Bakgrunn og aktiviteter
Head of System Security Research Group.
- Software security and security testing
- Software vulnerability analysis
- Model driven software development and model driven security
- Access control, usage control and privacy protection
- Security monitoring, policies, languages, models and enforcement
Vitenskapelig, faglig og kunstnerisk arbeid
Viser et utvalg av aktivitet. Se alle publikasjoner i databasen
- (2019) Development of Ontology-Based Software Security Learning System with Contextualized Learning Approach. Journal of Advances in Information Technology. vol. 10 (3).
- (2019) Managing Software Security Knowledge in Context: An Ontology Based Approach. Information. vol. 10 (6).
- (2019) Preliminary Evaluation of an Ontology-Based Contextualized Learning System for Software Security. Proceedings of the 23rd International Conference on Evaluation and Assessment in Software Engineering 2019 (EASE '19).
- (2019) Towards a Context-Based Approach for Software Security Learning. Journal of Applied Security Research. vol. 14 (3).
- (2019) Security Knowledge Management in Open Source Software Communities. Innovative Security Solutions for Information Technology and Communications. SECITC 2018.
- (2019) Ethical Problems and Legal Issues in Development and Usage Autonomous Adversaries in Cyber Domain. CEUR Workshop Proceedings. vol. 2381.
- (2019) Mobile device management (MDM) technologies, issues and challenges. 3rd International Conference on Cryptography, Security and Privacy . ACM; Kuala Lumpur. 2019-01-19 - 2019-01-21.
- (2019) Detecting Windows Based Exploit Chains by Means of Event Correlation and Process Monitoring. Lecture Notes in Networks and Systems. vol. 70 LNNS.
- (2019) Implementation of Insider Threat Detection System Using Honeypot Based Sensors and Threat Analytics. Lecture Notes in Networks and Systems. vol. LNNS 70.
- (2019) A Survey of Automated Information Exchange Mechanisms Among CERTs. CEUR Workshop Proceedings. vol. 2348.
- (2018) Quantitative security assurance metrics: REST API case studies. Proceedings of the 12th European Conference on Software Architecture ; 2018-09-24 - 2018-09-28.
- (2018) Source Code Patterns of Buffer Overflow Vulnerabilities in Firefox. SICHERHEIT 2018.
- (2018) Source Code Patterns of Cross Site Scripting in PHP Open Source Projects. Norsk Informasjonssikkerhetskonferanse (NISK). vol. 11.
- (2018) Towards a Quantitative Approach for Security Assurance Metrics. The Twelfth International Conference on Emerging Security Information, Systems and Technologies; SECURWARE 2018 September 16, 2018 to September 20, 2018 - Venice, Italy.
- (2018) An Ontology-Based Context Model for Managing Security Knowledge in Software Development. Proceedings of the 23rd Conference of Open Innovations Association FRUCT.
- (2018) Modelling and Analyzing Attack-Defense Scenarios for Cyber-Ranges. Nordsec 2018 . University of Oslo; Oslo. 2018-11-28 - 2018-11-30.
- (2018) Make it and Break it: An IoT Smart Home Testbed Case Study. International Conference on Cyber Physical Systems and IoT(CPSIOT 2018) . ACM; Stolkholm. 2018-09-21 - 2018-09-23.
- (2018) Detecting Malicious Windows Commands Using Natural Language Processing Techniques. Lecture Notes in Computer Science (LNCS). vol. 11359 LNCS.
- (2018) Inefficiencies in Cyber-Security Exercises Life-Cycle: A Position Paper. CEUR Workshop Proceedings. vol. 2269.
- (2018) A Pilot Study in Cyber Security Education Using CyberAIMs: A Simulation-Based Experiment. IFIP Advances in Information and Communication Technology. vol. 531.
- (2018) CyberAIMs: A tool for teaching adversarial and systems thinking. International Defence and Homeland Security Simulation Workshop, DHSS 2018.
- (2017) Source Code Patterns of SQL Injection Vulnerabilities. ARES'17. Proceedings of The 12th International Conference on Availability, Reliability and Security, Reggio Calabria, Italy — August 29 - September 01, 2017.
- (2015) A process for mastering security evolution in the development lifecycle. International Journal on Software Tools for Technology Transfer (STTT). vol. 17.
- (2014) Factors of Access Control Management in Electronic Healthcare: The Patients' Perspective. 2014 47th Hawaii International Conference on System Sciences ; 2014-01-06 - 2014-01-09.
- (2014) Security Test Generation by Answer Set Programming. In the 8th International Conference on Software Security and Reliability ; 2014-06-30 - 2014-07-02.
- (2013) Towards a Model- and Learning-Based Framework for Security Anomaly Detection. Formal Methods for Components and Objects.
- (2013) Enhancing Model Driven Security through Pattern Refinement Techniques. Formal Methods for Components and Objects.
- (2012) Monitoring Anomalies in IT-Landscapes Using Clustering Techniques and Complex Event Processing. Leveraging Applications of Formal Methods, Verification, and Validation.
- (2012) Anomaly Detection in the Cloud: Detecting Security Incidents via Machine Learning. Trustworthy Eternal Systemsvia Evolving Software, Data and Knowledge..
- (2012) Managing Privacy and Effectiveness of Patient-Administered Authorization Policies. International Journal of Computational Models and Algorithms in Medicine (IJCMAM).
- (2012) Considering privacy and effectiveness of authorization policies for shared electronic health records. IHI '12 Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium ; 2012-01-28 - 2012-01-30.
- (2012) The Process of Policy Authoring of Patient-Controlled Privacy Preferences. Electronic Healthcare.
- (2010) cover Meeting EHR Security Requirements: SeAAS Approach. Seamless Care – Safe Care.
- (2010) Supporting Role Based Provisioning with Rules Using OWL and F-Logic. On the Move to Meaningful Internet Systems: OTM 2010. OTM 2010 ; 2010-10-25 - 2010-10-29.
- (2008) Workflow Testing. Leveraging Applications of Formal Methods (ISoLA 2008) ; 2008-10-13 - 2008-10-16.
- (2008) Privacy and Access Control for IHE-Based Systems. Electronic Healthcare. eHealth 2008 ; 2008-09-08 - 2008-09-09.
- (2008) Model-Driven Policy Framework for Usage Control-based Privacy. the second International workshop on Model-based Design Of Trustworthy Health Information Systems (MOTHIS) ; 2008-09-28 - 2008-10-03.
- (2008) A general obligation model and continuity enhanced policy enforcement engine for usage control. SACMAT '08 Proceedings of the 13th ACM symposium on Access control models and technologies ; 2008-06-11 - 2008-06-13.