Secure IoT Software
Secure IoT Software
We do research in Software Engineering, with a particular focus on the security and privacy aspects within the Internet of Things. Together with our partners, we develop and apply methods and tools for a safer and better digital society.
Information and security technologies (ICT) have over several decades brought significant benefits to enterprises, individuals, and society as a whole. ICT and information infrastructures have become a cornerstone for a broad range of services that today we take for granted; people and organizations have access to more and better services than ever before within most areas of society, including banking and finance, communication, entertainment, health, power supply, social interactions, transportation and social participation. As a result, our daily lives, fundamental rights, economies and social security depend on ICT working seamlessly.
This is all the more exacerbated with the advent of the Internet-of-Things where ICT can now act on the physical world (by 2020, Gartner envisions that 21 billion Internet-of-Things endpoints will be in use). In this context, it is critical to facilitate the creation and operation of ICT systems where aspects related to trustworthiness (including security and privacy concerns, resilience and robustness) are challenging and of paramount importance. Our research group develops methods, modelling techniques and tools to aid stakeholders in developing, managing, as well as assessing and maintaining security and quality of IoT-based systems. Our two books Cyber-Risk Management and Model-Driven Risk Analysis, as well as our modeling language for embedded and distributed systems (ThingML) present major contributions in this respect.
- Mass Soldal Lund, Bjørnar Solhaug and Ketil Stølen: Model-Driven Risk Analysis - The CORAS Approach (Springer, 2011). The book can be ordered from Springer in printed version or electronically. See also the product flyer. The CORAS Approach includes a method, a modeling language and an open source tool. You may read the guided tour of the CORAS method for a quick introduction.
- Atle Refsdal, Bjørnar Solhaug and Ketil Stølen: Cyber-Risk Management (Springer, 2015). The book can be ordered from Springer in printed version or electronically. See also the product flyer.
- The PREDIQT method resulting from the PhD thesis of Aida Omerovic.
We do research in Software Engineering, with a particular focus on the security and privacy aspects within the Internet of Things. We theorize, develop and apply methods and tools addressing these aspects, contributing together with our partners to a safer and better digital society. Our main research interests are as follows:
- Software Engineering
- Software for Self-Adaptive Systems
- Model-Driven Engineering
- Smart IoT Software
- Security Risk Management
We have since more than ten years organized a series of public seminars where research results and new technologies are presented and discussed. The seminars are held in Norwegian and attract people from industry, public sector and academia.
- The next seminar will be announced soon.
- Complete list of seminars (in Norwegian)
Our projects are conducted in close collaboration with industry partners, academia and research institutes both nationally and internationally. Ongoing and completed projects are alphabetically listed below.
- AGRA - Aggregated risk assessment and management (Research Council of Norway project, 2014-2018)
- CINELDI - Centre for Intelligent Electricity Distribution (Research Council of Norway project, 2016-2024)
- Cirrus - Custom Code for Multi-tenant Cloud Computing (Research Council of Norway project, 2016-2020)
- DiversIoT - Diversification for Resilient and Trustworthy IoT-systems (Research Council of Norway project, 2016-2021)
- ENACT - Development, Operation, and Quality Assurance of Trustworthy Smart IoT Systems (EU project, 2018-2020)
- MC-Suite - ICT Powered Machining Software Suite (EU project, 2015-2018)
- OTD - Open Transport Data (Research Council of Norway project, 2016-2019)
- Productive 4.0 - Electronics and ICT as enabler for digital industry and optimized supply chain management covering the entire product lifecycle (EU project, 2017-2020)
- STAMP - Software Testing AMPlification (EU project, 2016-2019)
- COBRA - Component-based security assessment (Research Council of Norway project, 2002)
- COMA - Component-oriented model-based security analysis (Research Council of Norway project, 2004-2007)
- CONCERTO - Guaranteed Component Assembly with Round Trip Analysis for Energy Efficient High-integrity Multi-core Systems (ARTEMIS/Research Council of Norway project, 2013-2016)
- CORAS - A tool-supported methodology for model-based risk analysis of security critical systems (EU project, 2001-2003)
- DIAMONDS - Effort-dependent technologies for multi-domain risk-based security testing (Research Council of Norway project, 2010-2014)
- DIGIT - Digital interoperability with trust (Research Council of Norway project, 2007-2010)
- DIVERSIFY - Ecology-Inspired Software Diversification (EU project, 2013-2016)
- DRA - Dynamic Risk Assistant (Research Council of Norway project, 2012-2014)
- EMERGENCY - Mobile decision support in emergency situations (Research Council of Norway project, 2008-2012)
- EMFASE - Empirical Framework for Security Design and Economic Trade-Off (SESAR WP-E project, 2013-2016)
- ENFORCE - Tool supported methodology for the formalization, analysis and enforcement of policies within trust management (Research Council of Norway project, 2005-2009)
- FRISK - Framework for Risk Management of Welfare Services (SINTEF ICT project, 2012)
- HEADS - Heterogeneous and Distributed Systems (EU project, 2013-2016)
- InSecurance - Project on cyber-insurance and the economics of cybersecurity (SINTEF ICT project, 2015-2016)
- iTrust - Working group on trust management in dynamic open systems (EU project, 2002-2005)
- MAsens - Mobile and autonomous sensor systems (SINTEF ICT project, 2015-2017)
- MASTER - Managing Assurance, Security and Trust for sERvices (EU project, 2008-2011)
- MODAClouds - MOdel-Driven Approach for design and execution of applications on multiple Clouds (EU project, 2013-2015)
- NESSoS - Network of Excellence on Engineering Secure Future Internet Software Services and Systems (EU project, 2010-2014)
- PaaSage - PaaSage: Model Based Cloud Platform Upperware (EU project, 2012-2016)
- PrivacyAssessment@SmartCity - Enabling Real-Time Privacy-Awareness of Smart City Providers and Users (SINTEF ICT project, 2016-2017)
- RASEN - Compositional Risk Assessment and Security Testing of Networked Systems (EU project, 2012-2015)
- REMICS - Reuse and Migration of legacy applications to Interoperable Cloud Services (EU project, 2010-2013)
- S3MS - Security of Software and Service for Mobile Systems (EU project, 2006-2008)
- SARDAS - Securing availability by robust design, assessment and specification (Research Council of Norway project, 2003-2006)
- SecureChange - Security Engineering for Lifelong Evolvable Systems (EU project, 2009-2012)
- SECURIS - Model-driven development and analysis of secure information systems (Research Council of Norway project, 2003-2006)
- TrustCom - A trust and contract management framework enabling secure collaborative business processing in on-demand created, self-managed, scalable, and highly dynamic virtual organisations (EU project, 2004-2007)
- WISER - Wide-Impact Cyber Security Risk Framework (EU-project, 2015-2017)
PO Box 124, Blindern
2017-12-11: On December 14, Jakob Høgenes will present Security in IoT - What can we learn from the nature? at the public seminar Internet of Things and Security.
2017-12-11: On December 14, Ketil Stølen will present Security challenges of the future at the public seminar Internet of Things and Security.
2017-12-08: On December 6, Anatoly Vasilevskiy presented Configuration testing for better DevOps at the European Chaos Engineering Days.
2017-11-10: The next public seminar organized by the Cyber Risk group will be held on Thursday December 14, 10:00-14:00. The topic of the seminar is Internet of Things and Security. The seminar has speakers from TellU, Q-Free, Datatilsynet, and SINTEF.
2017-09-27: On September 27, Atle Refsdal presented the paper Experiences from Developing an Algorithm to Support Risk-Based Decisions for Offshore Installations authored by Gencer Erdogan, Atle Refsdal, Bjørn Nygård, Bernt Kvam Randeberg, and Ole Petter Rosland at the 14th International Symposium on Operations Research in Slovenia (SOR 2017).
2017-09-22: On September 21, Gencer Erdogan presented the paper A Method for Developing Qualitative Security Risk Assessment Algorithms authored by Gencer Erdogan and Atle Refsdal at the 12th International Conference on Risks and Security of Internet and Systems (CRiSIS 2017).
2017-08-01: The paper A Method for Developing Qualitative Security Risk Assessment Algorithms authored by Gencer Erdogan and Atle Refsdal has been accepted for publication in the proceedings of the 12th International Conference on Risks and Security of Internet and Systems (CRiSIS 2017).
2017-07-12: The paper Experiences from Developing an Algorithm to Support Risk-Based Decisions for Offshore Installations authored by Gencer Erdogan, Atle Refsdal, Bjørn Nygård, Bernt Kvam Randeberg, and Ole Petter Rosland has been accepted for publication in the proceedings of the 14th International Symposium on Operations Research in Slovenia (SOR 2017).
2017-06-15: The paper A Method for Developing Algorithms for Assessing Cyber-Risk Cost authored by Gencer Erdogan, Alejandra Gonzalez, Atle Refsdal, and Fredrik Seehusen has been accepted for publication in the proceedings of the 2017 IEEE International Conference on Software Quality, Reliability & Security (QRS 2017).
2017-05-29: The chronicle The Internet of Things: A good, but also a threat for the nation written by Ketil Stølen is published in Teknisk Ukeblad, 23 May 2017, no. 5. The chronicle is also available online at digi.no.
2017-03-30: The chronicle Trust management - what is it, really? by Ketil Stølen is published in Dagens Perspektiv.
2017-03-27: On April 4, Atle Refsdal will present Experiences from development of risk-based decision support for offshore installations at the public seminar Risk Aggregation - what works in practise?
2017-03-02: The chronicle Privacy and cybersecurity do not go hand in hand by Ketil Stølen is published in Computerworld.
2017-02-15: The next public seminar organized by the Cyber Risk group will be held on April 4, 2017. The topic of the seminar is Risk Aggregation - What works in practise? The seminar has speakers from EVRY, Oslo municipality, The Agency for Public Management and eGovernment (Difi), and SINTEF.
2017-02-08: The paper Privacy Scorecard – Refined Design and Results of a Trial on a Mobility as a Service Example authored by Aida Omerovic, Marit Natvig, and Isabelle Tardy has been accepted for publication in the proceedings of the 27th European Safety and Reliability Association Conference (ESREL 2017).
2017-01-06: A guided tour of the CORAS method is now available.
2017-01-05: On February 16, Ketil Stølen will present The Relationship Between Trust, Security, and Risk at the SOFTWARE 2017 conference.
2017-01-04: On February 14, Aida Omerovic will hold a course about risk management at the Norwegian Computer Society.