Martin Gilje Jaatun

SINTEF Digital · Software Engineering Safety and Security

Full text available at: http://jaatun.no/papers/2015/Cruzes_Jaatun_Cloud%20Provider%20Transparency.pdf A major feature of public cloud services is that data are processed remotely in unknown systems that the users do not own or operate. This context creates a number of challenges related to data privacy and security and may hinder the adoption of...

Our study illustrates that the risk of getting infected by malware that antivirus protection doesn't detect is alarmingly high. New malware that the antivirus engines don't have signatures for is likely to escape detection by a desktop antivirus solution. Taking precautions while using the Internet can protect users only to a certain extent. If the...

This article describes how a Redundant Array of Independent Net-storages (RAIN) can be deployed for confidentiality control in Cloud Computing. The RAIN approach splits data into segments and distributes segments between multiple storage providers; by keeping the distribution of segments and the relationships between the distributed segments privat...

Solutions for federated identity management (FIM) are maturing; however, the adoption rate of this technology hasn't been as high as expected. The authors conducted and analyzed eleven semistructured interviews with representatives from the Norwegian oil and gas industry to learn more about the perceived benefits and challenges of FIM adoption. The...

Available at: http://jaatun.no/papers/2014/guidinglights.pdf In order to be an accountable organisation, Cloud Providers need to commit to being responsible stewards of other people's information. This implies demonstrating both willingness and capacity for such stewardship. This paper outlines the fundamental requirements that must be met by acco...

The ongoing digitalization of critical infrastructures enables more efficient processes, but also comes with new challenges related to potential cyber-physical attacks or incidents. To manage their associated risk, a precise and systematic framework should be adopted. This paper describes a general methodology that is consistent with the Risk Manag...

Operational Technology (OT) systems are becoming increasingly software-driven and connected. This creates new digitalization opportunities but can also increase the risk of cyber security breaches than can have severe consequences. Through a close dialogue with Norwegian actors in the oil- and gas industry and insight into the IEC 62443 standard we...

During the grid planning process, electric power grid companies evaluate different options for the long-term grid development to address the expected future demands. The options can be passive measures, e.g., traditional reinforcement or building new lines, or active measures, e.g., support from ICT-solutions during operation to increase the power...

NESSI Whitepaper on software security with input from several NESSI partners, edited by Josef URban, Steve Taylor and Martin Gilje Jaatun

This book highlights advances in Cyber Security, Cyber Situational Awareness (CyberSA), Artificial Intelligence (AI) and Social Media. It brings together original discussions, ideas, concepts and outcomes from research and innovation from multidisciplinary experts. It offers topical, timely and emerging original innovations and research results in...

This paper presents an empirical study on the need for sector-specific CERT capacity in the Norwegian construction sector. Findings from the interviews demonstrate a need for developing competence in ICT security in this sector. The actors express a desire for a forum for sharing information and learning from other actors within the industry. In ou...

The security of IoT-based digital solutions is a critical concern in the adoption of Industry 4.0 technologies. These solutions are increasingly being used to support the interoperability of critical infrastructure, such as in the water and energy sectors, and their security is essential to ensure the continued reliability and integrity of these sy...

Cyber-risk assessment methods are used by energy companies to manage security risks in smart grids. However, current standards, methods and tools do not adequately provide the support needed in practice and the industry is struggling to adopt and carry out cyber-risk assessments. The contribution of this paper is twofold. First, we interview six co...

Modern information systems are built fron a complex composition of networks, infrastructure, devices, services, and applications, interconnected by data flows that are often private and financially sensitive. The 5G networks, which can create hyperlocalized services, have highlighted many of the deficiencies of current practices in use today to cre...

Software security is a complex topic, and for development projects it can be challenging to assess what security is necessary and cost-effective. Agile Software Development (ASD) values self-management. Thus, teams and their Product Owners are expected to also manage software security prioritisation. In this paper we build on the notion that securi...

A full smart grid implementation requires the digitization of all parts of the smart grid infrastructure, including secondary electrical substations. Unfortunately, this introduces new security threats, which were not apparent before. This article uses a Smart Grid Threat Modeling Template implementing the STRIDE model to create a threat model of a...

The developments of reduced manning on offshore facilities and increased information transfer from offshore to land continue and may also be a prerequisite for the future survival of the oil and gas industry. A general requirement from the operators has emerged in that all relevant information from offshore-located systems should be made available...

Threat modeling is a way to get an overview of possible attacks against your systems. The advantages of threat modeling include tackling security problems early, improved risk assessments, and more effective security testing. There will always be limited resources available for security, and threat modeling will allow you to focus on the most impor...

Security requirement work plays a key role in achieving cost-effective and adequate security in a software development project. Knowledge about software companies' experiences of security requirement work is important in order to bridge the observed gap between software security practices and security risks in many projects today. Particularly, suc...

Software security does not emerge fully formed by divine intervention in deserving software development organizations; it requires that developers have the required theoretical background and practical skills to enable them to write secure software, and that the software security activities are actually performed, not just documented procedures tha...

The introduction of Information and Communications Technology (ICT) into conventional power grids has resulted in a digitalized smart grid, enabling a more efficient and robust operation. However, it can also lead to increased risk and new threats due to more complex systems and longer supply chains. Recent events indicate that the electrical power...

Modern information systems are built fron a complex composition of networks, infrastructure, devices, services, and applications, interconnected by data flows that are often private and financially sensitive. The 5G networks, which can create hyperlocalized services, have highlighted many of the deficiencies of current practices in use today to cre...

Cybersecurity in water and wastewater sector and the contribution from STOP-IT. This article discusses the current issues related to cybersecurity in the water and wastewater sector as a critical infrastructure. It emphasizes the need for rising cyber-physical security awareness, competence, and technological uptake in the sector. Some of the main...

The goal of secure software engineering is to create software that keeps performing as intended, even when exposed to attacks. Threat modelling is considered to be a key activity to reach this goal, but has turned out to be challenging to implement in agile teams. This paper presents results from four different studies, in which we have investigate...

This article investigates and analyzes the security aspects of 5G specifications from the perspective of IoT-based smart grids. As the smart grid requires high-speed and reliable communication to enable real-time grid monitoring via Internet of Things (IoT) devices, 5G can be considered a catalyst to transform the current power grid infrastructure...

Threat modeling is about identifying architectural flaws and weaknesses in a system in order to mitigate them and avoid unwanted incidents caused by an attacker. Tool-assisted threat modeling has seen limited use in complex cyberphysical systems involving both Information Technology (IT) and Operational Technology (OT) systems. In this paper, we in...

We have entered the era of big data, and it is considered to be the "fuel" for the flourishing of artificial intelligence applications. The enactment of the EU General Data Protection Regulation (GDPR) raises concerns about individuals' privacy in big data. Federated learning (FL) emerges as a functional solution that can help build high-performanc...

The railway domain has a justifiable preoccupation with safety, but less of a focus on cyber security. This could result in the risk of cyber security flaws in current railway systems being unacceptably high. However, in recent years the railway industry has realized the importance of cyber security, and the possible effects cyber security could ha...

The divide between IT security and software security can result in the neglect of proper software security. This divide can be bridged by establishing a formal security champion role in the development team and conducting collaborative risk-based security activities.

With the expansion of cyber-physical systems (CPSs) across critical and regulated industries, systems must be continuously updated to remain resilient. At the same time, they should be extremely secure and safe to operate and use. The DevOps approach caters to business demands of more speed and smartness in production, but it is extremely challengi...

The modernisation of the power grid is ongoing,and the level of digitalisation of the power grid in, say, ten yearsmay be quite different than today. Cyber security needs willchange correspondingly. In this paper we utilise a qualitativeresearch approach to explore misuse cases related to three mainareas of modernisation that we envision for the ne...

Today’s software development projects need to consider security as one of the qualities the software should possess. However, overspending on security will imply that the software will become more expensive and often also delayed. This paper discusses the role of objectivity in assessing and researching the goal of good enough security. Different u...

Security requirement work plays a key role in achieving cost-effective and adequate security in a software development project. Knowledge about software companies' experiences of security requirement work is important in order to bridge the observed gap between software security practices and security risks in many projects today. Particularly, suc...

Software in the cloud is predominantly developed using agile methodologies, where practices such as continuous deployment and DevOps contribute to increased speed and quick turnarounds. This increased speed does however require additional focus on software security in order to avoid security bugs and architectural flaws from crippling a cloud busin...

The smart grid evolution digitalizes the traditional power distribution grid, by integrating information communication technology into its operation and control. A particularly interesting challenge is the integration of grid topology monitoring and decision support systems with the remote control of breakers in the grid and at the subscribers’ pre...

The use of IoT devices in the future electricity domain (known as the smart grid) has numerous benefits, such as improved reliability of the power system, enhanced functions of SCADA (Supervisory Control and Data Acquisition), improved monitoring and management of operational power grid assets, and advanced metering infrastructure. The smart grid c...

To achieve a level of security that is just right, software development projects need to strike a balance between security and cost. This necessitates making such decisions as to what security activities to perform in development and which security requirements should be given priority. Current evidence indicates that in many agile development proj...

Context: Security work in software development is generally under- prioritized. Software developers are not aware of security engineer- ing practices, or find them external to the software development process. To the management, security work presents itself in the form of reactive testing performed out of necessity, incurring only costs in terms o...

Purpose Today, agile software development teams in general do not adopt security risk-assessment practices in an ongoing manner to prioritize security work. Protection Poker is a collaborative and lightweight software security risk-estimation technique that is particularly suited for agile teams. Motivated by a desire to understand why security ri...

Threat modelling is considered a key activity in secure software engineering. However, despite its documented benefits it has not (yet) been widely adopted by agile software development projects. In this paper we present results from a qualitative study of how it is performed in practice by four different organisations. The findings show that, even...

Current proof-of-work blockchains are not sustainable in terms of energy needed to run them. In this paper we propose a new scheme that avoids wasted proof-of-work by a dynamic probabilistic method, where the consensus algorithm can be adjusted according to the parties' required assurance levels.

Security concerns are often cited as the most prominent reason for not using cloud computing, but customers of cloud users, especially end-users, frequently do not understand the need to control access to personal information. On the other hand, some users might understand the risk, and yet have inadequate means to address it. In order to make the...

Guidelines exist in order to ensure efficient, effective and consistent provision of healthcare service. Unfortunately, existing guidelines are often not adopted in a timely manner, even to the point of being outdated at the time of adoption. Hence, many healthcare professionals are eschewing guidelines, sometimes leading to suboptimal outcomes. Th...

Currently, security requirements are often neglected in agile projects. Despite many approaches to agile security requirements engineering in literature, there is little empirical research available on why there is limited adoption of these techniques. In this paper we describe a case study on challenges facing adoption of the Protection Poker game...

Threat modeling is a way to get an overview of possible attacks against your systems. The advantages of threat modeling include tackling security problems early, improved risk assessments, and more effective security testing. There will always be limited resources available for security, and threat modeling will allow you to focus on the most impor...

Software security does not emerge fully formed by divine intervention in deserving software development organizations; it requires that developers have the required theoretical background and practical skills to enable them to write secure software, and that the software security activities are actually performed, not just documented procedures tha...

Online services are increasingly becoming a composition of different cloud services, making incident-handling difficult, as Cloud Service Providers (CSPs) with end-user customers need information from other providers about incidents that occur at upstream CSPs to inform their users. In this paper, we argue the need for commonly agreed-upon incident...

The goal of secure software engineering is to create software that keeps performing as intended even when exposed to attacks. Threat modeling is considered to be a key activity, but can be challenging to perform for developers, and even more so in agile software development. Hence, threat modeling has not seen widespread use in agile software proje...

Emergency and rescue operations are often carried out in areas where the network infrastructure cannot be relied on for message exchange between first responders. Since a fundamental feature of a Mobile Ad Hoc Network is the ability to operate independently of existing infrastructure, it is deemed a well-suited solution to first responders scenario...

Many software services are currently created using DevOps, where developers and operations personnel are more tightly integrated. The DevOps paradigm enables shorter development cycles, but increased speed has raised concerns over whether security issues may be overlooked. However, perfect security is never achievable, and in addition to the proact...

In order to be responsible stewards of other people's data, cloud providers must be accountable for their data handling practices. The potential long provider chains in cloud computing introduces additional accountability challenges, with many stakeholders involved. Symmetry is very important in any requirements elicitation activity, since input fr...

When studying work practices, it is important to obtain accurate and reliable information about how work is actually done. Action research is an interactive inquiry process that balances problem solving actions implemented in a collaborative context with data-driven collaborative analysis or research to understand underlying causes enabling future...

The goal of secure software engineering is to create software that keeps performing as intended even when exposed to an active attacker. Threat modelling is considered to be a key activity, but can be challenging to perform for developers. Microsoft has tried to lower the bar through creating a threat modelling game called Elevation of Privilege (E...

7.1 Introduction : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 201 7.2 Background : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : : 202 7.3 Questionnaires in Software Security : : : : : : : : : : : : : : : : : : : : : : : : :...

When working with software security in a risk-centric way, development projects become equipped to make decisions on how much security to include and what type of security pays off. This article presents the results of a study made among 23 public organisations, mapping their risk-centric activities and practices, and challenges for implementing th...

The DevOps paradigm means that development and operations for an organisation blend together. For security, this implies that information on detected attacks can be fed back to the development, enabling faster eradication of vulnerabilities in software. This is particularly important in cloud installations, where release cycles can be less than a d...

Invited presentation

In this chapter, we consider whether the outsourcing of incident management is a viable technological approach that may be trans-ferable to other cloud security management requirements. We review a viable approach to outsourcing incident response management and consider whether this can be applied to other cloud security approaches, starting with t...

Full text available at http://dx.doi.org/10.1016/j.aci.2017.01.001 The smart grid vision implies extensive use of ICT in the power system, enabling increased flexibility and functionality and thereby meeting future demands and strategic goals. Consequently, power system reliability will increasingly depend on ICT components and systems. While addi...

Although most organizations understand the need for application security at an abstract level, achieving adequate software security at the sharp end requires taking bold steps to address security practices within the organization. In the Agile software development world, a security engineering process is unacceptable if it is perceived to run count...

Developing secure software requires the integration of numerous methods and tools into the development process, and software design is based on shared expert knowledge, claims, and opinions. Empirical methods, including data analytics, allow extracting knowledge and insights from the data that organizations collect from their processes and tools, a...

Full text available at: http://jaatun.no/papers/2016/protection-poker-profes.pdf Software security is about creating software that keeps performing as intended even when exposed to an active attacker. Secure software engineering is thus relevant for all software, not only security software. We describe Protection Poker, a tool for risk estimation...

Full text: http://www.sciencedirect.com/science/article/pii/S187705091632169X Pain Body Maps are promising tools for patients with advanced cancer. We briefly present Computerised Pain Body Maps from the literature, and contrast them with our own CPBM specifically designed for this patient group. Furthermore, we ponder the fact that current CPBMs...

Cyber Security Incident Management is an emerging paradigm and capability within the aviation domain. To date, limited research has addressed the requirements and developed tangible solutions for the deployment of such a capability. This paper leverages good practice and experiences from other critical infrastructure settings in order to sketch a r...

Organizations recognize that protecting their assets against attacks is an important business. However, achieving what is adequate security requires taking bold steps to address security practices within the organization. In the Agile software development world, security engineering process is unacceptable as it runs counter to the agile values. Ag...

The Cloud is increasingly being used to store and process big data, and conventional security mechanisms using encryption are either not sufficiently efficient or not suited to the task of protecting big data in the Cloud. In this paper we present an alternative approach which divides big data among multiple Cloud providers, and instead of protecti...

The ability to appropriately prepare for, and respond to, information security incidents, is of paramount importance, as it is impossible to prevent all possible incidents from occurring. Current trends show that the power and automation industry is an attractive target for hackers. A main challenge for this industry to overcome is the differences...

This article focuses on the role of accountability within information management, particularly in cloud computing contexts. Key to this notion is that an accountable Cloud Provider must demonstrate both willingness and capacity for being a responsible steward of other people's data. More generally, the notion of accountability is defined as it appl...

The pervasiveness of cloud computing paired with big data analytics is fueling privacy fears among the more paranoid users. Cryptography-based solutions such as fully homomorphic encryption and secure multiparty computation are trying to address these fears, but still do not seem to be ready for prime time. This paper presents an alternative approa...