Journal publications

• Bernsmed, Karin; Jaatun, Martin Gilje; Frøystad, Christian. (2019) Is a Smarter Grid Also Riskier?. Lecture Notes in Computer Science (LNCS). vol. 11738.
• Meland, Per Håkon; Bernsmed, Karin; Frøystad, Christian; Li, Jingyue; Sindre, Guttorm. (2019) An experimental evaluation of bow-tie analysis for cybersecurity requirements. Lecture Notes in Computer Science (LNCS). vol. 11387.
• Meland, Per Håkon; Bernsmed, Karin; Frøystad, Christian; Li, Jingyue; Sindre, Guttorm. (2019) An experimental evaluation of bow-tie analysis for security. Information and Computer Security. vol. 26 (4).
• Bernsmed, Karin; Frøystad, Christian; Meland, Per Håkon; Nesheim, Dag Atle; Rødseth, Ørnulf Jan. (2018) Visualizing cyber security risks with bow-tie diagrams. Lecture Notes in Computer Science (LNCS). vol. 10744.
• Cruzes, Daniela Soares; Jaatun, Martin Gilje; Bernsmed, Karin; Tøndel, Inger Anne. (2018) Challenges and Experiences with Applying Microsoft Threat Modeling in Agile Development Projects. 2018 25th Australasian Software Engineering Conference (ASWEC).
• Jaatun, Martin Gilje; Tøndel, Inger Anne; Moe, Nils Brede; Cruzes, Daniela Soares; Bernsmed, Karin; Haugset, Børge. (2018) Accountability Requirements in the Cloud Provider Chain. Symmetry. vol. 10 (4).
• Azraoui, Monir; Elkhiyaoui, Kaoutar; Önen, Melek; Bernsmed, Karin; De Oliveira, Anderson Santana; Sendor, Jakub. (2015) A-PPL: An accountability policy language. Lecture Notes in Computer Science (LNCS). vol. 8872.
• Benghabrit, Walid; Grall, Hervé; Royer, Jean Claude; Sellami, Mohamed; Azraoui, Monir; Elkhiyaoui, Kaoutar; Önen, Melek; De Oliveira, Anderson Santana; Bernsmed, Karin. (2015) From regulatory obligations to enforceable accountability policies in the cloud. Communications in Computer and Information Science. vol. 512.
• Graffer, Ingrid; Bartnes, Maria; Bernsmed, Karin. (2015) Play2Prepare: A Board Game Supporting IT Security Preparedness Exercises for Industrial Control Organizations. Norsk Informasjonssikkerhetskonferanse (NISK).
• Jaatun, Martin Gilje; Cruzes, Daniela Soares; Bernsmed, Karin; Tøndel, Inger Anne; Røstad, Lillian. (2015) Software Security Maturity in Public Organisations. Lecture Notes in Computer Science (LNCS). vol. 9290.
• Meland, Per Håkon; Bernsmed, Karin; Jaatun, Martin Gilje; Castejon, Humberto Nicolas; Undheim, Astrid. (2014) Expressing cloud security requirements for SLAs in deontic contract languages for cloud brokers. International Journal of Cloud Computing. vol. 3 (1).
• Jaatun, Martin Gilje; Bernsmed, Karin; Undheim, Astrid. (2012) Security SLAs - An Idea Whose Time Has Come?. Lecture Notes in Computer Science (LNCS). vol. 7465.
• Bø, Solvår; Pedersen, Stian; Nyre, Åsmund Ahlmann; Bernsmed, Karin. (2011) Controlled Sharing of Personal Information in Android. NIK: Norsk Informatikkonferanse.
• Sallhammar, Karin; Helvik, Bjarne Emil; Knapskog, Svein Johan. (2007) A Framework for Predicting Security and Dependability Measures in Real-time. International Journal of Computer Science and Network Security. vol. 7 (3).
• Sallhammar, Karin; Helvik, Bjarne Emil; Knapskog, Svein Johan. (2006) On Stochastic Modeling for Integrated Security and Dependability Evaluation. Journal of Networks. vol. 1 (5).
• Mjølsnes, Stig Frode; Sallhammar, Karin. (2005) Web security laboratory didactics. IADAT Journal of Advanced Technology. vol. 2 (2).
• Sallhammar, Karin; Knapskog, Svein Johan; Helvik, Bjarne Emil. (2005) Building a Stochastic Model for Security and Trust Assessment Evaluation. ERCIM News.
• Årnes, André; Sallhammar, Karin; Haslum, Kjetil; Brekne, Tønnes; Moe, Marie Elisabeth Gaup; Knapskog, Svein Johan. (2005) Real-time Risk Assessment with Network Sensors and Intrusion Detection Systems. Lecture Notes in Computer Science (LNCS).

Books

• Bernsmed, Karin; Fischer-Hübner, Simone. (2014) Secure IT Systems; 19th Nordic Conference, NordSec 2014, Tromsø, Norway, October 15-17, 2014, Proceedings. Springer. 2014. ISBN 978-3-319-11599-3. Lecture Notes in Computer Science (8788).

Part of book/report

• Bernsmed, Karin; Jaatun, Martin Gilje. (2019) Threat modelling and agile software development: Identified practice in four Norwegian organisations. Proceedings of the 2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), University of Oxford, 3-4 June 2019.