• As strong as the weakest link: Handling compromised components in OpenStack 

      Taheri Monfared, Aryan; JAATUN, Martin Gilje (Chapter, 2011)
      This paper presents an approach to handle compromised components in an Infrastructure-as-a-Service Cloud Computing platform. Our experiments show that traditional incident handling procedures are applicable for cloud ...
    • BatCave: Adding Security to the BATMAN Protocol 

      Bowitz, Anne Gabrielle; Graarud, Espen Grannes; Brown, Lawrie; JAATUN, Martin Gilje (Chapter, 2011)
      The Better Approach To Mobile Ad-hoc Networking (BATMAN) protocol is intended as a replacement for protocols such as OLSR, but just like most such efforts, BATMAN has no built-in security features. In this paper we describe ...
    • Influencing the security prioritisation of an agile software development project 

      Tøndel, Inger Anne; Cruzes, Daniela Soares; JAATUN, Martin Gilje; Sindre, Guttorm (Peer reviewed; Journal article, 2022)
      Software security is a complex topic, and for development projects it can be challenging to assess what security is necessary and cost-effective. Agile Software Development (ASD) values self-management. Thus, teams and ...
    • IT Security Is From Mars, Software Security Is From Venus 

      Tøndel, Inger Anne; JAATUN, Martin Gilje; Cruzes, Daniela Soares (Journal article, 2020)
    • Not Ready for Prime Time: A Survey on Security in Model Driven Development 

      Jensen, Jostein; JAATUN, Martin Gilje (Journal article; Peer reviewed, 2011)
      Model Driven Development (MDD) is by many considered a promising approach for software development. This article reports the results of a systematic survey to identify the state-of-the-art within the topic of security in ...
    • Premisser for digitalisering og integrasjon IT-OT 

      Hanssen, Geir Kjetil; Onshus, Tor; JAATUN, Martin Gilje; Myklebust, Thor; Ottermo, Maria Vatshaug; Lundteigen, Mary Ann (Research report, 2021)
      Formålet med denne rapporten er å gi næringen økt forståelse av pågående digitalisering, status og utfordringer, og hvordan denne utviklingen bør styres videre. Denne rapporten er en av seks SINTEF-rapporter fra prosjektet: ...
    • Regulering av IKT-sikkerhet i petroleumssektoren 

      Øien, Knut; Bodsberg, Lars; JAATUN, Martin Gilje; Myklebust, Thor; Onshus, Tor (Research report, 2021)
      Formålet med denne rapporten er å klargjøre hvordan beskyttelse av informasjons‐ og kommunikasjonsteknologi (IKT‐sikkerhet) i petroleumsindustrien blir regulert i gjeldende regelverk og belyse forventninger fra myndighetene ...
    • Security and Independence of Process Safety and Control Systems in the Petroleum Industry 

      Onshus, Tor Engebret; Bodsberg, Lars; Hauge, Stein; JAATUN, Martin Gilje; Lundteigen, Mary Ann; Myklebust, Thor; Ottermo, Maria Vatshaug; Petersen, Stig; Wille, Egil (Peer reviewed; Journal article, 2022)
      The developments of reduced manning on offshore facilities and increased information transfer from offshore to land continue and may also be a prerequisite for the future survival of the oil and gas industry. A general ...
    • Security in Model Driven Development: A Survey 

      Jensen, Jostein; JAATUN, Martin Gilje (Chapter, 2011)
      Model driven development (MDD) is considered a promising approach for software development. In this paper the results of a systematic survey is reported to identify state-of-the-art within the topic of security in model ...
    • Threat Modeling of a Smart Grid Secondary Substation 

      Holik, Filip; Flå, Lars; JAATUN, Martin Gilje; Yildirim Yayilgan, Sule; Foros, Jørn (Peer reviewed; Journal article, 2022)
      A full smart grid implementation requires the digitization of all parts of the smart grid infrastructure, including secondary electrical substations. Unfortunately, this introduces new security threats, which were not ...
    • Towards a Conceptual Framework for Security Requirements Work in Agile Software Development 

      Tøndel, Inger Anne; JAATUN, Martin Gilje (Peer reviewed; Journal article, 2020)
      Security requirement work plays a key role in achieving cost-effective and adequate security in a software development project. Knowledge about software companies' experiences of security requirement work is important in ...