Mass Soldal Lund

• Berrefjord, Vivi Ringnes & Lund, Mass Soldal (2024). Introduksjon. I Berrefjord, Vivi Ringnes & Lund, Mass Soldal (Red.), Cybermakt. En tverrfaglig innføring. Universitetsforlaget. ISSN 978-82-15-05707-1.
• Sætren, Gunhild Birgitte; Vaag, Jonas Rennemo & Lund, Mass Soldal (2024). What and how to train for strategic crisis management: A systematic literature review. Journal of Contingencies and Crisis Management. ISSN 0966-0879. 32(2). doi: 10.1111/1468-5973.12568.
• Haugli-Sandvik, Marie; Lund, Mass Soldal & Bjørneseth, Frøy Birte (2024). Maritime decision-makers and cyber security: deck officers’ perception of cyber risks towards IT and OT systems. International Journal of Information Security. ISSN 1615-5262. doi: 10.1007/s10207-023-00810-y. Fulltekst i vitenarkiv
• Lund, Mass Soldal (2023). Autonomi i cyberoperasjonar. I Cooper, Camilla Guldahl & Henriksen, Dag (Red.), Autonomi i militære operasjoner. Cappelen Damm Akademisk. ISSN 978-82-02-79144-5. s. 139–160. Fulltekst i vitenarkiv
• Lund, Mass Soldal (2022). Øving på cybersikkerheit: Ein casestudie av ei cybersikkerheitsøving. Scandinavian Journal of Military Studies. ISSN 2596-3856. 5(1), s. 244–256. doi: 10.31374/sjms.119. Fulltekst i vitenarkiv Vis sammendrag

  This article presents a case study of a cyber security exercise in military education, and uses this case study to reflect on some challenges with cyber security exercise for educational purposes. The case study discusses central decisions in the design of the exercise, the evaluation of the exercise, as well as challenges with the exercise concept. Through a survey of the literature, we compare the exercise with similar exercises, and have a look at how these exercises are evaluated. Finally, we use the case study and the literature survey to reflect on how further investigations into cyber security exercise could be made.

• Erstad, Erlend; Lund, Mass Soldal & Ostnes, Runar (2022). Navigating through Cyber Threats, A Maritime Navigator’s Experience. Applied Human Factors and Ergonomics International (AHFE International). 53, s. 84–91. doi: 10.54941/ahfe1002205. Fulltekst i vitenarkiv Vis sammendrag

  Cyber threats are emerging as a risk in the maritime industry. If the navigational systems on board a ship somehow fail to function because of a cyber incident, the navigator is an important asset who is expected to handle the problem and provide a solution to maintain the safety of the crew, the vessel, and the environment. The International Maritime Organization (IMO) urges the shipping industry to be resilient towards cyber threats. To facilitate for enhanced operational maritime cyber resilience, there is a need to understand how navigators interpret cyber threats, which can be essential to safely conduct nautical operations. This paper presents a qualitative study of navigators’ understanding of cyber threats based on interviews with ten navigators, and further provides recommendations for how use of this knowledge can contribute to enhanced maritime cyber resilience.

• Larsen, Marie Haugli; Lund, Mass Soldal & Bjørneseth, Frøy Birte (2022). A model of factors influencing deck officers’ cyber risk perception in offshore operations. Maritime Transport Research. ISSN 2666-822X. 3. doi: 10.1016/j.martra.2022.100065. Fulltekst i vitenarkiv
• Lund, Mass Soldal (2021). Kommunikasjonssystemer for beredskap og krisehåndtering – teknologi og utfordringer. I Larssen, Ann Karin (Red.), Beredskap og krisehåndtering. Utfordringer på sentralt, regionalt og lokalt nivå. Cappelen Damm Akademisk. ISSN 978-82-02-69508-8. s. 86–108. Fulltekst i vitenarkiv
• Wilhelmsen, Vivi Cathrine Ringnes; Larsen, Thea K.; Lund, Mass Soldal; Svenungsen, Bjørn & Aannø, Stig Tore (2021). Jakten på Norges militære cyberstrategi. I Heier, Tormod (Red.), Militærmakt i nord. Universitetsforlaget. ISSN 9788215057064. s. 242–260.
• Larsen, Marie Haugli & Lund, Mass Soldal (2021). Cyber Risk Perception in the Maritime Domain: A Systematic Literature Review. IEEE Access. ISSN 2169-3536. 9, s. 144895–144905. doi: 10.1109/ACCESS.2021.3122433. Fulltekst i vitenarkiv Vis sammendrag

  This paper aims to present an approach to investigate cyber risk perception with use of recognized psychological models, and to give an overview of state-of-the-art research within the field of cyber risk perception in general and in the context of the maritime domain. The focus will be on determinative dimensions within the psychometric paradigm and cognitive biases, and to give recommendations on further research within these fields. Okoli and Schabram’s eight-step guide to plan, select, extract, and execute a systematic literature review is used as guidance. The search process resulted in 25 relevant articles which describes 24 dimensions of cyber risk perception in different online environments. Research within the area of maritime cyber security is increasing, however, no studies relevant for our literature review were found within the maritime domain. The nine dimensions in the psychometric model, perceived benefit and the optimistic bias is presented and discussed in a maritime context. Cyber risk perception is a complex research-area where both determinative factors and other cognitive processes can be influenced by each other. This can indicate that the dimensions differ across populations and professions, creating grounds for why context-specific studies are important. Further research may benefit from more multidisciplinary, descriptive, and inductive approaches, and contextual studies within maritime cyber risk perception can contribute to develop targeted tools for risk mitigation to enhance safety at sea.

• Erstad, Erlend; Ostnes, Runar & Lund, Mass Soldal (2021). An Operational Approach to Maritime Cyber Resilience. TransNav, International Journal on Marine Navigation and Safety of Sea Transportation. ISSN 2083-6473. 15(1), s. 27–34. doi: 10.12716/1001.15.01.01. Fulltekst i vitenarkiv
• Fongen, Anders & Lund, Mass Soldal (2020). Integration of Network Services in Tactical Coalition SDN Networks. International Conference on Emerging Security Information, Systems and Technologies. ISSN 2162-2116. s. 22–28. Vis sammendrag

  In order for Software Defined Network (SDN) technology to work in a military network, several identified problems need to be solved. This paper reports from experimental efforts to extend the application of SDN to a multi-domain, coalition, mobile network with wireless links and with end systems belonging to several Communities Of Interest (COI). The paper also demonstrates how SDN technology allows different network services to be integrated with a single class of Network Elements (NE). Considerations related to authentication, COI separation and intrusion prevention is given special attention during the discussions.

• Fongen, Anders; Helkala, Kirsi Marjaana & Lund, Mass Soldal (2020). Trust Through Origin and Integrity: Protection of Client Code for Improved Cloud Security. International Conference on Emerging Security Information, Systems and Technologies. ISSN 2162-2116. s. 16–21.
• Lund, Mass Soldal; Hareide, Odd Sveinung & Jøsok, Øyvind (2018). An Attack on an Integrated Navigation System. Necesse. ISSN 2464-353X. 3(2), s. 149–163. doi: 10.21339/2464-353x.3.2.149.
• Lund, Mass Soldal; Gulland, Jørgen Emil; Hareide, Odd Sveinung; Jøsok, Øyvind & Weum, Karl Olav Carlsson (2018). Integrity of Integrated Navigation Systems. I Jiwu, Jing; Loukas, Lazos & Liu, Peng (Red.), 2018 IEEE Conference on Communications and Network Security (CNS). IEEE (Institute of Electrical and Electronics Engineers). ISSN 978-1-5386-4586-4. doi: 10.1109/CNS.2018.8433151. Fulltekst i vitenarkiv
• Hareide, Odd Sveinung; Jøsok, Øyvind; Lund, Mass Soldal; Ostnes, Runar & Helkala, Kirsi Marjaana (2018). Enhancing Navigator Competence by Demonstrating Maritime Cyber Security. Journal of navigation. ISSN 0373-4633. 71(5), s. 1025–1039. doi: 10.1017/S0373463318000164. Fulltekst i vitenarkiv
• Helkala, Kirsi Marjaana; Knox, Benjamin James; Jøsok, Øyvind; Knox, Silje & Lund, Mass Soldal (2016). Factors to affect improvement in cyber officer performance. Information and Computer Security. ISSN 2056-4961. 24(2), s. 152–163. doi: 10.1108/ICS-01-2016-0001.
• Helkala, Kirsi Marjaana; Knox, Silje & Lund, Mass Soldal (2015). Effect of Motivation and Physical Fitness on Cyber Tasks. I Furnell, Steve M & Clarke, Nathan (Red.), Proceedings of the Ninth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2015). Center for Security, Communications & Network Research, Plymouth University. ISSN 978-1-84102-388-5. s. 108–119.
• Flåten, Ola & Lund, Mass Soldal (2014). How Good are Attack Trees for Modelling Advanced Cyber Threats? Norsk Informasjonssikkerhetskonferanse (NISK). ISSN 1893-6563.
• Røislien, Hanne Eggen; Lund, Mass Soldal & Knox, Benjamin James (2014). Mapping the "Cyber Warrior": What Skill-Set Does the Cyber Warrior Need? I Liles, Sam (Red.), Proceedings of the 9th International Conference on Cyber Warfare and Security ICCWS-2014. Purdue University, West Lafayette, Indiana, USA. 24-25 March 2014. Academic Conferences International (ACI). ISSN 978-1-909507-05-0. s. 373–376.
• Lund, Mass Soldal; Knox, Benjamin James & Røislien, Hanne Eggen (2014). What do Cyber Soldiers Need to Know? I Liles, Sam (Red.), Proceedings of the 9th International Conference on Cyber Warfare and Security ICCWS-2014. Purdue University, West Lafayette, Indiana, USA. 24-25 March 2014. Academic Conferences International (ACI). ISSN 978-1-909507-05-0. s. 371–372.
• Lund, Mass Soldal & Refsdal, Atle (2012). BRIDGE Risk Analyzer: A Collaborative Tool for Enhanced Risk Analysis in Crisis Situations. CEUR Workshop Proceedings. ISSN 1613-0073. 953. Vis sammendrag

  When a crisis occurs, such as a fire in a chemical facility, difficult decisions need to be made based on assessment of risk. Is it safe enough for re-sponders to enter the area? Do we need to evacuate the public from the nearby area? Assessing risks may require information from a number of different sources, as well as collaboration across organizations and management levels. In this paper we present ongoing work to develop a collaborative tool to support risk analysis in crisis situations. The tool will be tightly integrated with a com-plementary tool to make coordinated situation assessments, planning, decision making, information gathering and sharing, thereby providing a unified and in-tegrated crisis management support facility.

• Massacci, Fabio; Bouquet, Fabrice; Fourneret, Elizabeta; Jurjens, Jan; Lund, Mass Soldal & Madelénat, Sébastien [Vis alle 12 forfattere av denne artikkelen] (2011). Orchestrating Security and System Engineering for Evolving Systems. Lecture Notes in Computer Science (LNCS). ISSN 0302-9743. 6994, s. 134–143. doi: 10.1007/978-3-642-24755-2_12. Vis sammendrag

  How to design a security engineering process that can cope with the dynamic evolution of Future Internet scenarios and the rigidity of existing system engineering processes? The SecureChange approach is to orchestrate (as opposed to integrate) security and system engineering concerns by two types of relations between engineering processes: (i) vertical relations between successive security-related processes; and (ii) horizontal relations between mainstream system engineering processes and concurrent security-related processes. This approach can be extended to cover the complete system/ software lifecycle, from early security requirement elicitation to runtime configuration and monitoring, via high-level architecting, detailed design, development, integration and design-time testing. In this paper we illustrate the high-level scientific principles of the approach.

• Lund, Mass Soldal; Solhaug, Bjørnar & Stølen, Ketil (2011). Risk Analysis of Changing and Evolving Systems Using CORAS. Lecture Notes in Computer Science (LNCS). ISSN 0302-9743. 6858, s. 231–274. doi: 10.1007/978-3-642-23082-0_9. Vis sammendrag

  Risk analysis is the identification and documentation of risks with respect to an organisation or a target system. Established risk analysis methods and guidelines typically focus on a particular system configuration at a particular point in time. The resulting risk picture is then valid only at that point in time and under the assumptions made when it was derived. However, systems and their environments tend to change and evolve over time. In order to appropriately handle change, risk analysis must be supported with specialised techniques and guidelines for modelling, analysing and reasoning about changing risks. In this paper we introduce general techniques and guidelines for managing risk in changing systems, and then instantiate these in the CORAS approach to model-driven risk analysis. The approach is demonstrated by a practical example based on a case study from the Air Traffic Management (ATM) domain.

• Grøndahl, Ida Hogganvik; Lund, Mass Soldal & Stølen, Ketil (2011). Reducing the effort to comprehend risk models: text labels are often preferred over graphical means. Risk Analysis. ISSN 0272-4332. 31(11), s. 1813–1831. doi: 10.1111/j.1539-6924.2011.01636.x. Vis sammendrag

  Risk analysis involves people with different roles and competences. The validity of the outcome depends on that they are able to communicate; ideally between themselves, but at least with or via a risk analyst. The CORAS risk modeling language has been developed to facilitate communication between stakeholders involved in the various stages of risk analysis. This article reports the results from an empirical investigation among professionals, where the purpose was to investigate how graphical effects (size, color, shape) and text labels introduced in the CORAS risk modeling language affected the understanding. The results indicate that if graphical effects are used to illustrate important information, they should also be accompanied by informative textual labels.

• Ligaarden, Olav Skjelkvåle; Lund, Mass Soldal; Seehusen, Fredrik; Refsdal, Atle & Stølen, Ketil (2011). An Architectural Pattern for Enterprise Level Monitoring Tools. I Lewis, Grace A. (Red.), 2011 International Workshop on the Maintenance and Evolution of Service-Oriented and Cloud-Based Systems (MESOCA 2011). IEEE (Institute of Electrical and Electronics Engineers). ISSN 9781457706455. s. 1–10. doi: 10.1109/mesoca.2011.6049035. Vis sammendrag

  Requirements from laws and regulations, as well as internal business objectives and policies, motivate enterprises to implement advanced monitoring tools. For example, a company may want a dynamic picture of its operational risk level, its performance, or the extent to which it achieves its business objectives. The widespread use of information and communication technology (ICT) supported business processes means there is great potential for enterprise level monitoring tools. In this paper we present an architectural pattern to serve as a basis for building such monitoring tools that collect relevant data from the ICT infrastructure, aggregate this data into useful information, and present this in a way that is understandable to users.

• Lund, Mass Soldal; Solhaug, Bjørnar & Stølen, Ketil (2010). EVOLUTION IN RELATION TO RISK AND TRUST MANAGEMENT. Computer. ISSN 0018-9162. 43(5), s. 49–55.
• Vraalsen, Fredrik; Mahler, Tobias; Lund, Mass Soldal; Hogganvik, Ida; den Braber, Folker & Stølen, Ketil (2007). Assessing Enterprise Risk Level : the CORAS Approach. I Khadraoui, Djamel & Herrmann, Francine (Red.), Advances in Enterprise Information Technology Security. IGI Global. ISSN 978-1-59904-090-5. s. 311–333.
• den Braber, Folker; Hogganvik, Ida; Lund, Mass Soldal; Stølen, Ketil & Vraalsen, Fredrik (2007). Model-based security analysis in seven steps — a guided tour to the CORAS method. BT technology journal. ISSN 1358-3948. 25(1), s. 101–117.
• den, Braber Folker; Lund, Mass Soldal; Stølen, Ketil & Vraalsen, Fredrik (2007). Integrating security in the development process with UML, Information security and ethics: Concepts, methodologies, tools and applications. Information Science Reference. ISSN 9781599049373.
• den, Braber Folker; Hogganvik, Ida; Lund, Mass Soldal; Stølen, Ketil & Vraalsen, Fredrik (2007). Model-based security analysis in seven steps – a guided tour to the CORAS method. BT technology journal. ISSN 1358-3948. 25(1), s. 101–117. Vis sammendrag

  This paper presents the CORAS method for model-based security analysis. The presentation is case-driven. We follow two analysts in their interaction with an organisation by which they have been hired to carry out a security risk analysis. The analysis is divided into seven main steps, and the paper devotes a separate section to each of them. The paper focuses in particular on the use of the CORAS security risk modelling language as a means for communication and interaction during the seven steps.

• Lund, Mass Soldal & Stølen, Ketil (2006). Deriving tests from UML 2.0 sequence diagrams with neg and assert. I Anderson, Kenneth M. (Red.), Proceedings of the 28th International Conference on Software Engineering & Co-Located Workshops. ACM Publications. ISSN 1-59593-085-X.
• Rossebø, Judith Ellen Yarranton; Lund, Mass Soldal; Husa, Knut Eilif & Refsdal, Atle (2006). A conceptual model for service availability. I Gollmann, Dieter (Red.), Quality Of Protection - Security Measurements and Metrics. Springer Publishing Company. ISSN 0-387-29016-8. s. 107–118.
• Rossebø, Judith; Lund, Mass Soldal; Refsdal, Atle & Husa, Knut Eilif (2006). A conceptual model for service availability. Advances in Information Security. ISSN 1568-2633. 23, s. 107–118.
• Lund, Mass Soldal & Stølen, Ketil (2006). A fully general operational semantics for UML 2.0 sequence diagrams with potential and mandatory choice. Lecture Notes in Computer Science (LNCS). ISSN 0302-9743. 4085, s. 380–395.
• den Braber, Folker; Lund, Mass Soldal; Stølen, Ketil & Vraalsen, Fredrik (2005). Integrating security in the development process with UML. I Khosrow-Pour, Mehdi (Red.), Encyclopedia of Information Science and Technology. Idea Group. ISSN 9781591405535. s. 1560–1566.
• Vraalsen, Fredrik; den Braber, Folker; Lund, Mass Soldal & Stølen, Ketil (2005). The CORAS tool for security risk analysis. Lecture Notes in Computer Science (LNCS). ISSN 0302-9743. s. 402–405.
• Vraalsen, Fredrik; Lund, Mass Soldal; Mahler, Tobias; Parent, Xavier & Stølen, Ketil (2005). Specifying legal risk scenarios using the CORAS threat modelling language - Experiences and the way forward. Lecture Notes in Computer Science (LNCS). ISSN 0302-9743. 3477.
• Vraalsen, Fredrik; Lund, Mass Soldal; den, Braber Folker & Stølen, Ketil (2005). The CORAS tool for security risk analysis, Trust Management, Third International Conference, iTrust 2005, Proceedings. Springer. ISSN 9783540260424. s. 402–405. Vis sammendrag

  The CORAS Tool for model-based security risk analysis supports documentation and reuse of risk analysis results through integration of different risk analysis and software development techniques and tools. Built-in consistency checking facilitates the maintenance of the results as the target of analysis and risk analysis results evolve.

• Lund, Mass Soldal (2005). Specifying Legal Risk Scenarios Using the CORAS Threat Modelling Language, Trust Management, Third International Conference, iTrust 2005, Proceedings. Springer. ISSN 9783540260424. s. 45–60. Vis sammendrag

  The paper makes two main contributions: (1) It presents experiences from using the CORAS language for security threat modelling to specify legal risk scenarios. These experiences are summarised in the form of requirements to a more expressive language providing specific support for the legal domain. (2) Its second main contribution is to present ideas towards the fulfilment of these requirements. More specifically, it extends the CORAS conceptual model for security risk analysis with legal concepts and associations. Moreover, based on this extended conceptual model, it introduces a number of promising language constructs addressing some of the identified deficiencies.

• den Braber, Folker; Dimitrakos, Theo; Gran, Bjørn Axel; Lund, Mass Soldal; Stølen, Ketil & Aaagedal, Jan Øyvind (2003). The CORAS methodology: Model-based risk assessment using UML and UP. I Favre, Liliana (Red.), UML and the Unified Process. IRM Press. ISSN 1-931777-44-6. s. 332–357.
• Lund, Mass Soldal (2003). Testing decomposition of component specifications based on a rule for formal verification. I Lin, Huimin & Ehrich, Hans-Dieter (Red.), Proceedings of the Third International Conference on Quality Software (QSIC 2003). IEEE (Institute of Electrical and Electronics Engineers). ISSN 0-7695-2015-4. s. 154–160.
• Lund, Mass Soldal; den Braber, Folker & Stølen, Ketil (2003). A component-oriented approach to security risk assessment. I Bruel, Jean-Michel (Red.), Proceedings of the 1st Intenational Workshop of Quality of Service in Component-Based Software Engineering (QoS in CBSE 2003). Cépaduès-Éditions. ISSN 2-85428-617-0. s. 99–110.
• Lund, Mass Soldal; den Braber, Folker & Stølen, Ketil (2003). Maintaining results from security assessments. I Canfora, Gerardo; van den Brand, Mark & Gymóthy, Tibor (Red.), Proceedings of the Seventh European Conference on Software Maintenance and Reengineering (CSMR 2003). IEEE (Institute of Electrical and Electronics Engineers). ISSN 0-7695-1902-4. s. 341–350.
• Stamatiou, Yannis c.; Skipenes, Eva; Henriksen, Eva; Stathiakis, Nikos; Sikianakis, Adamantios & Charalambous, Eliana [Vis alle 12 forfattere av denne artikkelen] (2003). The CORAS approach for model-based risk management applied to a telemedicine service. I Baud, Robert; Fieschi, M; Le Beux, Pierre & Ruch, Patrick (Red.), The new navigators: From professionals to patients. Proceedings of MIE2003. IOS Press. ISSN 978-1-58603-347-7. s. 206–211.
• Stamatiou, Yannis c.; Henriksen, Eva; Lund, Mass Soldal; Mantzouranis, Eva; Psarros, Michalis & Skipenes, Eva [Vis alle 8 forfattere av denne artikkelen] (2002). Experiences from using model-based risk assessment to evaluate the security of a telemedicine application. I Macellari, Velio & Bedini, Remo (Red.), Telemedicine in Care Delivery. Technology and Applications. National Institute of Health. s. 115–119.
• Houmb, Siv-Hilde; den Braber, Folker; Lund, Mass Soldal & Stølen, Ketil (2002). Towards a UML profile for model-based risk assessment. I Jürjens, Jan; Cengarle, Victoria; Fernandez, BE; Rumpe, Bernhard & Sander, R. (Red.), Critical Systems Development with UML (CSDUML 2002). UML 2002 satellite workshop proceedings. Techniche Universität München. s. 79–91.
• Lund, Mass Soldal (2002). Validation of contract decomposition by testing. I Stol, Norvald (Red.), Norsk Informatikkonferanse 2002. Tapir Akademisk Forlag. ISSN 82-91116-45-8. s. 191–202.
• Stølen, Ketil; den Braber, Folker; Dimitrakos, Theo; Fredriksen, Rune; Gran, Bjørn Axel & Houmb, Siv-Hilde [Vis alle 9 forfattere av denne artikkelen] (2002). Model-based risk assessment - the CORAS approach. I Stol, Norvald; Strøm, Torbjørn; Fallmyr, Terje; Haddjerroudit, Sissel; Langmyhr, Dag; Lingjærde, Ole Chr.; Manne, Fredrik; Midtstraum, Roger & Yu, Weihai (Red.), Norsk Informatikkonferanse NIK'2002. Universitetet i Sørøst-Norge/Universitetet i Søraust-Noreg. ISSN 82-91116-45-8. s. 239–249.

Se alle arbeider i Cristin

• Berrefjord, Vivi Ringnes & Lund, Mass Soldal (2024). Cybermakt. En tverrfaglig innføring. Universitetsforlaget. ISBN 978-82-15-05707-1. 361 s.
• Lund, Mass Soldal; Solhaug, Bjørnar & Stølen, Ketil (2011). Model-Driven Risk Analysis. The CORAS Approach. Springer. ISBN 978-3-642-12322-1. 460 s.

Se alle arbeider i Cristin

• Lund, Mass Soldal (2024). Denne russiske basen forsvant fra nettet da hackere slettet 280 servere og 2000 terabyte data fra satellittsenteret. [Internett]. digi.no.
• Lund, Mass Soldal & Aase, Johnny Grøneng (2023). Må bli meir enn ein draum. Offisersbladet. ISSN 0332-7159. s. 19–19.
• Lund, Mass Soldal (2023). How to build a national defense in cyberspace?
• Sætren, Gunhild Birgitte; Lund, Mass Soldal & Vaag, Jonas Rennemo (2023). Developing training for strategic crisis management. A systematic literature review.
• Lund, Mass Soldal (2023). Nasjonal sikkerhet: Disse landene vil hacke Norge: – Misbrukes. [Internett]. TV2.no.
• Lund, Mass Soldal (2023). «Lurer» Putin med dataspillet Counter-Strike. [Internett]. vg.no.
• Seime Siler, Janne & Lund, Mass Soldal (2023). Brennpunkt: Cyberkriger. Episode 2. Farlig spill. [TV]. NRK.
• Lund, Mass Soldal (2023). Autonomy in cyberspace operations – Outlook and challenges. I Radzivilov, Hryhoriy Danylovych; Chevardin, Vladyslav Evgeniyovy; Zaluzhnyi, Oleksiy Viktorovych; Husainov, Pavlo Valetynovych; Yurchenko, Oleg Vasyliovych & Kovalchuk, Lyudmila Vasylivna (Red.), First International Scientific and Practical Conference. Cyberwarfare: Intelligence, defence and offensive security. Kruty Heroes Military Institute of Telecommunications and Information Technologies. s. 14–17.
• Lund, Mass Soldal (2023). Autonomy in cyberspace operations – outlook and challenges.
• Lund, Mass Soldal (2023). Fienden er eit tastetrykk unna. Syn og Segn. ISSN 0039-7717. 129(1), s. 32–39.
• Lund, Mass Soldal (2023). Mobilen kan være en dødsfelle på slagmarken. [Internett]. Forsvarets forum.
• Lund, Mass Soldal (2022). Kuttet i cybermidler: - Høyst beklagelig. [Internett]. dagbladet.no.
• Lund, Mass Soldal (2022). Rapport med krass kritikk av sikkerheten på norsk sokkel. [Internett]. Aftenposten.no.
• Lund, Mass Soldal (2022). Rapport med krass kritikk av sikkerheten på norsk sokkel. [Avis]. Aftenposten.
• Lund, Mass Soldal (2022). Eksperter: - All grunn til å ta det på alvor. [Internett]. TV2.no.
• Lund, Mass Soldal (2022). Mange bedrifter er blitt utsatt for dataangrep den siste uken. [Avis]. Aftenposten.
• Lund, Mass Soldal (2022). Mange bedrifter er blitt utsatt for dataangrep den siste uken. Dataforsker sier det skjer flere angrep enn før. [Internett]. Aftenposten.no.
• Lund, Mass Soldal (2022). Russiske hackere fortsetter: Gjensidige og flere bedrifter er rammet. [Internett]. Aftenposten.no.
• Lund, Mass Soldal (2022). Russiske Anton er oppgitt over nettroll. [Avis]. Finnmarken.
• Lund, Mass Soldal (2022). Anton er oppgitt over nettroll: - Det irriterer meg at folk ikke sier rett ut hva de mener. [Internett]. iFinnmark Pluss.
• Lund, Mass Soldal (2022). Putins motstandere jagget vekk. [Avis]. Tønsberg blad.
• Lund, Mass Soldal (2022). Russiske journalister, bloggere og korrupsjonsjegere er jaget i eksil. [Avis]. Bergens Tidende.
• Lund, Mass Soldal (2022). Russiske journalister, bloggere og korrupsjonsjegere er jaget i eksil. [Avis]. Rogalands avis.
• Lund, Mass Soldal (2022). – Ikke mulig å drive med noen som helst form for uavhengig journalistikk i Russland i dag. [Internett]. Journalisten.
• Lund, Mass Soldal (2022). Russiske journalister, bloggere og korrupsjonsjegere er jaget i eksil. [Internett]. Forsvarets forum.
• Lund, Mass Soldal (2022). Cyberekspert: Slik har Putin feilet. [TV]. VGTV.
• Lund, Mass Soldal (2022). Ekspert: - Har ikke sett de cyberangrepene vi så for oss. [Internett]. VG Nyhetsdøgnet.
• Lund, Mass Soldal (2022). NRK svarer: Spør oss om krigen mellom Russland og Ukraina. [Internett]. Nrk.no.
• Lund, Mass Soldal (2022). NRK svarer: Spør oss om krigen mellom Russland og Ukraina. [Internett]. Nrk.no.
• Lund, Mass Soldal (2022). NRK svarer: Spør oss om krigen mellom Russland og Ukraina. [Internett]. Nrk.no.
• Lund, Mass Soldal (2022). Russland: Har ikke brukt fryktede hackere. [Internett]. dagbladet.no.
• Lund, Mass Soldal (2022). Krigen i Ukraina. Frykt for flere cyberangrep mot Finland og Sverige. [TV]. NRK Nyhter.
• Lund, Mass Soldal (2022). Cybersikkerheit – «Kva kan vi forvente?».
• Lund, Mass Soldal (2022). The Russo-Ukrainian war as an opportunity to study hybrid warfare.
• Lund, Mass Soldal (2022). Sikkerheit i ei usikker tid – Konsekvensar for leiing og praksis i skulen.
• Lund, Mass Soldal (2022). Vettug viten: Cyberkrigen i Ukraina.
• Lund, Mass Soldal (2022). Framtidas krisar og konfliktar: Aktivisme, kriminelle og IT-mobilisering.
• Lund, Mass Soldal (2022). Simulator for cybersikkerheit i digital skipssystem. Skipsrevyen. ISSN 0800-2282. 52(6/7), s. 52–53.
• Lund, Mass Soldal (2022). Cyberåtak som politisk verkemiddel – tilfellet Russland.
• Lund, Mass Soldal (2022). Cyberåtak i Ukraina – forventa og antiklimaks. Dagens næringsliv. ISSN 0803-9372. s. 31–31.
• Lund, Mass Soldal (2021). Motstandsdyktigheit i det maritime cyberdomenet - Velkomen og introduksjon.
• Lund, Mass Soldal (2021). Cybertrusselen og elektronisk krigføring – kva kan vi sjå føre oss i gråsona? Norsk Militært Tidsskrift. ISSN 0029-2028. 191(3), s. 22–29.
• Lund, Mass Soldal (2020). Menneskemaskina. Syn og Segn. ISSN 0039-7717. 126(1), s. 74–81.
• Lund, Mass Soldal & Rognstrand​, Andrea (2019). Hacker-angrep: – Den nye hverdagen. [Internett]. Forsvarets forum.
• Lund, Mass Soldal (2018). CND-konsept for taktiske nettverk. I Jøsok, Øyvind & Knox, Benjamin James (Red.), Ledelse i cyberdomenet. Forsvarets Ingeniørhøgskole. s. 35–47.
• Lund, Mass Soldal (2017). Internetthøgre frå 4chan til Trump. Gnist- Marxistisk tidsskrift. ISSN 2535-3195. 46(4), s. 140–142.
• Hareide, Odd Sveinung; Jøsok, Øyvind & Lund, Mass Soldal (2017). Maritime Cyber Security Demonstrator in Norway.
• Lund, Mass Soldal (2017). Cyber som operasjonsdomene. Norsk Militært Tidsskrift. ISSN 0029-2028. 186(1), s. 28–34.
• Lund, Mass Soldal (2014). How Good are Attack Trees for Modelling Advanced Cyber Threats?
• Lund, Mass Soldal (2014). After Action Review of Cyber Exercises.
• Lund, Mass Soldal (2014). Kan vi lage forsvarbare informasjonssystem?
• Lund, Mass Soldal (2014). What does the cyber warrior need to know?
• Lund, Mass Soldal (2013). Framtidas krig.
• Lund, Mass Soldal (2013). Et verktøy for bedre risikoanalyse i krisesituasjoner.
• Lund, Mass Soldal (2012). It-sikkerheit krev risikoanalyse. ComputerWorld Norge. ISSN 1501-6595. Vis sammendrag

  Kronikk om behovet for risikoanalyse for it-sikkerhet. Også publisert online 26-03.2012

• Lund, Mass Soldal (2012). Hvordan analysere sikkerhet mht. endring.
• Lund, Mass Soldal (2012). Analysing risk in practice. The CORAS approach to model-driven risk analysis.
• Lund, Mass Soldal (2011). Panel discussion at First NESSOS Industry Seminar.
• Lund, Mass Soldal (2011). Bridging the Gap in Model-based V&V Methodology. Vis sammendrag

  In this paper we suggest that one of the big challenges in development of model-based V&V methodology is bridging the gap between the low-level user guides of V&V tools and the high-level text-book descriptions of model-driven development methodologies. As a step towards mitigating this we suggest a structure for V&V methodology with three layers: a bottom level with usage of specific V&V techniques, a middle level with V&V method patterns, and a top level with overall development methodology. Within this structure we suggest that the middle level is often missing in presentations of model-based V&V and in presentations of model-driven development methodologies, and is where the need for development is the greatest.

• Lund, Mass Soldal (2008). Model-based analysis using the Escalator tool.
• Lund, Mass Soldal (2006). Oversikt over metodar og teknikkar for å beskrive truslar.
• Rossebø, Judith Ellen Yarranton; Lund, Mass Soldal; Husa, Knut-Eilif & Refsdal, Atle (2005). A Conceptual Model for Service Availability.
• Lund, Mass Soldal & Vraalsen, Fredrik (2005). Analysing trust, security & legal issues using CORAS.
• den Braber, Folker; Lund, Mass Soldal & Vraalsen, Fredrik (2005). Model-based analysis of security and trust using CORAS.
• Lund, Mass Soldal & Stølen, Ketil (2005). Extendable and modifiable operational semantics for UML 2.0 sequence diagrams.
• Vraalsen, Fredrik; Lund, Mass Soldal; Mahler, Tobias; Parent, Xavier & Stølen, Ketil (2005). Specifying Legal Risk Scenarios Using the CORAS Threat Modeling Language. Experiences and the Way Forward.
• Vraalsen, Fredrik; den Braber, Folker; Lund, Mass Soldal & Stølen, Ketil (2005). The CORAS tool for security risk analysis.
• Lund, Mass Soldal & Stølen, Ketil (2004). Ny standard for sikkerhet. [Avis]. Teknisk Ukeblad.
• den Braber, Folker; Lund, Mass Soldal; Stølen, Ketil & Vraalsen, Fredrik (2004). Reuse of security assessment results under design and maintenance of IT systems.
• Lund, Mass Soldal (2004). Testing applied to analysis of model relations.
• Lund, Mass Soldal (2004). Model-based availability analysis using testing.
• Lund, Mass Soldal (2003). Modellering av trusler og tiltak - en UML profil for sikkerhetsanalyse.
• Lund, Mass Soldal (2003). Testing decomposition of component specifications based on a rule for formal verification.
• Lund, Mass Soldal; den Braber, Folker & Stølen, Ketil (2003). A component-oriented approach to security risk assessment.
• Stamatiou, Yannis c.; Skipenes, Eva; Henriksen, Eva; Stathiakis, Nikos; Sikianakis, Adamantios & Charalambous, Eliana [Vis alle 12 forfattere av denne artikkelen] (2003). The CORAS approach for model-based risk management applied to a telemedicine service.
• Lund, Mass Soldal; den Braber, Folker & Stølen, Ketil (2003). Maintaining results from security assessments.
• Lund, Mass Soldal (2002). Validation of contract decomposition by testing.
• Stølen, Ketil; den Braber, Folker; Fredriksen, Rune; Gran, Bjørn Axel; Houmb, Siv-Hilde & Lund, Mass Soldal [Vis alle 8 forfattere av denne artikkelen] (2002). Model-based risk assessment - the CORAS approach.
• Houmb, Siv-Hilde; den Braber, Folker; Lund, Mass Soldal & Stølen, Ketil (2002). Towards a UML profile for model-based risk assessment.
• Stamatiou, Yannis c.; Henriksen, Eva; Lund, Mass Soldal; Mantzouranis, Eva; Psarros, Michalis & Skipenes, Eva [Vis alle 8 forfattere av denne artikkelen] (2002). Experiences from using model-based risk assessment to evaluate the security of a telemedicine application.
• Lund, Mass Soldal (2001). Modulær testing basert på universelle lover. Elektronikk : tidsskrift for IT og telekom. ISSN 0013-5690. s. 34–36. Vis sammendrag

  I hovedfagsarbeidet mitt viser jeg en ny metode for modulær testing av distribuerte systemer. Metoden er basert på et matematisk prinsipp som kan forstås som en universell lov for systemutvikling. Metoden gjør også bruk av automatisert testing av eksekverbare spesifikasjoner.

• Lund, Mass Soldal (2001). Modulær testing av komponent-aggregater basert på kontraktsorienterte spesifikasjoner.
• Erstad, Erlend; Larsen, Marie Haugli; Lund, Mass Soldal & Ostnes, Runar (2022). Maritime Cyber Simulator Scenario Workshop report. NTNU Open. Fulltekst i vitenarkiv Vis sammendrag

  The 7th of December 2021, the Maritime Cyber Resilience (MarCy) project held a Cyber Simulator Scenario workshop aiming to create a fundament for training to enhance operational maritime cyber resilience. MarCy is a research project collaboration, between the academic partners Norwegian University for Science and Technology (NTNU), Norwegian Defence University College (NDUC), and the industry partners DNV, Norwegian Hull Club (NHC) and Kongsberg Defence & Aerospace (KDA). The scope of the workshop was to invite maritime stakeholders and people in the maritime industry to discuss how and if simulator training should be part of cyber awareness training, and what simulator scenarios can be beneficial to implement in such training. The aim was to develop both operational level scenarios for the crew handling ships, and management level scenarios for the shipowners and maritime stakeholders. In addition to this, the workshop led to fruitful discussion how the maritime industry is dealing and coping with cyber threats, and what could be considered as beneficial for cyber training. Real life incidents and experiences was also shared among the participants. The MarCy project partners and the authors of the report want to express their greatest gratitude for all the participants attending the workshop. The workshop could not have been completed without you. Due to the protection of the privacy for the attendants, no individual level information is given. See more in Section 2. List of the organizations attending the workshop: DNV Island Offshore Kongsberg Aerospace & Defence Norwegian Defence University College Norwegian Hull Club NTNU – COAST project NTNU in Ålesund NTNU in Gjøvik NTNU – SFI-Move project Royal Norwegian Naval Academy The Norwegian Armed Forces Cyber Defence The Norwegian Armed Forces The Norwegian Coast Guard The Norwegian Coastal Administration The Norwegian Society for Sea Rescue

• Mølholm, Atle Johan; Mobech-Hanssen, Bjørn; Martinussen, Svein Erlend; Lund, Mass Soldal; Reutz, Bjørn Anders Hoffstad & Ummaneni, Ravindra Babu [Vis alle 11 forfattere av denne artikkelen] (2021). Teknologiutdanningen på Forsvarets Høgskole. FHS.
• Seehusen, Fredrik; Lund, Mass Soldal & Stølen, Ketil (2009). A Transformational Approach to Facilitate Monitoring of High Level Policies. SINTEF. ISSN 9788214044331. Fulltekst i vitenarkiv Vis sammendrag

  We present a method for specifying high level security policies that can be enforced by runtime monitoring mechanisms. The method has three main steps: (1) the user of our method formalizes a set of policy rules using UML sequence diagrams; (2) the user selects a set of transformation rules from a transformation library, and applies these using a tool to obtain a low level intermediate policy (also expressed in UML sequence diagrams); (3) the tool transforms the intermediate low level policy expressed in UML sequence diagrams into a UML inspired state machine that governs the behavior of a runtime policy enforcement mechanism. We believe that the method is both easy to use and useful since it automates much of the policy formalization process. The method is underpinned by a formal foundation that precisely defines what it means that a system adheres to a policy expressed as a sequence diagram as well as a state machine. The foundation is furthermore used to show that the transformation from sequence diagrams to state machines is adherence preserving under a certain condition. Oppdragsgiver: Norwegian Research Council (NCR); European Commission (EC)

• Lund, Mass Soldal (2008). Operational analysis of sequence diagram specifications. Unipub forlag. ISSN 1501-7710.
• Lund, Mass Soldal & Bogya, Emese Lujza (2008). Evaluation of the 1st DIGIT field trial . SINTEF. ISSN 9788214044171. Fulltekst i vitenarkiv Vis sammendrag

  This report evaluates the 1st DIGIT field trial, a security risk analysis conducted for Santander in the autumn of 2007. The evaluation includes lessons learned from the analysis and an empirical investigation into the use of the CORAS language in the analysis. Oppdragsgiver: NFR

• Lund, Mass Soldal & Stølen, Ketil (2007). A fully general operational semantics for UML sequence diagrams with potential and mandatory choice. Universitetet i Oslo. ISSN 82-7368-285-4.
• Hogganvik, Ida; Lund, Mass Soldal & Stølen, Ketil (2007). Quality Evaluation of the CORAS UmL Profile. SINTEF. ISSN 9788214040685. Fulltekst i vitenarkiv Vis sammendrag

  This report contains an evaluation of the CORAS UML profile and consists og two parts:Modeling a benchmarking test called ""the core security risk scenarios"" using the CORAS UML profileAssessing the quality og the CORAS UML profile using a quality evaluation framework for modeling languages.The results shows that it was possible to model almost all the information in the core security risk scenarios with the CORAS UML profile. However, being able to express the core security risk scenarios is not sufficient. The diagrams are characterized by duplication of information, and information that is spread out over several diagrams which makes it difficult to get an overview.In the quality evaluation the CORAS UML profile has been found to include the main security analyses concepts and modeling perspectives, and therefor have a high domain appropriateness factor. It benefits from being based on a well-known and widely used modeling language for which several tools are available. The quality evaluation shows that the main weakness of the UML profile are related to its graphical symbols and and diagram types.The symbols do not always conforme to best practice within symbol design. Some of the diagrams are more confusing than they are explanatory, and they require a substancial effort from the modeler.   Oppdragsgiver: Norges Forskningsråd

• den Braber, Folker; Lund, Mass Soldal & Stølen, Ketil (2004). Using the CORAS threat modelling language to document threat scenarios for several Microsoft relevant technologies. Technical report STF90 A04057. SINTEF IKT. ISSN 82-1403381-0.
• Lund, Mass Soldal; den Braber, Folker; Stølen, Ketil & Vraalsen, Fredrik (2004). A UML profile for the identification and analysis of security risks during structured brainstorming. Technical report STF40 A03067. SINTEF IKT. ISSN 82-14-03110-9.
• Vraalsen, Fredrik; den Braber, Folker; Hogganvik, Ida; Lund, Mass Soldal & Stølen, Ketil (2004). The CORAS tool-supported methodology for UML-based security analysis. Technical report STF90 A04015. SINTEF IKT. ISSN 82-14-03364-0.
• Lund, Mass Soldal; den Braber, Folker & Vraalsen, Fredrik (2003). COBRA - Component-Based Security Assessment. SINTEF Telecom and Informatics. ISSN 82-14-03100-1.
• den Braber, Folker; Gan, Chingwoei; Lund, Mass Soldal; Seehusen, Fredrik; Stølen, Ketil & Vraalsen, Fredrik (2003). An experience repository supporting security risk analysis. SINTEF Telecom and Informatics. ISSN 82-14-03107-9.
• Lund, Mass Soldal; den Braber, Folker; Stølen, Ketil & Vraalsen, Fredrik (2003). A UML profile for the identification and analysis of security risks during structured brainstorming. SINTEF Telecom and Informatics. ISSN 82-14-03110-9.
• Lund, Mass Soldal; Hogganvik, Ida; Seehusen, Fredrik & Stølen, Ketil (2003). UML profile for security assessment. SINTEF Telecom and Informatics. ISSN 82-14-03109-5.
• Lund, Mass Soldal (2002). Validation of contract decomposition by testing. Universitetet i Oslo.

Se alle arbeider i Cristin