Browsing Institutt for datateknologi og informatikk by Author "Jaatun, Martin Gilje"
Now showing items 1-13 of 13
-
A Probabilistic Approach to Information Control
Nyre, Åsmund Ahlmann; Jaatun, Martin Gilje (Journal article; Peer reviewed, 2010) -
Achieving "Good Enough" Software Security: The Role of Objectivity
Tøndel, Inger Anne; Cruzes, Daniela Soares; Jaatun, Martin Gilje (Chapter, 2020)Today's software development projects need to consider security as one of the qualities the software should possess. However, overspending on security will imply that the software will become more expensive and often also ... -
Challenges and Experiences with Applying Microsoft Threat Modeling in Agile Development Projects
Cruzes, Daniela Soares; Jaatun, Martin Gilje; Bernsmed, Karin; Tøndel, Inger Anne (Journal article; Peer reviewed, 2018)The goal of secure software engineering is to create software that keeps performing as intended even when exposed to attacks. Threat modeling is considered to be a key activity, but can be challenging to perform for ... -
Collaborative security risk estimation in agile software development
Tøndel, Inger Anne; Jaatun, Martin Gilje; Cruzes, Daniela Soares; Williams, Laurie (Journal article; Peer reviewed, 2019)Purpose Today, agile software development teams in general do not adopt security risk-assessment practices in an ongoing manner to prioritize security work. Protection Poker is a collaborative and lightweight software ... -
Cyber-physical Hardening of the DigitalWater Infrastructure
Cali, Umit; Catak, Ferhat Özgur; Balogh, Zsolt György; Ugarelli, Rita Maria; Jaatun, Martin Gilje (Chapter, 2023)Water supply and drainage systems, which are categorized as critical infrastructure, serve a crucial role in preserving societal health and well-being. Since climate change effects, harsher regulations, population changes, ... -
Exchange of Security Incident Information in the context of Cloud Services
Frøystad, Christian (Master thesis, 2015)In recent years, the use of cloud computing has increased significantly. More and more organizations are moving their services to the cloud as there are rather compelling benefits from using cloud computing. Some of these ... -
Prioritisation of security in agile software development projects
Tøndel, Inger Anne (Doctoral theses at NTNU;2022:285, Doctoral thesis, 2022)Agile software development is driven by business value, and strives towards visible progressthrough features. Consequently, the somewhat invisible and overarching aspect of softwaresecurity is at the risk of being neglected.A ... -
Secure information sharing in Integrated Operations
Nyre, Åsmund Ahlmann (Doctoral theses at NTNU;2017:358, Doctoral thesis, 2017)The oil and gas industry in Norway is moving towards Integrated Operations (IO) to provide better, safer and more cost-effective operations. IO, as it is envisioned, will rely on extensive sharing of information and resources ... -
Software Bill of Materials in Critical Infrastructure
Jaatun, Lars Andreassen; Sørlien, Silje Marie; Borgaonkar, Ravishankar Bhaskarrao; Steve, Taylor; Jaatun, Martin Gilje (Chapter, 2023)Critical infrastructure today is comprised of cyber-physical systems, and therefore also vulnerable to cyber threats. Many of these threats come from within, through malicious code in software updates or bugs that can be ... -
The road to Hell is paved with good intentions: A story of (in)secure software development
Sassoon, Richard; Jaatun, Martin Gilje; Jensen, Jostein (Chapter, 2010)In this paper, we present the results of a security assessment performed on a home care system based on SOA, realized as web services. The security design concepts of this platform were specifically tailored to meet new ... -
Understanding challenges to adoption of the Microsoft Elevation of Privilege game
Tøndel, Inger Anne; Oyetoyan, Tosin Daniel; Jaatun, Martin Gilje; Cruzes, Daniela Soares (Chapter, 2018)The goal of secure software engineering is to create software that keeps performing as intended even when exposed to an active attacker. Threat modelling is considered to be a key activity, but can be challenging to perform ... -
Understanding Challenges to Adoption of the Protection Poker Software Security Game
Tøndel, Inger Anne; Jaatun, Martin Gilje; Cruzes, Daniela Soares; Oyetoyan, Tosin Daniel (Chapter, 2019)Currently, security requirements are often neglected in agile projects. Despite many approaches to agile security requirements engineering in literature, there is little empirical research available on why there is limited ... -
Using situational and narrative analysis for investigating the messiness of software security
Tøndel, Inger Anne; Cruzes, Daniela Soares; Jaatun, Martin Gilje (Journal article; Peer reviewed, 2020)Background: Software engineering work and its context often has characteristics of what in social science is termed 'messy'; it has ephemeral and irregular qualities. This puts high demands on researchers doing inquiry and ...