Background and activities
Leader of the Information Security Dicipline
- Software security and security testing
- Software vulnerability analysis
- Model driven software development and model driven security
- Access control, usage control and privacy protection
- Security monitoring, policies, languages, models and enforcement
Scientific, academic and artistic work
Displaying a selection of activities. See all publications in the database
- (2022) Modeling and Executing Cyber Security Exercise Scenarios in Cyber Ranges. Computers & Security. vol. 116.
- (2022) Selecting and Training Young Cyber Talent: A Recurrent European Cyber Security Challenge Case Study. Springer Nature. 2022. ISBN 978-3-031-05457-0. Lecture Notes in Computer Science (LNCS) (https://doi.org/10.1007/978-3-031-05457-0_24).
- (2022) Mapping Tools for Open Source Intelligence with Cyber Kill Chain for Adversarial Aware Security. Mathematics. vol. 10 (12).
- (2021) With a Little Help from Your Friends: Collaboration with Vendors During Smart Grid Incident Response Exercises. Proceedings of the 2021 European Interdisciplinary Cybersecurity Conference (EICC).
- (2021) Difficult SQLi Code Patterns for Static Code Analysis Tools. Norsk Informasjonssikkerhetskonferanse (NISK). vol. 3.
- (2021) Ontology-Based Scenario Modeling for Cyber Security Exercise. 2021 IEEE European Symposium on Security and Privacy Workshops.
- (2021) Serious Games as a Tool to Model Attack and Defense Scenarios for Cyber-Security Exercises. Computers & Security. vol. 110.
- (2021) Selecting and Training Young Cyber Talent: A European Cybersecurity Challenge Case Study. Lecture Notes in Computer Science (LNCS). vol. 12776.
- (2021) Weaponized AI for cyber attacks. Journal of Information Security and Applications. vol. 57.
- (2020) Difficult XSS Code Patterns for Static Code Analysis Tools. Lecture Notes in Computer Science (LNCS). vol. 11981 LNCS.
- (2020) UIOT-FMT: A Universal Format for Collection and Aggregation of Data from Smart Devices. Sensors. vol. 20 (22).
- (2020) Vulnerability Discovery Modelling With Vulnerability Severity. 2019 IEEE Conference on Information and Communication Technology.
- (2020) Smart Policing for a Smart World Opportunities, Challenges and Way Forward. Advances in Intelligent Systems and Computing.
- (2020) Maturity Modelling to Prepare for Cyber Crisis Escalation and Management. Proceedings of the 6th International Conference on Information Systems Security and Privacy.
- (2020) Towards a Maturity Improvement Process – Systemically Closing the Socio-Technical Gap. CEUR Workshop Proceedings. vol. 2789.
- (2020) EXCON Teams in Cyber Security Training. 2019 International Conference on Computational Science and Computational Intelligence (CSCI).
- (2019) Development of Ontology-Based Software Security Learning System with Contextualized Learning Approach. Journal of Advances in Information Technology. vol. 10 (3).
- (2019) Learning Software Security in Context: An Evaluation in Open Source Software Development Environment. ARES '19 Proceedings of the 14th International Conference on Availability, Reliability and Security Canterbury, CA, United Kingdom — August 26 - 29, 2019.
- (2019) Managing Software Security Knowledge in Context: An Ontology Based Approach. Information. vol. 10 (6).
- (2019) Preliminary Evaluation of an Ontology-Based Contextualized Learning System for Software Security. Proceedings of the 23rd International Conference on Evaluation and Assessment in Software Engineering 2019 (EASE '19).
- (2019) Towards a Context-Based Approach for Software Security Learning. Journal of Applied Security Research. vol. 14 (3).
- (2019) Security Knowledge Management in Open Source Software Communities. Innovative Security Solutions for Information Technology and Communications. SECITC 2018.
- (2019) Cyber Security Skill Set Analysis for Common Curricula Development. Proceedings of the 14th International Conference on Availability, Reliability and Security - ARES '19 . ACM; University of Kent. 2019-08-26 - 2019-08-29.
- (2019) Ethical Problems and Legal Issues in Development and Usage Autonomous Adversaries in Cyber Domain. CEUR Workshop Proceedings. vol. 2381.
- (2019) Mobile device management (MDM) technologies, issues and challenges. 3rd International Conference on Cryptography, Security and Privacy . ACM; Kuala Lumpur. 2019-01-19 - 2019-01-21.
- (2019) Modeling Attack and Defense Scenarios for Cyber Security Exercises. 5th Interdisciplinary Cyber Research conference 2019 . Tallinn University of Technology; Tallin. 2019-06-29 - 2019-06-29.
- (2019) Cyber ranges and security testbeds: Scenarios, functions, tools and architecture. Computers & Security. vol. 88:101636.
- (2019) Detecting Windows Based Exploit Chains by Means of Event Correlation and Process Monitoring. Lecture Notes in Networks and Systems. vol. 70 LNNS.
- (2019) Cyber Weapons Storage Mechanisms. Lecture Notes in Computer Science (LNCS). vol. 11611 LNCS.
- (2019) Implementation of Insider Threat Detection System Using Honeypot Based Sensors and Threat Analytics. Lecture Notes in Networks and Systems. vol. LNNS 70.
- (2019) A Survey of Automated Information Exchange Mechanisms Among CERTs. CEUR Workshop Proceedings. vol. 2348.
- (2019) A Socio-Technical Framework to Improve cyber security training: A Work in Progress. CEUR Workshop Proceedings. vol. 2398.
- (2019) Cyber Crisis Management Roles – A Municipality Responsibility Case Study. Information Technology in Disaster Risk Reduction.
- (2018) Quantitative security assurance metrics: REST API case studies. Proceedings of the 12th European Conference on Software Architecture ; 2018-09-24 - 2018-09-28.
- (2018) Source Code Patterns of Buffer Overflow Vulnerabilities in Firefox. SICHERHEIT 2018.
- (2018) Source Code Patterns of Cross Site Scripting in PHP Open Source Projects. Norsk Informasjonssikkerhetskonferanse (NISK). vol. 11.
- (2018) Towards a Quantitative Approach for Security Assurance Metrics. The Twelfth International Conference on Emerging Security Information, Systems and Technologies; SECURWARE 2018 September 16, 2018 to September 20, 2018 - Venice, Italy.
- (2018) An Ontology-Based Context Model for Managing Security Knowledge in Software Development. Proceedings of the 23rd Conference of Open Innovations Association FRUCT.
- (2018) Modelling and Analyzing Attack-Defense Scenarios for Cyber-Ranges. Nordsec 2018 . University of Oslo; Oslo. 2018-11-28 - 2018-11-30.
- (2018) Make it and Break it: An IoT Smart Home Testbed Case Study. International Conference on Cyber Physical Systems and IoT(CPSIOT 2018) . ACM; Stolkholm. 2018-09-21 - 2018-09-23.
- (2018) Detecting Malicious Windows Commands Using Natural Language Processing Techniques. Lecture Notes in Computer Science (LNCS). vol. 11359 LNCS.
- (2018) Inefficiencies in Cyber-Security Exercises Life-Cycle: A Position Paper. CEUR Workshop Proceedings. vol. 2269.
- (2018) A Pilot Study in Cyber Security Education Using CyberAIMs: A Simulation-Based Experiment. IFIP Advances in Information and Communication Technology. vol. 531.
- (2018) A Pilot Study in Cyber Security Education Using CyberAIMs: A Simulation-Based Experiment. Information Security Education - Towards a Cybersecure Society.
- (2018) CyberAIMs: A tool for teaching adversarial and systems thinking. International Defence and Homeland Security Simulation Workshop, DHSS 2018.
- (2017) Source Code Patterns of SQL Injection Vulnerabilities. ARES'17. Proceedings of The 12th International Conference on Availability, Reliability and Security, Reggio Calabria, Italy — August 29 - September 01, 2017.
- (2015) A process for mastering security evolution in the development lifecycle. International Journal on Software Tools for Technology Transfer (STTT). vol. 17.
- (2014) Factors of Access Control Management in Electronic Healthcare: The Patients' Perspective. 2014 47th Hawaii International Conference on System Sciences ; 2014-01-06 - 2014-01-09.
- (2014) Security Test Generation by Answer Set Programming. In the 8th International Conference on Software Security and Reliability ; 2014-06-30 - 2014-07-02.
- (2013) Towards a Model- and Learning-Based Framework for Security Anomaly Detection. Formal Methods for Components and Objects.
- (2013) Enhancing Model Driven Security through Pattern Refinement Techniques. Formal Methods for Components and Objects.
- (2012) Monitoring Anomalies in IT-Landscapes Using Clustering Techniques and Complex Event Processing. Leveraging Applications of Formal Methods, Verification, and Validation.
- (2012) Anomaly Detection in the Cloud: Detecting Security Incidents via Machine Learning. Trustworthy Eternal Systemsvia Evolving Software, Data and Knowledge..
- (2012) Managing Privacy and Effectiveness of Patient-Administered Authorization Policies. International Journal of Computational Models and Algorithms in Medicine (IJCMAM).
- (2012) Considering privacy and effectiveness of authorization policies for shared electronic health records. IHI '12 Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium ; 2012-01-28 - 2012-01-30.
- (2012) The Process of Policy Authoring of Patient-Controlled Privacy Preferences. Electronic Healthcare.
- (2010) cover Meeting EHR Security Requirements: SeAAS Approach. Seamless Care – Safe Care.
- (2010) Supporting Role Based Provisioning with Rules Using OWL and F-Logic. On the Move to Meaningful Internet Systems: OTM 2010. OTM 2010 ; 2010-10-25 - 2010-10-29.
- (2008) Workflow Testing. Leveraging Applications of Formal Methods (ISoLA 2008) ; 2008-10-13 - 2008-10-16.
- (2008) Privacy and Access Control for IHE-Based Systems. Electronic Healthcare. eHealth 2008 ; 2008-09-08 - 2008-09-09.
- (2008) Model-Driven Policy Framework for Usage Control-based Privacy. the second International workshop on Model-based Design Of Trustworthy Health Information Systems (MOTHIS) ; 2008-09-28 - 2008-10-03.
- (2008) A general obligation model and continuity enhanced policy enforcement engine for usage control. SACMAT '08 Proceedings of the 13th ACM symposium on Access control models and technologies ; 2008-06-11 - 2008-06-13.