We do research on methodology and tools aiming to simplify specification, development, maintenance, documentation and certification within the security field. This work is based on international standards for security (ISO/IEC 27002, Common Criteria), risk management (ISO/FDIS 31000, ISO/DGuide 73, AS/NZS 4360), system documentation (RM-ODP) and modelling (UML - Unified Modelling Language).

We focus in particular on the following areas:

• Model-based security analysis
• Model-driven security architecture
• Model-based quality prediction
• System modelling, refinement, and semantics
• Trust management
• Tools for analysis and documentation 
• Empirical research on methods and tools

Ongoing projects:

• DIAMONDS - Effort-dependent technologies for multi-domain risk-based security testing (NFR-project, 2010-2014)
• DIGIT - Digital interoperability with trust (NFR-project, 2007-2010)
• EMERGENCY - Mobile decision support in emergency situations (NFR-project, 2008-2012)
• FRISK - Framework for Risk Management of Welfare Services (SINTEF ICT project, 2012)
• NESSoS - Network of Excellence on Engineering Secure Future Internet Software Services and Systems (EU-project, 2010-2014)
• SecureChange - Security Engineering for Lifelong Evolvable Systems (EU-project, 2009-2012)

Completed projects:

• COBRA - Component-based security assessment (NFR-project, 2002)
• COMA - Component-oriented model-based security analysis (NFR-project, 2004-2007)
• CORAS - A tool-supported methodology for model-based risk analysis of security critical systems (EU-project, 2001-2003)
• ENFORCE - Tool supported methodology for the formalization, analysis and enforcement of policies within trust managment (NFR-project, 2005-2009)
• iTrust - Working group on trust management in dynamic open systems (EU-project, 2002-2005)
• MASTER - Managing Assurance, Security and Trust for sERvices (EU-project, 2008-2011)
• S3MS - Security of Software and Service for Mobile Systems (EU-project, 2006-2008)
• SARDAS - Securing availability by robust design, assessment and specification (NFR-project, 2003-2006)
• SECURIS - Model-driven development and analysis of secure information systems (NFR-project, 2003-2006)
• TrustCom - A trust and contract management framework enabling secure collaborative business processing in on-demand created, self-managed, scalable, and highly dynamic virtual organisations (EU-project, 2004-2007)