Search For:

Displaying 1-13 out of 13 total
Fools Download Where Angels Fear to Tread
Found in: IEEE Security and Privacy
By Martin Gilje Jaatun, Jostein Jensen, Håvard Vegge, Finn Michael Halvorsen, Rune Walsø Nergård
Issue Date:March 2009
pp. 83-86
0-day malware is malware that is so new that it's not detected by any antimalware scanners. This article describes an experiment that, during a two-week period in 2008, exposed updated Microsoft Windows XP PCs with updated antivirus software to numerous un...
 
Federated Identity Management and Usage Control - Obstacles to Industry Adoption
Found in: 2013 Eighth International Conference on Availability, Reliability and Security (ARES)
By Jostein Jensen,Asmund Ahlmann Nyre
Issue Date:September 2013
pp. 31-41
Federated identity management and usage control technologies have received considerable attention from the research community during the past decade. We have investigated the views of, and attitudes towards, adopting federated identity management and usage...
 
Federated Identity Management—We Built It; Why Won't They Come?
Found in: IEEE Security & Privacy
By Jostein Jensen,Martin Gilje Jaatun
Issue Date:March 2013
pp. 34-41
Solutions for federated identity management (FIM) are maturing; however, the adoption rate of this technology hasn't been as high as expected. The authors conducted and analyzed eleven semistructured interviews with representatives from the Norwegian oil a...
 
Federated Identity Management Challenges
Found in: 2012 Seventh International Conference on Availability, Reliability and Security (ARES)
By Jostein Jensen
Issue Date:August 2012
pp. 230-235
Federated Identity Management is considered a promising approach to facilitate secure resource sharing between collaborating partners. The adoption rate of identity federation technologies in the industrial domain, however, has not been as expected. A stru...
 
Security in Model Driven Development: A Survey
Found in: Availability, Reliability and Security, International Conference on
By Jostein Jensen,Martin Gilje Jaatun
Issue Date:August 2011
pp. 704-709
Model driven development (MDD) is considered a promising approach for software development. In this paper the results of a systematic survey is reported to identify the state-of-the-art within the topic of security in model driven development, with a speci...
 
The Road to Hell is Paved with Good Intentions: A Story of (In)secure Software Development
Found in: Availability, Reliability and Security, International Conference on
By Richard Sasson, Martin Gilje Jaatun, Jostein Jensen
Issue Date:February 2010
pp. 501-506
In this paper, we present the results of a security assessment performed on a home care system based on SOA, realized as web services. The security design concepts of this platform were specifically tailored to meet new security challenges and to be compli...
 
Combining Misuse Cases with Attack Trees and Security Activity Models
Found in: Availability, Reliability and Security, International Conference on
By Inger Anne Tøndel, Jostein Jensen, Lillian Røstad
Issue Date:February 2010
pp. 438-445
Misuse cases and attack trees have been suggested for security requirements elicitation and threat modeling in software projects. Their use is believed to increase security awareness throughout the software development life cycle. Experiments have identifi...
 
Where Only Fools Dare to Tread: An Empirical Study on the Prevalence of Zero-Day Malware
Found in: Internet Monitoring and Protection, International Conference on
By Håvard Vegge, Finn Michael Halvorsen, Rune Walsø Nergård, Martin Gilje Jaatun, Jostein Jensen
Issue Date:May 2009
pp. 66-71
Zero-day malware is malware that is based on zero-day exploits and/or malware that is otherwise so new that it is not detected by any anti-virus or anti-malware scanners. This paper presents an empirical study that exposed updated Micsosoft Windows XP PCs ...
 
An Architectural Foundation for Security Model Sharing and Reuse
Found in: Availability, Reliability and Security, International Conference on
By Per Håkon Meland, Shanai Ardi, Jostein Jensen, Erkuden Rios, Txus Sanchez, Nahid Shahmehri, Inger Anne Tøndel
Issue Date:March 2009
pp. 823-828
Within the field of software security we have yet to find efficient ways on how to learn from past mistakes and integrate security as a natural part of software development.This situation can be improved by using an online repository, the SHIELDS SVRS, tha...
 
Reusable Security Requirements for Healthcare Applications
Found in: Availability, Reliability and Security, International Conference on
By Jostein Jensen, Inger Anne Tøndel, Martin Gilje Jaatun, Per Håkon Meland, Herbjørn Andresen
Issue Date:March 2009
pp. 380-385
Healthcare information systems are currently being migrated from paper based journals to fully digitalised information platforms. Protecting patient privacy is thus becoming an increasingly complex task, where several national and international legal requi...
 
Secure Software Design in Practice
Found in: Availability, Reliability and Security, International Conference on
By Per Håkon Meland, Jostein Jensen
Issue Date:March 2008
pp. 1164-1171
This paper presents a set of practical techniques and tools for creating secure software with a special focus on the design phase of the development lifecycle. The target group is the ordinary ”developer-on-the-street”, who is not primarily interested in (...
 
A Novel Testbed for Detection of Malicious Software Functionality
Found in: Availability, Reliability and Security, International Conference on
By Jostein Jensen
Issue Date:March 2008
pp. 292-301
Behavioural software analysis is suggested by several research communities as a principle to complement the traditional signature-based anti-virus tools. This paper presents a novel open-source testbed for behavioural software analysis, designed to meet cu...
 
Learning from Software Security Testing
Found in: Software Testing Verification and Validation Workshop, IEEE International Conference on
By Inger Anne Tøndel, Martin Gilje Jaatun, Jostein Jensen
Issue Date:April 2008
pp. 287-294
Software security testing tools and methodologies are presently abundant, and the question no longer seems to be
 
 1