STIFTELSEN SINTEF

Link to partner web site

www.sintef.no

Company introduction

The SINTEF Group is the largest independent research organisation in Scandinavia. Every year, SINTEF supports the development of 2000 or so Norwegian and overseas companies via our research and development activity. SINTEF has approximately 2000 employees primarily situated in Trondheim and Oslo. About 40% of our researchers hold doctorates. The SINTEF Group is structured into several research divisions, which have been defined in terms of value chains and industrial market clusters.

SINTEF Information and Communication Technology (ICT) is one of 7 research divisions within the SINTEF Group. SINTEF ICT offers integrated research-based knowledge via access to a broad platform of technology and competence in ICT. SINTEF ICT has 260 employees, and is divided into 9 research departments. SINTEF ICT provides research-based expertise, services and products ranging from micro technology, communication and software technology, computational software, information systems and security and safety. Work ranges from simple technical analysis to complete systems.

The participation in the project will be from the department for Cooperative and Trusted Systems (CTS) in SINTEF ICT. CTS provides research-based expertise in model-driven development, quality and security technology, and user-centred development. CTS has lead several national research and development projects and played a leading role in several IST projects such as ACE-GIS, ATHENA, COMBINE, CORAS, ELLECTRA-WeB, INTEROP, MAPPER, MODELPLEX, MODELWARE, S3MS, SODIUM, SWING and TRUSTCOM.

CTS was responsible for the technical management in the EU funded CORAS project (IST-2000-25031) which developed a computerised framework for modelbased security analysis. The CORAS results have been taken further both at the national level, and at the European level within the FP6 IP TrustCoM. We have industrial experience with security risk analysis in such diverse domains as process industry and web-applications, and experience with legal risk analysis and trust analysis. Current research also includes specification analysis of security policies.

Our focus in the project will be development of methodologies, tools and metamodels for security risk analysis in connection to compliance and security engineering, and integration of risk analysis methodology with the software development lifecycle.

Key personnel

Ketil Stølen is Chief Scientist and Group Leader at SINTEF CTS. Since 1998 he is also a Professor in computer science at the University of Oslo. St?len has broad experience from basic research (4 years at Manchester University; 5 years at Munich University of Technology, 6 years at the University of Oslo) as well as applied research (1 year at the Norwegian Defense Research Establishment; 3 years at the OECD Halden Reactor Project; 9 years at SINTEF). He did his PhD "Development of Parallel Programs on Shared Data-structures" at Manchester University on a personal fellowship granted by the Norwegian Research Council for Science and the Humanities. At Munich University of Technology his research focused on the theory of refinement and rules for compositional and modular system development - in particular, together with Manfred Broy he designed the Focus method. At the OECD Halden Reactor Project he was responsible for software development projects involving the use of state-of-the-art CASE-tool technology for object-oriented modelling. He led several research activities concerned with the modelling and dependability-analysis of safety-critical systems. He has broad experience from research projects - nationally as well as internationally - and from the management of research projects. From 1992-96 he was project-leader under Sonderforschungsbereich 342 "Methodik des Entwurfs verteilter Systeme" at Munich University of Technology. From 2001-03 he was the technical manager of the EU-project CORAS which had 11 partners and a total budget of more than 5 million EURO. He is currently managing four major Norwegian research projects.

Mass Soldal Lund holds a PhD degree in computer science from the University of Oslo. He is employed as a research scientist at SINTEF Information and Communication Technology, where he has been working with risk analysis and threat modelling since 2001. With his co-workers he has authored several papers on model-based risk analysis and he made substantial contributions to the OMG standard "UML Profile for Modelling Quality of Service and Fault Tolerance Characteristics and Mechanisms". His main research interests are formal and semi-formal specification techniques and languages, model-based testing, risk analysis and threat modelling.

Involvement/Role in the project