To main content

Secure IoT Software

Secure IoT Software

We do research in Software Engineering, with a particular focus on the security and privacy aspects within the Internet of Things. Together with our partners, we develop and apply methods and tools for a safer and better digital society.

The Secure IoT Software group

Information and security technologies (ICT) have over several decades brought significant benefits to enterprises, individuals, and society as a whole. ICT and information infrastructures have become a cornerstone for a broad range of services that today we take for granted; people and organizations have access to more and better services than ever before within most areas of society, including banking and finance, communication, entertainment, health, power supply, social interactions, transportation and social participation. As a result, our daily lives, fundamental rights, economies and social security depend on ICT working seamlessly.

This is all the more exacerbated with the advent of the Internet-of-Things where ICT can now act on the physical world (by 2020, Gartner envisions that 21 billion Internet-of-Things endpoints will be in use). In this context, it is critical to facilitate the creation and operation of ICT systems where aspects related to trustworthiness (including security and privacy concerns, resilience and robustness) are challenging and of paramount importance. Our research group develops methods, modelling techniques and tools to aid stakeholders in developing, managing, as well as assessing and maintaining security and quality of IoT-based systems. Our two books Cyber-Risk Management and Model-Driven Risk Analysis, as well as our modeling language for embedded and distributed systems (ThingML) present major contributions in this respect.

 

  • Mass Soldal Lund, Bjørnar Solhaug and Ketil Stølen: Model-Driven Risk Analysis - The CORAS Approach (Springer, 2011). The book can be ordered from Springer in printed version or electronically. See also the product flyer. The CORAS Approach includes a method, a modeling language and an open source tool. You may read the guided tour of the CORAS method for a quick introduction.
  • ThingML is a modeling language for embedded and distributed systems. The ThingML toolset includes text editors to create and edit ThingML models, a set of transformations to create diagrams from ThingML models and a set of code generators to compile ThingML to C, Java and JavaScript.
  • Atle Refsdal, Bjørnar Solhaug and Ketil Stølen: Cyber-Risk Management (Springer, 2015). The book can be ordered from Springer in printed version or electronically. See also the product flyer.
  • The PREDIQT method resulting from the PhD thesis of Aida Omerovic.

Research Areas

We do research in Software Engineering, with a particular focus on the security and privacy aspects within the Internet of Things. We theorize, develop and apply methods and tools addressing these aspects, contributing together with our partners to a safer and better digital society. Our main research interests are as follows:

  • Software Engineering
  • Cybersecurity
  • Software for Self-Adaptive Systems
  • Model-Driven Engineering
  • Smart IoT Software
  • Privacy
  • Security Risk Management

Gemini IoT Centre

The Gemini IoT Centre links and harmonizes, with the best possible synergy effect, the activities within IoT at SINTEF, UiO and NTNU.

Seminars

We have since more than ten years organized a series of public seminars where research results and new technologies are presented and discussed. The seminars are held in Norwegian and attract people from industry, public sector and academia.

Projects

Our projects are conducted in close collaboration with industry partners, academia and research institutes both nationally and internationally. Ongoing and completed projects are alphabetically listed below.

Ongoing Projects

  • AGRA - Aggregated risk assessment and management (Research Council of Norway project, 2014-2018)
  • AutoActive - Tools and Methods for Autonomous Analysis of Human Activities from Wearable Device Sensor Data (Research Council of Norway project, 2017-2021)
  • CINELDI - Centre for Intelligent Electricity Distribution (Research Council of Norway project, 2016-2024)
  • Cirrus - Custom Code for Multi-tenant Cloud Computing (Research Council of Norway project, 2016-2020)
  • CYBERWISER - Civil Cyber Range Platform for a Novel Approach to Cybersecurity Threats Simulation and Professional Training (EU project, 2018-2021)
  • ENACT - Development, Operation, and Quality Assurance of Trustworthy Smart IoT Systems (EU project, 2018-2020)
  • MC-Suite - ICT Powered Machining Software Suite (EU project, 2015-2018)
  • OTD - Open Transport Data (Research Council of Norway project, 2016-2019)
  • Productive 4.0 - Electronics and ICT as enabler for digital industry and optimized supply chain management covering the entire product lifecycle (EU project, 2017-2020)
  • STAMP - Software Testing AMPlification (EU project, 2016-2019)

Completed Projects

  • COBRA - Component-based security assessment (Research Council of Norway project, 2002)
  • COMA - Component-oriented model-based security analysis (Research Council of Norway project, 2004-2007)
  • CONCERTO - Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient High-integrity Multi-core Systems (ARTEMIS/Research Council of Norway project, 2013-2016)
  • CORAS - A tool-supported methodology for model-based risk analysis of security critical systems (EU project, 2001-2003)
  • DIAMONDS - Effort-dependent technologies for multi-domain risk-based security testing (Research Council of Norway project, 2010-2014)
  • DIGIT - Digital interoperability with trust (Research Council of Norway project, 2007-2010)
  • DIVERSIFY - Ecology-Inspired Software Diversification (EU project, 2013-2016)
  • DiversIoT - Diversification for Resilient and Trustworthy IoT-systems (Research Council of Norway project, 2016-2018)
  • DRA - Dynamic Risk Assistant (Research Council of Norway project, 2012-2014)
  • EMERGENCY - Mobile decision support in emergency situations (Research Council of Norway project, 2008-2012)
  • EMFASE - Empirical Framework for Security Design and Economic Trade-Off (SESAR WP-E project, 2013-2016)
  • ENFORCE - Tool supported methodology for the formalization, analysis and enforcement of policies within trust management (Research Council of Norway project, 2005-2009)
  • FRISK - Framework for Risk Management of Welfare Services (SINTEF ICT project, 2012)
  • HEADS - Heterogeneous and Distributed Systems (EU project, 2013-2016)
  • InSecurance - Project on cyber-insurance and the economics of cybersecurity (SINTEF ICT project, 2015-2016)
  • iTrust - Working group on trust management in dynamic open systems (EU project, 2002-2005)
  • MAsens - Mobile and autonomous sensor systems (SINTEF ICT project, 2015-2017)
  • MASTER - Managing Assurance, Security and Trust for sERvices (EU project, 2008-2011)
  • MODAClouds - MOdel-Driven Approach for design and execution of applications on multiple Clouds (EU project, 2013-2015)
  • NESSoS - Network of Excellence on Engineering Secure Future Internet Software Services and Systems (EU project, 2010-2014)
  • PaaSage - PaaSage: Model Based Cloud Platform Upperware (EU project, 2012-2016)
  • PrivacyAssessment@SmartCity - Enabling Real-Time Privacy-Awareness of Smart City Providers and Users (SINTEF ICT project, 2016-2017)
  • RASEN - Compositional Risk Assessment and Security Testing of Networked Systems (EU project, 2012-2015)
  • REMICS - Reuse and Migration of legacy applications to Interoperable Cloud Services (EU project, 2010-2013)
  • S3MS - Security of Software and Service for Mobile Systems (EU project, 2006-2008)
  • SARDAS - Securing availability by robust design, assessment and specification (Research Council of Norway project, 2003-2006)
  • SecureChange - Security Engineering for Lifelong Evolvable Systems (EU project, 2009-2012)
  • SECURIS - Model-driven development and analysis of secure information systems (Research Council of Norway project, 2003-2006)
  • TrustCom - A trust and contract management framework enabling secure collaborative business processing in on-demand created, self-managed, scalable, and highly dynamic virtual organisations (EU project, 2004-2007)
  • WISER - Wide-Impact Cyber Security Risk Framework (EU-project, 2015-2017)

Contact

Group leader: Ketil Stølen
Email: Ketil.Stolen@sintef.no
Phone: +47 92 21 61 12
Home page

Address
SINTEF ICT
Forskningsveien 1
PO Box 124, Blindern
0314 Oslo
Norway

How to find us
Directions and map: [pdf en][pdf no]

News

2018-09-07: On September 6, Phu Nguyen gave a lecture at the Summer School in Future Energy Information Networks to share experiences with the research students about Smart Grid Security from the IoT and Software Engineering perspectives.

2018-09-05: The paper An Empirical Study on the Comprehensibility of Graphical Security Risk Models Based on Sequence Diagrams authored by Vetle Volden-Freberg and Gencer Erdogan has been accepted for publication in the proceedings of the 13th International Conference on Risks and Security of Internet and Systems (CRiSIS'18).

2018-08-03: The paper Risk-Based Decision Support Model for Offshore Installations authored by Gencer Erdogan, Atle Refsdal, Bjørn Nygård, Ole Petter Rosland, Bernt Kvam Randeberg is published in Business Systems Research Journal.

2018-07-25: The paper Engineering Software Diversity: a Model-Based Approach to Systematically Diversify Communications authored by Brice Morin, Jakob Høgenes, Hui Song, Nicolas Harrand, Benoit Baudry has been accepted for publication in the proceedings of the 21st International Conference on Model Driven Engineering Languages and Systems (MODELS'18).

2018-07-25: The paper Multi-Layered Adaptation for the Failure Prevention and Recovery in Cloud Service Brokerage Platforms authored by Nicolas Ferry, Franck Chauvel, Brice Morin has been accepted for publication in the proceedings of the 11th International Conference on the Quality of Information and Communications Technology (QUATIC'18).

2018-06-15: On June 20, The Gemini Center for IoT is organizing a seminar for PhD students and postdocs working related topics in the area of IoT. Time: 10:00 to 16:00. Location: Auditorium EL1, Gløshaugen, NTNU, Trondheim.

2018-06-13: On June 13, Phu Nguyen will present Advances in genetic engineering and the future of humans at the public seminar The Future "Human".

2018-06-05: The next public seminar organized by the Secure IoT Software group will be held on Wednesday June 13, 10:00-14:00. The topic of the seminar is The Future "Human". The seminar has speakers from The University of Oslo, The University of Agder and SINTEF.

2018-04-29: Jackob Høgenes is in the latest SINTEF news about the technology trends influencing future transport systems.

2018-04-28: On April 11, Anatoly Vasilevskiy presented the demo TECOR: Automate the Testing of One Product on Many Configurations by Anatoly Vasilevskiy, Hui Song, Brice Morin at the 11th IEEE Conference on Software Testing, Validation and Verification.

2018-04-13: Aida Omerovic has been interviewed about security and risk management. The article "Roter du det til her er du ferdig. Punktum." is published by TirsdagMorgen and Norwegian Computer Society.

2018-03-05: The paper ENACT: Development, Operation, and Quality Assurance of Trustworthy Smart IoT Systems authored by Nicolas Ferry, Arnor Solberg, Hui Song, Stéphane Lavirotte, Jean-Yves Tigli, Thierry Winter, Victor Muntés-Mulero, Andreas Metzger, Erkuden Rios Velasco, Amaia Castelruiz Aguirre was presented by Nicolas Ferry at DEVOPS 2018 workshop (DEVOPS'18). Nicolas Ferry was also a member of the panel on DevOps: Issues and Perspectives at the same event.

2018-02-20: The paper Deep Customization of Multi-Tenant SaaS Using Intrusive Microservices authored by Hui Song, Franck Chauvel, Arnor Solberg has been accepted for publication in the proceedings of the 40th International Conference on Software Engineering (ICSE'18).

2018-02-20: The Proceedings of the 4th International Workshop on Graphical Models for Security (GraMSec'17), edited by Peng Lui, Sjouke Mauw, Ketil Stølen will be published in the conference proceedings series Lecture Notes in Computer Science, LNCS 10744, Springer, 2018.

2018-02-20: The paper Problem-based elicitation of security requirements: The ProCOR method authored by Roman Wirtz, Maritta Heisel, Rene Meis, Aida Omerovic, Ketil Stølen has been accepted for publication in the proceedings of the 13th International Conference on Evaluation of Novel Approaches to Software Engineering (ENASE'18).

2018-02-14: On February 14, Aida Omerovic presented Arkitektur som døråpner for Digitalisering og Verdiskapning at SOFTWARE'18.

2018-02-08: The paper Risk-Based Decision Support Model for Offshore Installations authored by Gencer Erdogan, Atle Refsdal, Bjørn Nygård, Bernt Kvam Randeberg, Ole Petter Rosland has been accepted for publication in Business Systems Research (Special issue: Novel Solutions and Novel Approaches in Operational Research).

2018-01-19: The ENACT project, which is coordinated by the Secure IoT Software group, had a successful kick-off meeting from January 16 to January 18. Read more about the project on the ENACT website.

2017-12-11: On December 14, Jakob Høgenes will present Security in IoT - What can we learn from the nature? at the public seminar Internet of Things and Security.

2017-12-11: On December 14, Ketil Stølen will present Security challenges of the future at the public seminar Internet of Things and Security.

2017-12-08: On December 6, Anatoly Vasilevskiy presented Configuration testing for better DevOps at the European Chaos Engineering Days.

2017-11-10: The next public seminar organized by the Cyber Risk group will be held on Thursday December 14, 10:00-14:00. The topic of the seminar is Internet of Things and Security. The seminar has speakers from TellU, Q-Free, Datatilsynet, and SINTEF.

2017-09-27: On September 27, Atle Refsdal presented the paper Experiences from Developing an Algorithm to Support Risk-Based Decisions for Offshore Installations authored by Gencer Erdogan, Atle Refsdal, Bjørn Nygård, Bernt Kvam Randeberg, and Ole Petter Rosland at the 14th International Symposium on Operations Research in Slovenia (SOR 2017).

2017-09-22: On September 21, Gencer Erdogan presented the paper A Method for Developing Qualitative Security Risk Assessment Algorithms authored by Gencer Erdogan and Atle Refsdal at the 12th International Conference on Risks and Security of Internet and Systems (CRiSIS 2017).

2017-08-01: The paper A Method for Developing Qualitative Security Risk Assessment Algorithms authored by Gencer Erdogan and Atle Refsdal has been accepted for publication in the proceedings of the 12th International Conference on Risks and Security of Internet and Systems (CRiSIS 2017).

2017-07-12: The paper Experiences from Developing an Algorithm to Support Risk-Based Decisions for Offshore Installations authored by Gencer Erdogan, Atle Refsdal, Bjørn Nygård, Bernt Kvam Randeberg, and Ole Petter Rosland has been accepted for publication in the proceedings of the 14th International Symposium on Operations Research in Slovenia (SOR 2017).

2017-06-15: The paper A Method for Developing Algorithms for Assessing Cyber-Risk Cost authored by Gencer Erdogan, Alejandra Gonzalez, Atle Refsdal, and Fredrik Seehusen has been accepted for publication in the proceedings of the 2017 IEEE International Conference on Software Quality, Reliability & Security (QRS 2017).

2017-05-29: The chronicle The Internet of Things: A good, but also a threat for the nation written by Ketil Stølen is published in Teknisk Ukeblad, 23 May 2017, no. 5. The chronicle is also available online at digi.no.

2017-04-28: The chronicle Guide to good smart city life written by Marit Kjøsnes Natvig, Aida Omerovic, and Isabelle Tardy is published in Dagens Næringsliv and Gemini.

2017-03-30: The chronicle Trust management - what is it, really? by Ketil Stølen is published in Dagens Perspektiv.

2017-03-27: On April 4, Atle Refsdal will present Experiences from development of risk-based decision support for offshore installations at the public seminar Risk Aggregation - what works in practise?

2017-03-02: The chronicle Privacy and cybersecurity do not go hand in hand by Ketil Stølen is published in Computerworld.

2017-02-15: The next public seminar organized by the Cyber Risk group will be held on April 4, 2017. The topic of the seminar is Risk Aggregation - What works in practise? The seminar has speakers from EVRY, Oslo municipality, The Agency for Public Management and eGovernment (Difi), and SINTEF.

2017-02-08: The paper Privacy Scorecard – Refined Design and Results of a Trial on a Mobility as a Service Example authored by Aida Omerovic, Marit Natvig, and Isabelle Tardy has been accepted for publication in the proceedings of the 27th European Safety and Reliability Association Conference (ESREL 2017).

2017-01-06: A guided tour of the CORAS method is now available.

2017-01-05: On February 16, Ketil Stølen will present The Relationship Between Trust, Security, and Risk at the SOFTWARE 2017 conference.

2017-01-04: On February 14, Aida Omerovic will hold a course about risk management at the Norwegian Computer Society.

Old News