

  • Fredrik Seehusen. Specifying enforceable high level policies with UML sequence diagrams. In Teletronikk, volume 105, no 1, pages 126-134, Telenor, 2009.
  • Fredrik Seehusen, Ketil Stølen. Information flow security, abstraction, and composition. In IET Information Security, volume 3, pages 9-33, Institution of Engineering and Technology, 2009.
  • Fredrik Seehusen, Bjørnar Solhaug, Ketil Stølen. Adherence preserving refinement of trace-set properties in STAIRS: exemplified for information flow properties and policies. In Journal of Software and Systems Modeling, volume 8, pages 45-65, 2009.
  • Folker den Braber, Ida Hogganvik, Mass Soldal Lund, Ketil Stølen, Fredrik Vraalsen. Model-based security analysis in seven steps – a guided tour to the CORAS method. BT Techology Journal, 25(1):101-117, January 2007.
  • Folker den Braber, Arne Bjørn Mildal, Jone Nes, Ketil Stølen, Fredrik Vraalsen. Experiences from using the CORAS methodology to analyze a web application. Journal of Cases in Information Technology, 7(3): 110-130, 2005.

Papers in proceedings of international conferences

  • Fredrik Seehusen, Ketil Stølen. Using UML to specify high-level policies that can be enforced by run-time monitoring. In Proc. 9th IEEE Workshop on Policies for Distributed Systems and Networks (POLICY'2008), pages 70-73, IEEE Computer Society, 2008.
  • Gyrd Brændeland, Heidi E.I. Dahl, Iselin Engan, Ketil Stølen. Using dependent CORAS diagrams to analyse mutual dependency. In Proc. 2nd International Workshop on Critical Information Infrastructure Security (CRITIS'2007), LNCS 5141, pages 13-148, Springer, 2008.
  • Ida Hogganvik, Ketil Stølen. A Graphical Approach to Risk Identification, Motivated by Empirical Investigations. In 9th International Conference on Model Driven Engineering Languages and Systems (MoDELS 2006), number 4199 in Lecture Notes in Computer Science, pages 574-588, Springer, 2006.
  • Tobias Mahler, Fredrik Vraalsen. Legal Risk Management for an E-Learning Web Services Collaboration. In, Sylvia M. Kierkegaard (ed.), Proceedings of the First International Conference on Legal, Privacy and Security Issues in IT (LSPI'06), Legal, privacy and security issues in information technology - volume 1, Complex number 3, pages 503-523, 2006.
  • Fredrik Seehusen, Ketil Stølen. Information flow property preserving transformation of UML interaction diagrams. 11th ACM Symposium on Access Control Models and Technologies (SACMAT'06), pages 150-159. ACM, 2006.
  • Ida Hogganvik, Ketil Stølen. Risk analysis terminology for IT-systems: Does it match intuition? In Proc. 4th International Symposium on Empirical Software Engineering (ISESE 2005), pages 13-23, ISBN: 0-7803-9508-5, IEEE Computer Society, 2005.
  • Fredrik Seehusen, Ketil Stølen. Graphical specification of dynamic network structure. In Proc. Seventh International Conference on Enterprise Information Systems (ICEIS 2005), volume 3, pages 203-210, INSTICC Press, 2005.
  • Fredrik Vraalsen, Mass Soldal Lund, Tobias Mahler, Xavier Parent, Ketil Stølen. Specifying legal risk scenarios using the CORAS threat modelling language. In Proc. Third International Conference on Trust Management (iTrust'05), number 3477 in Lecture Notes in Computer Science, pages 45-60, Springer-Verlag, 2005.
  • Gyrd Brændeland, Ketil Stølen. Using risk analysis to assess user trust – A net-bank scenario. In Proc. Second International Conference on Trust Management (iTrust 2004), number 2995 in Lecture Notes in Computer Science, pages 146-160, Springer-Verlag, 2004.

Papers in proceedings of workshops and minor conferences

  • Gyrd Brændeland and Ketil Stølen. A semantic paradigm for component-based specification integrating a notion of security risk. In Proc. 4th International Workshop on Formal Aspects in Security and Trust (FAST'06), number 4691 in Lecture Notes in Computer Science, pages 31-46, Springer, 2007.
  • Heidi E. I. Dahl, Ida Hogganvik, Ketil Stølen. Structured semantics for the CORAS security risk modelling language. In Pre-proceedings of the 2nd International Workshop on Interoperability solutions on Trust, Security, Policies and QoS for Enhanced Enterprise Systems (IS-TSPQ'07). Report B-2007-3, pages 79-92, Deparmtne of Computer Science, University of Helsinki, 2007.
  • Fredrik Seehusen and Ketil Stølen. Maintaining information flow security under refinement and transformation. In Proc. 4th International Workshop on Formal Aspects in Security and Trust (FAST'06), number 4691 in Lecture Notes in Computer Science, pages 143-157, Springer, 2007.
  • Gyrd Brændeland, Ketil Stølen. Using model-based security analysis in component-oriented system development. In 2nd ACM workshop on Quality of Protection (QoP'06), pages 11-18. ACM Press, 2006.
  • Ida Hogganvik, Ketil Stølen. On the Comprehension of Security Risk Scenarios. In Proc. 13th International Workshop on Program Comprehension (IWPC 2005), pages 115-124, IEEE Computer Society, 2005.

Chapters in books and collections

  • Fredrik Vraalsen, Tobias Mahler, Mass Soldal Lund, Ida Hogganvik, Folker den Braber, Ketil Stølen. Assessing enterprise risk level: The CORAS approach. In Advances in Enterprise Information Technology Security, Djamel Khadraoui, Francine Herrmann (eds), pages 311-333, Information Science Reference, 2007.
  • Folker den Braber, Mass Soldal Lund, Ketil Stølen, Fredrik Vraalsen. Integrating security in the development process with UML. In Encyclopedia of Information Science and Technology, pages 1560-1566, Idea Group, 2005.

Abstracts in proceedings

  • Gyrd Brændeland, Heidi E. I. Dahl, Iselin Engan, Ketil Stølen. Using Dependent CORAS diagrams to analyse mutual dependency. NOrdic workshop and doctoral symposium on DEpendability and Security (NODES'07). Åbo Akademi Reports on Computer Science & Mathematics, Ser. B, No 37, 2007.
  • Fredrik Seehusen, Ketil Stølen. Partial security policy specification enforcable by monitoring. NOrdic workshop and doctoral symposium on DEpendability and Security (NODES'07). Åbo Akademi Reports on Computer Science & Mathematics, Ser. B, No 37, 2007.
  • Fredrik Seehusen, Ketil Stølen. Information flow security, refinement, and UML interaction diagrams. Extended abstract in Presentation abstracts of 17th Nordic Workshop on Programming Theory (NWPT'05), pages 126-128, DIKU, 2005.

Posters and tool demonstrations

  • Fredrik Vraalsen, Folker den Braber, Mass Soldal Lund, Ketil Stølen. The CORAS tool for security risk analysis. Demonstration at Third Intenational Conference on Trust Management (iTrust'05), Paris, France, May 24, 2005. Published in Proc. iTrust'05, number 3477 in Lecture Notes in Computer Science, pages 402-405, Springer-Verlag, 2005.
  • Fredrik Vraalsen. The CORAS platform for model based security risk analysis. At Fourth Working IEEE/IFIP Conference on Software Architecture (WICKSA'2004), Oslo, June 2004.
  • Fredrik Vraalsen. The CORAS tool for model-based security risk analysis. Poster and demo, Second International Conference on Trust Management (iTrust'04), Oxford, March 29-April 1, 2004.
  • Fredrik Seehusen. Et dataflytspråk for modellering av store hetrogene nettverk. Poster, sesjon Yngre Forskere, det 56. Studiemøtet Elektronikk og Data, Lillehammer, June 2003.

Public seminars

  • Sikkerhetspolicies: Kun pynt, eller lar de seg håndheve? Seminar organized by Abelia Innovasjon and SINTEF ICT, Oslo, Norway, November 23, 2006.
  • Hva er en sikkerhetspolicy, og hvorfor er den viktig? Seminar organized by Abelia Innovasjon and SINTEF ICT, Oslo, Norway, March 23, 2006.
  • Hvordan oppnå et bevisst forhold til eksisterende sikkerhetstrusler? Seminar organized by Abelia and SINTEF ICT, Fornebu, Norway, June 15, 2006.
  • Ingen Sikkerhet uten Risikoanalyse. Seminar organized by Abelia Innovasjon and SINTEF ICT, Oslo, Norway, November 24, 2005.
  • Meeting of the CORAS user group. Organized by SINTEF ICT, co-located with the SAFECOMP 2005 conference, Fredrikstad, Norway, September 26, 2005.
  • Sikkerhetsstandarder og sertifisering. Seminar organized by Abelia Innovasjon and SINTEF ICT, Oslo, Norway, September 22, 2005.
  • Sikkerhetsinnbrudd – oppdagelse og forebygging. Seminar organized by Abelia Innovasjon and SINTEF ICT, Oslo, Norway, June 9, 2005.
  • Sikkerhet på tvers – hvordan bygge sikkerhet på tvers av virksomheter og organisasjoner. Seminar organised by Abelia Innovasjon and SINTEF ICT, Oslo, November 25, 2004.
  • Meeting of the CORAS user group. Organized by SINTEF ICT, Oslo, November 24, 2004.
  • Brukervennlighet og sikkerhet – den skjulte avhengigheten. Seminar organized by Abelia Innovasjon and SINTEF ICT, Oslo, September 23, 2004.
  • Sikkerhet, tillit og personvern. Seminar orginised by Kompetansenettverket Informasjonssikkerhet i Abelia innovasjon and SINTEF ICT, Oslo, June 24, 2004.
  • Kurs i modellbasert sikkerhetsanalyse. Seminar organised by Faggruppe Informasjonssikkeret Abelia Innovasjon, IFE, NST, SINTEF ICT and Telenor, Oslo, March 5, 2004.
  • Modellbasert sikkerhetsanalyse. Seminar organised by Faggruppe Informasjonssikkeret Abelia Innovasjon, IFE, NST, SINTEF ICT and Telenor, Oslo, March 4, 2004.
  • Brukervennlig Websikkerhet. Seminar organised by Faggruppe Informassjonssikkerhet Abelia Innovasjon and SINTEF Telecom and Informatics, September 11, 2003.
  • Hvilke trusler finnes – og hva gjør vi med dem? Seminar on IT Security organised by SINTEF Telecom and Informatics, Oslo, March 6, 2003.
  • Parallellsesjon om informasjonssikkerhet ved Abelia Innovasjons fagkonferanse. Seminar organised by Faggruppe Informasjonssikkerhet Abelia Innovasjon and SINTEF Telecom and Informatics, Klækken, November 27, 2003.

Popular scientific articles

  • Folker den Braber, Ketil Stølen. Sikkerhetsanalyse: Egne ansatte, en trussel mot sikkerheten? Ledernett 4, pages 72-73, 2005.
  • Folker den Braber, Ketil Stølen. Tillit, sikkerhet og personvern. Computerworld, February 11, 2005.

Press coverage

  • Sikkerhetsgruppe etablert. Internettavisen digi.no, March 15, 2004.
  • Brukergruppe for sikkerhet. Computerworld, internettside, March 15, 2004.
  • Ny standard for sikkerhet. Teknisk Ukeblad, number 11, page 40, April 16, 2004.
  • Norsk sikkerhetsstandard i EU. Teknisk Ukeblad, internettside, July 1, 2004.
  • Det positive i å vite om det negative. Gemini, number 2, page 6, 2003.
  • Spiller seg til sikkerhet. Ukeavisen Telecom, March 13, page 10, 2003.
  • Sikkerhet for viktig for industrien alene. Ukeavisen Telecom, March 13, page 10, 2003.
  • Helt usannsynlig. Dagens Næringsliv, March 11, 2003.
  • Psykologikunnskap gir brukervennlig it-sikkerhet. Ukeavisen Ledelse, November 21, 2003.

Selected presentations and tutorials

  • Folker den Braber. Håndheving av sikkerhetspolicies i mobile applikasjoner. Presentation at Seminar "Sikkerhetspolicies: Kun pynt, eller lar de seg håndheve?" organized by Abelia Innovasjon and SINTEF ICT, Oslo, Norway, November 23, 2006.
  • Ida Hogganvik. Retningslinjer for scenariobasert trusseldokumentasjon, erfaringer fra praksis. Presentation at seminar "Hvordan oppnå et bevisst forhold til eksisterende sikkerhetstrusler?" organized by Abelia and SINTEF ICT, Fornebu, Norway, June 15, 2006.
  • Mass Soldal Lund. Oversikt over metodar og teknikkar for å beskrive truslar. Presentation at seminar "Hvordan oppnå et bevisst forhold til eksisterende sikkerhetstrusler?", Fornebu, Norway, June 15, 2006.
  • Ketil Stølen. En oversikt over forskjellige aspekter ved sikkerhetspolicies. Presentation at seminar "Hva er en sikkerhetspolicy, og hvorfor er den viktig?", organized by Abelia Innovasjon and SINTEF ICT, Oslo, Norway, MArch 23, 2006.
  • Ketil Stølen. Hvordan oppnå et bevisst forhold til eksisterende sikkerhetstrusler?. Presentationa at seminar "Hvordan oppnå et bevisst forhold til eksisterende sikkerhetstrusler?" organized by Abelia and SINTEF ICT, Fornebu, Norway, June 15, 2006.
  • Ketil Stølen. Hva er vitsen med sikkerhetspolicies? Presentation at Seminar "Sikkerhetspolicies: Kun pynt, eller lar de seg håndheve?" organized by Abelia Innovasjon and SINTEF ICT, Oslo, Norway, November 23, 2006.
  • Fredrik Vraalsen. Model-based risk analysis of trust , security and legal issues using CORAS. Tutorial at the CAISE'06 conference, Luxembourg, June 6, 2006.
  • Folker den Braber. Dokumentasjon av risiko på en måte som folk forstår. Presentation at seminar "Ingen sikkerhet uten risikoanalyse", organised by Abelia Innovasjon and SINTEF ICT, Oslo, Norway, November 24, 2005
  • Folker den Braber, Mass Soldal Lund, Fredrik Vraalsen. Model-based analysis of security and trust using CORAS. Tutorial at the SAFECOMP 2005 conference, Fredrikstad, Norway, September 26, 2005.
  • Folker den Braber. Virusangrep, en klassifisering. Presentation at seminar "Sikkerhetsinnbrud – oppdagelse og forebygging" organised by Abelia Innovasjon and SINTEF ICT, Oslo, June 9, 2005.
  • Ida Hogganvik. Different risk concepts. Presentation at NONSTOPP seminar, organized in connection to SAFECOMP 2005, Fredrikstad, Norway, September 26, 2005.
  • Mass Soldal Lund, Fredrik Vraalsen. Analysing trust, security & legal issues using CORAS. Tutorial at Third International Conference on Trust Management (iTrust'05), Paris, France, May 23, 2005.
  • Ketil Stølen. Sikkerhetsstandarder og sertifisering – en oversikt. Presentation at seminar "Sikkerhetsstandarder og sertifisering" organized by Abelia Innovasjon and SINTEF ICT, Oslo, Norway, September 22, 2005.
  • Ketil Stølen. Experiences from CORAS and other EU-projects. Presentation at seminar and workshop organised by the IKT-SOS research program, Gardermoen, March 1, 2005.
  • Ketil Stølen. Sikkerhet og tillit – hva er sammenhengen?. Presentation at seminar "Sikkerhet og tillit – fra et tverrfaglig perspektiv", organized by Abelia Innovasjon and SINTEF ICT, Oslo, March 17, 2005.
  • Ketil Stølen. CORAS oversikt. Presentation given for the BAS5-project, University of Stavanger, April 4, 2005.
  • Ketil Stølen. Spesifikasjonsmetodikk for sikre systemer. Presentation given at Tekna-seminar "Risiko og Sikkerhet i IKT-Systemer", Oslo, March 10, 2005.
  • Ketil Stølen. Risikoanalyse og sikkerhet – en oversikt. Presentation at seminar "Ingen sikkerhet uten risikoanalyse", organised by Abelia Innovasjon and SINTEF ICT, November 24, 2005
  • Fredrik Vraalsen. Sikkerhetsanalyse ved hjelp av CORAS. Presentation at seminar "Ingen sikkerhet uten risikoanalyse", organised by Abelia Innovasjon and SINTEF ICT, Oslo, Norway, November 24, 2005
  • Fredrik Vraalsen, Mass Soldal Lund, Folker den Braber. Analysing a telenetwork and its teleservices using CORAS. Tutorial held for the BAS5-project. Oslo, May 4, 2005.
  • Folker den Braber. Navigering og presentasjon av metodikk i CORAS verktøyet. Presentation at meeting of the CORAS user group, Oslo, November 24, 2004.
  • Folker den Braber, Mass Soldal Lund, Ketil Stølen, Fredrik Vraalsen. Reuse of security assessment results under design and maintenance of IT systems. Invited presentation at "recent Object Oriented trends (rOOts 2004)", Bergen, Norway, April 28-30, 2004. Published in the electronic proceedings of rOOts 2004: http://roots.dnd.no/downloads/2004/downloads.html.
  • Gyrd Brændeland. Metodikk for å sikre og bygge tillit. Invited presentation at seminar "Sikkerhet tillit og personvern" organised by Kompetansenettverket Informasjonssikkerhet i Abelia innovasjon and SINTEF ICT, June 24, 2004.
  • Ida Hogganvik. Empiriske eksperimenter, resultater fra anvendelse av CORAS. Presentation at meeting of the CORAS user group, Oslo, November 24, 2004.
  • Ida Hogganvik. A conceptual specification for architectural description in risk analysis with basis in IEEE 1471. Presented at Symposium on Risk Analysis and Management Cybernetics, InterSymp 2004, Baden-Baden, August 4, 2004.
  • Ida Hogganvik. Kontekstidentifikasjon av en autentiseringsmekanisme. Presentation at seminar "Kurs i modellbasert sikkerhetsanalyse" organised by Faggruppe Informasjonssikkerhet Abelia Innovasjon, NST, IFE, Telenor and SINTEF, March 5, 2004.
  • Mass Soldal Lund. CORAS UML profil for å understøtte legal analyse. Presentation at meeting of the CORAS user group, Oslo, November 24, 2004.
  • Ketil Stølen. Modellbasert sikkerhetsanalyse. Presentation given at the Department of Informatics, University of Oslo. Oslo, January 27, 2004.
  • Ketil Stølen. Veien videre. Presentation at seminar "Modellbasert sikkerhetsanalyse" organised by Faggruppe Informasjonssikkerhet Abelia Innovasjon, NST, IFE, Telenor and SINTEF, March 4, 2004.
  • Ketil Stølen. Sikkerhet, tillit og personvern: Ser vi sammenhengen nå?. Invited presentation at seminar "Sikkerhet tillit og personvern" organised by Kompetansenettverket Informasjonssikkerhet i Ablie innovasjon and SINTEF ICT, June 24, 2004.
  • Ketil Stølen. Participation in panel "Examining Trust Management Models from Different Perspectives", Workshop on Formal Aspects in Security and Trust (FAST 2004), Toulouse, August 26, 2004.
  • Fredrik Vraalsen. CORAS-verktøy for modellbasert sikkerhetsanalyse. Presentation at seminar on "Modellbasert sikkerhetsanalyse" organised by Faggruppe Informasjonssikkerhet Abelia Innovasjon, NST, IFE, Telenor and SINTEF, March 4, 2004.
  • Fredrik Vraalsen. Versjon 2.0b1 av CORAS-verktøyet for modell-basertsikkerhetsanalyse. Presentation at meeting of the CORAS user group, Oslo, November 24, 2004.
  • Folker den Braber. Hvordan å analysere systemer med hensyn til IT-sikkerhet. Presentation at SINTEF seminar on IT-security, Oslo, March 6, 2003.
  • Folker den Braber. Verktøystøttet metodikk for modellbasert risikoanalyse av IT-systemer. Presentation at ISF-conference, Tønsberg, September 2, 2003.
  • Folker den Braber. SECURIS. Presentation at NFR programseminar for prosjekter i IKT-programmet, Lillestrøm, September 9, 2003
  • Folker den Braber. Modellbasert risikoanalyse. Guest lecture held for INF1000 students at the University of Oslo, November 15, 2003.
  • Ida Hogganvik. Modelldrevet sikkerhetsanalyse – utfordringer i SECURIS prosjektet. Presentation at "Abelia Innovasjons Fagkonferanse", Klækken, November 27, 2003.
  • Mass Soldal Lund. Modellering av trusler og tiltak – en UML profil for sikkerhetsanalyse. Presentation at "Abelia Innovasjons Fagkonferanse", Klækken, November 27, 2003.
  • Fredrik Seehusen. SECURIS. Presentation at NFR-Seminar "Forskningsutfordringer innen IKT sikkerhet og sårbarhet", Gardermoen, September 15, 2003.
  • Ketil Stølen. FoU-utfordringer innen IT-sikkerhet, eksempler fra utvalgte prosjekter. Presentation at SINTEF seminar on IT-security, Oslo, March 6, 2003.
  • Ketil Stølen. Modellering i UML innenfor ulike områder – Informasjonsikkerhet. Presentation at "Abelia Innovasjons Fagkonferanse", Klækken, November 26, 2003.
  • Fredik Vraalsen. Hvordan teste og analysere sikkerhet? Presentation at Seminar on "Brukervennlig Websikkerhet" organised by Faggruppe Informassjonssikkerhet Abelia Innovasjon and SINTEF Telecom and Informatics, September 11, 2003.
  • Fredrik Vraalsen. CORAS-metodikken og -verktøy for sikkerhetsanalyse. Presentation at "Abelia Innovasjons Fagkonferanse", Klækken, November 27, 2003.

Technical reports (public ones)

  • Fredrik Seehusen, Ketil Stølen. A method for model-driven information flow security. Technical report SINTEF A11357, SINTEF ICT, March 2009.
  • Fredrik Seehusen, Mass Soldal Lund, Ketil Stølen. A transformational approach to facilitate monitoring of high level policies. Technical report SINTEF A11356, SINTEF ICT, March 2009.
  • Heidi E. I. Dahl and Ida Hogganvik and Ketil Stølen. Structured semantics for the CORAS security risk modelling language. Technical report STF07 A970, SINTEF ICT, 2007.
  • Ida Hogganvik, Mass Soldal Lund, Ketil Stølen. Quality evaluation of the CORAS UML profile. Technical report A2199, SINTEF ICT, 2007.
  • Ida Hogganvik, Ketil Stølen. Investigating preferences in graphical risk modeling. Technical report SINTEF A57, SINTEF ICT, 2007.
  • Atle Refsdal, Bjørnar Solhaug. Evaluations of methodology and tools used during the 8th SECURIS field trail. Technical report A1532, SINTEF ICT, June 2007.
  • Gyrd Brændeland, Ida Hogganvik, Iselin Engan. Evaluation of the methodology and tool used during the 7th field trial of SECURIS. Technical report STF90 A06031, SINTEF ICT, March 2006.
  • Ida Hogganvik, Ketil Stølen. Risk analysis terminology for IT systems: Does it match intuition?. Technical report STF90 A06034, SINTEF ICT, 2006.
  • Fredrik Seehusen and Ketil Stølen. Maintaining information flow security under refinement and transformation. Technical report SINTEF A311, SINTEF ICT, 2006.
  • Fredrik Seehusen and Ketil Stølen. Information flow property preserving transformation of UML interaction diagrams. Technical report STF90 A06030, SINTEF ICT, 2006.
  • Ida Hogganvik, Ketil Stølen. Empirical investigations of the CORAS language for structured brainstorming. Technical report STF90 A05041, SINTEF ICT, 2005.
  • Folker den Braber, Mass Soldal Lund, Ketil Stølen. Using the CORAS Threat Modelling Language to Document Threat Scenarios for several Microsoft relevant Technologies. Techical report STF90 A04057, SINTEF ICT, July 2004.
  • Ida Hogganvik, Ketil Stølen. A conceptual specification for architectural descriptions in risk analysis with basis in IEEE Std 1471. Technical report STF90 A04036, SINTEF ICT, April 2004.
  • Mass Soldal Lund, Folker den Braber, Ketil Stølen, Fredrik Vraalsen. A UML profile for the identification and analysis of security risks during structured brainstorming. Technical report STF40 A03067, SINTEF ICT, May 2004.
  • Fredrik Seehusen, Ketil Stølen. Graphical specification of dynamic network structure. Technical report STF90 A04042, SINTEF ICT, June 2004.
  • Fredrik Vraalsen, Folker den Braber, Ida Hogganvik, Mass Soldal Lund, Ketil Stølen. The CORAS tool-supported methodology for UML-based security analysis. Technical report STF90 A04015, SINTEF ICT, February 2004.

Contributions to standardization

  • UML Profile for Modeling Quality of Service and Fault Tolerance Characteristics and mechanisms. OMG document formal/06-05-02, Object Management Group, May 2006.

Created: May 13, 2003. Last updated: June 1, 2010.