To main content

Trustworthy Green IoT Software

Through applied research in Software Engineering, we create new tools and methodologies for software development and operation of intelligent and trustworthy systems spanning across the IoT, edge, and cloud continuum with a particular focus on sustainability.

Contact person

As the Internet-of-Things (IoT) emerges, the role of Information and Communication Technologies (ICT) has grown, facilitating direct interactions with the physical environment. This change underscores the need for robust, secure, and resilient ICT systems. Our work is dedicated to crafting innovative approaches and tools, aimed at helping stakeholders in the design, governance, evaluation, and upkeep of secure, top-tier IoT-based systems. This effort includes delving into sophisticated AI strategies for software engineering and customizing these practices to bolster AI applications, with the goal of achieving efficiency, reliability, and the highest standards of safety, security, and privacy in these technologies.

Research Areas

Through applied research in Software Engineering, we create new tools and methodologies for software development and operation of intelligent and trustworthy systems spanning across the IoT, edge, and cloud continuum with a particular focus on sustainability. We theorize, develop and apply methods and tools addressing these aspects, contributing together with our partners to a safer and better digital society. Our main research interests are as follows:

  • Software Engineering: Focusing on the development of robust methodologies and practices to enhance the creation and maintenance of high-quality software systems.
  • Cybersecurity: Specializing in the implementation of advanced security protocols and strategies to protect software systems from cyber threats.
  • Software for Self-Adaptive Systems: Exploring the design and implementation of software capable of autonomously adapting to changing environments and requirements.
  • Secure IoT Data Exchange: Assuring security and fostering confidence for IoT data sharing (aligned with standards) will enable secure data exchange between various parties along the IoT devices-Edge-Cloud computing continuum, the larger societal benefits of the IoT can be achieved.
  • Data Quality: Develop software engineering and AI tools for data quality monitoring, metrics, and repair.
  • Data Sovereignty: Researching acceptable use policies for data assets, privacy management, data economics, and establishing data sovereignty through federated data spaces. Data sovereignty enables an individual or an organization to control how, when, and at what price its data is used across the value chain.
  • Smart IoT Software: Developing intelligent software solutions for IoT devices, emphasizing seamless integration and operational efficiency.
  • Edge Computing: Researching the optimization of software for edge computing environments to enhance data processing and reduce latency.
  • Privacy: Implementing trustworthiness methods to ensure the privacy and confidentiality of data within software systems. 
  • Security Risk Management: Applying comprehensive risk management frameworks to identify, assess, and mitigate security risks in software development and deployment.
  • AI Engineering: Advancing the field of AI through the development of reliable and efficient AI systems, with a focus on integrating AI methodologies into software engineering practices and enhancing the trustworthiness of AI applications in terms of safety, privacy and security.


CORAS is supported by a modelling tool that may be used in all steps of the method. The tool is available for free at

Erdre is an ML pipeline for creating supervised learning models. The tool is primarily developed for AI-enabled Industrial Internet of Things, but it is applicable for any regression or classification case on tabular data or time series. The tool is available for free at github.

HORM is a modelling tool for the Human and Organizational Risk Modelling framework that aims at providing a comprehensible and easy to use framework for capturing risks ordinary people may be exposed to. The framework aims specifically to help SMEs in this task. The tool is available for free at

UDAVA is a data validation tool for AI-enabled Industrial Internet of Things applications. The tool is available for free at github.

Ongoing Projects

  • CINELDI - Centre for Intelligent Electricity Distribution (Research Council of Norway project, 2016-2024)
  • DYNABIC - Dynamic Business Continuity of Critical Infrastructures on top of Adaptive Multi-Level Cybersecurity (EU project, 2022-2025)
  • ENFIELD - European Lighthouse to Manifest Trustworthy and Green AI (EU project, 2023-2026)
  • ENTRUST - Ensuring Secure and Safe CMD Design with Zero TRUST Principles (EU project, 2023-2026)
  • ERATOSTHENES - Secure management of IoT devices lifecycle through identities, trust and distributed ledgers (EU project, 2021-2025)
  • INTEND - Intent-Based Data Operation in the Computing Continuum (EU project, 2024-2026)
  • NEMECYS - New Medical Cybersecurity Assessment and Design Solutions (EU project, 2023-2025)
  • Privacy@Edge - Privacy-aware Edge and Data Subjects (Research Council of Norway project, 2023-2027)
  • SEC-AIRSPACE - Cyber SECurity Risk Assessment in virtualized AIRSPACE scenarios and stakeholders’ awareness of building resilient Air Traffic Management (EU SESAR Joint Undertaking project, 2023-2026)
  • SMARAGD - Smart Agriculture Data Fusion for Decision Support (Research Council of Norway project, 2022-2024)
  • TechDebtOps - Data-driven continuous management of technical debts for sustainable software development (Research Council of Norway project, 2023-2026)
  • WAge - Healthy Working environments for all Ages: An evidence-driven framework (EU project, 2023-2027)

Completed Projects

  • AGRA - Aggregated risk assessment and management (Research Council of Norway project, 2014-2018)
  • ASAM - Message Services for Cooperative Intelligent Transport Systems (C-ITS) (Research Council of Norway project, 2019-2022)
  • AutoActive - Tools and Methods for Autonomous Analysis of Human Activities from Wearable Device Sensor Data (Research Council of Norway project, 2018)
  • BlueHealthPass - E-health platform for the healthcare needs of the maritime sector (Innovation Norway project, 2020-2022)
  • Cirrus - Custom Code for Multi-tenant Cloud Computing (Research Council of Norway project, 2016-2020)
  • COBRA - Component-based security assessment (Research Council of Norway project, 2002)
  • COMA - Component-oriented model-based security analysis (Research Council of Norway project, 2004-2007)
  • CONCERTO - Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient High-integrity Multi-core Systems (ARTEMIS/Research Council of Norway project, 2013-2016)
  • CORAS - A tool-supported methodology for model-based risk analysis of security critical systems (EU project, 2001-2003)
  • CyberKit4SME - Democratizing a Cybersecurity Toolkit for SMEs & MEs (EU project, 2020-2023)
  • CyberSec4Europe - Cybersecurity Competence Network (EU project, 2019-2022)
  • CYBERWISER - Civil Cyber Range Platform for a Novel Approach to Cybersecurity Threats Simulation and Professional Training (EU project, 2018-2021)
  • DAT4.Zero - Data Reliability and Digitally-enhanced Quality Management for Zero Defect Manufacturing in Smart Factories and Ecosystems (EU project, 2020-2024)
  • DIAMONDS - Effort-dependent technologies for multi-domain risk-based security testing (Research Council of Norway project, 2010-2014)
  • DIGIT - Digital interoperability with trust (Research Council of Norway project, 2007-2010)
  • DIVERSIFY - Ecology-Inspired Software Diversification (EU project, 2013-2016)
  • DiversIoT - Diversification for Resilient and Trustworthy IoT-systems (Research Council of Norway project, 2016-2018)
  • DRA - Dynamic Risk Assistant (Research Council of Norway project, 2012-2014)
  • EMERGENCY - Mobile decision support in emergency situations (Research Council of Norway project, 2008-2012)
  • EMFASE - Empirical Framework for Security Design and Economic Trade-Off (SESAR WP-E project, 2013-2016)
  • ENACT - Development, Operation, and Quality Assurance of Trustworthy Smart IoT Systems (EU project, 2018-2020)
  • ENFORCE - Tool supported methodology for the formalization, analysis and enforcement of policies within trust management (Research Council of Norway project, 2005-2009)
  • FLEET - Fleet-Oriented Intelligent Operation of Large Scale Edge System (Research Council of Norway project, 2020-2024)
  • FRISK - Framework for Risk Management of Welfare Services (SINTEF ICT project, 2012)
  • HEADS - Heterogeneous and Distributed Systems (EU project, 2013-2016)
  • InSecurance - Project on cyber-insurance and the economics of cybersecurity (SINTEF ICT project, 2015-2016)
  • InterQ - Interlinked Process, Product and Data Quality framework for Zero-Defects Manufacturing (EU project, 2020-2023)
  • iTrust - Working group on trust management in dynamic open systems (EU project, 2002-2005)
  • MAsens - Mobile and autonomous sensor systems (SINTEF ICT project, 2015-2017)
  • MASTER - Managing Assurance, Security and Trust for sERvices (EU project, 2008-2011)
  • MC-Suite - ICT Powered Machining Software Suite (EU project, 2015-2018)
  • MODAClouds - MOdel-Driven Approach for design and execution of applications on multiple Clouds (EU project, 2013-2015)
  • NESSoS - Network of Excellence on Engineering Secure Future Internet Software Services and Systems (EU project, 2010-2014)
  • OTD - Open Transport Data (Research Council of Norway project, 2016-2019)
  • PaaSage - PaaSage: Model Based Cloud Platform Upperware (EU project, 2012-2016)
  • PrivacyAssessment@SmartCity - Enabling Real-Time Privacy-Awareness of Smart City Providers and Users (SINTEF ICT project, 2016-2017)
  • Productive 4.0 - Electronics and ICT as enabler for digital industry and optimized supply chain management covering the entire product lifecycle (EU project, 2017-2020)
  • RASEN - Compositional Risk Assessment and Security Testing of Networked Systems (EU project, 2012-2015)
  • REMICS - Reuse and Migration of legacy applications to Interoperable Cloud Services (EU project, 2010-2013)
  • S3MS - Security of Software and Service for Mobile Systems (EU project, 2006-2008)
  • SARDAS - Securing availability by robust design, assessment and specification (Research Council of Norway project, 2003-2006)
  • SecureChange - Security Engineering for Lifelong Evolvable Systems (EU project, 2009-2012)
  • SecureGrid - Cybersecurity Roadmap for the Future Digitalized Grid (Industry Project, 2019-2020)
  • SECURIS - Model-driven development and analysis of secure information systems (Research Council of Norway project, 2003-2006)
  • STAMP - Software Testing AMPlification (EU project, 2016-2019)
  • TrustCom - A trust and contract management framework enabling secure collaborative business processing in on-demand created, self-managed, scalable, and highly dynamic virtual organisations (EU project, 2004-2007)
  • WISER - Wide-Impact Cyber Security Risk Framework (EU-project, 2015-2017)

Trustworthy Green IoT Software Team


Gemini IoT Centre

The Gemini IoT Centre links and harmonizes, with the best possible synergy effect, the activities within IoT at SINTEF, UiO and NTNU.

Seminars and Webinars

We have since more than 20 years organized a series of public seminars where research results and new technologies are presented and discussed. The seminars are held in Norwegian and attract people from industry, public sector and academia.

  • The next seminar will be announced soon.
  • Complete list of seminars (in Norwegian)

Social Media and Videos

You may find us at Twitter and LinkedIn, and you may also watch some of our presentations on our YouTube channel.


2023-06-09: The webpage of our project TechDebtOps: Data-driven continuous management of technical debts for sustainable software development is now up and running.

2023-05-03: The paper "Migrating monoliths to cloud-native microservices for customizable SaaS" authored by Espen Tønnessen Nordli, Sindre Grønstøl Haugeland, Phu H. Nguyen, Hui Song, Franck Chauvel is published in Information and Software Technology. 

2023-05-03: The paper "Virtual sensors for erroneous data repair in manufacturing a machine learning pipeline" authored by Sagar Sen, Erik Johannes Husom, Arda Goknil, Dimitra Politaki, Simeon Tverdal, Phu Nguyen, Nicolas Jourdan is published in Computers in Industry.

2023-04-03: The paper "A Systematic Review of Data Quality for CPS and IoT in Industry 4.0" authored by Arda Goknil, Phu Nguyen, Sagar Sen, Erik Husom, and Simeon Tverdal has been accepted for publication at the ACM Computing Surveys.

2023-04-03: The paper "Metamorphic Testing for Web System Security" authored by Arda Goknil et al. has been accepted to be published at IEEE Transactions on Software Engineering.

2023-03-31: The paper "Replay-Driven Continual Learning for the Industrial Internet of Things" authored by Sagar Sen, Erik Husom, Arda Goknil, and Simeon Tverdal has been accepted to be presented and published at Software Engineering for AI Conference (CAIN).

2023-02-15: The final review of the BlueHealthPass project on 8 February 2023 concluded our exciting collaboration with the Greek e-healthcare provider Gnomon Informatics. The G-IoT group contributed with Machine Learning and Data Science expertise to build better AI-driven healthcare services for the maritime sector and launch a new commercial product eHealthPass.Blue. The main contact point is Rustem Dautov.

2023-02-13: The paper "A blockchain-based framework for trusted quality data sharing towards zero-defect manufacturing" authored by Phu Nguyen, Arda Goknil, Sagar Sen, Erik Husom, Simeon Tverdal, et al. has been accepted for Computers in Industry Journal.

2023-02-13: The paper "Software Engineering and AI for Data Quality in Cyber-Physical Systems/Internet of Things-SEA4DQ'22 Report" authored by Phu Nguyen and Sagar Sen has been published by ACM SIGSOFT Software Engineering Notes.

Old News