Lillian Røstad

Associate Professor - Digital Infrastructures and Security

Norwegian version of this page

Email lilliaro@ifi.uio.no

Username

Visiting address Gaustadalléen 23B Ole-Johan Dahls hus 0373 OSLO

Postal address Postboks 1080 Blindern 0316 OSLO

Download business card

Publications

Scientific articles and bookchapters
Other

Jaatun, Martin Gilje; Cruzes, Daniela Soares; Bernsmed, Karin; Tøndel, Inger Anne & Røstad, Lillian (2015). Software Security Maturity in Public Organisations. Lecture Notes in Computer Science. ISSN 0302-9743. 9290, s 120- 138 . doi: 10.1007/978-3-319-23318-5_7 Show summary
Software security is about building software that will be secure even when it is attacked. This paper presents results from a survey evaluating software security practices in software development lifecycles in 20 public organisations in Norway using the practices and activities of the Building Security In Maturity Model (BSIMM). The findings suggest that public organisations in Norway excel at Compliance and Policy activities when developing their own code, but that there is a large potential for improvement with respect to Metrics, Penetration testing, and Training of developers in secure software development.
Balon-Perin, Alexandre; Gambäck, Björn & Røstad, Lillian (2012). Intrusion Detection Using Ensembles, In Herwig Mannaert (ed.), Seventh International Conference on Software Engineering Advances 2012 (ICSEA 2012). Xpert Publishing Services. ISBN 9781622765843. article. s 656 - 663
Røstad, Lillian & Alsos, Ole Andreas (2009). Patient-Administered Access Control: a Usability Study, In Takizawa Makoto (ed.), Proceedings of the The Forth International Conference on Availability, Reliability and Security, ARES 2009. IEEE. ISBN 9780769535647. SecUSAB 2009 - Session 2. s 877 - 882
Røstad, Lillian & Nerbråten, Øyvind (2009). hAcmeGame: A Tool for Teaching Software Security, In Takizawa Makoto (ed.), Proceedings of the The Forth International Conference on Availability, Reliability and Security, ARES 2009. IEEE. ISBN 9780769535647. SecSE 2009 - Education and Other Vulnerabilities. s 811 - 817
Røstad, Lillian; Meland, Per Håkon; Tøndel, Inger Anne & Øie, Gunnar Rene (2008). Learning by Failing (and Fixing). IEEE Security and Privacy. ISSN 1540-7993. 6(4), s 54- 56 Show summary
Vulnerable software is one of the main challenges the IT industry faces today. According to Symantec's Internet Security Threat Report,1 of the 2,461 security vulnerabilities discovered in the first half of 2007, more than 60 percent related to Web applications. To build better and more secure applications, developers need security knowledge. Until very recently, hardly any universities focused on teaching students how to build secure software—and many still don't. It's possible for a student to complete an education as a software engineer without learning anything about how to build secure systems. At the Norwegian University of Science and Technology, we've offered a course on software security for two years now (fall 2006 and 2007). We developed this popular course in close cooperation with SINTEF, a Norwegian research foundation closely tied to the university. In both years, we had more than 60 students, which is rather high for an elective class. Approximately 150 to 200 students are eligible to take the class, and they can choose from 15 to 20 different classes. Here, we present our experiences in teaching the course. Because software security is a relatively new course topic, there isn't much previous experience to review when developing such a curriculum. So, we focus on our class exercises, which have been crucial to the course. We hope our experiences provide valuable input to others and start an ongoing discussion on how best to teach software security.
Røstad, Lillian (2008). An Initial Model and a Discussion of Access Control in Patient Controlled Health Records, In Bob Werner (ed.), Proceedings of the The Third International Conference on Availability, Reliability and Security, ARES 2008. IEEE. ISBN 0769531024. WPA. s 935 - 942
Røstad, Lillian & Nytrø, Øystein (2008). Personalized Access Control for a Personally Controlled Health Record, In Trent Jaeger (ed.), Proceedings of the 2nd ACM workshop on Computer security architectures. Association for Computing Machinery (ACM). ISBN 978-1-60558-300-6. SESSION: Trust and privacy. s 9 - 16 Show summary
Access control is a key feature of healthcare systems. Up un- til recently most healthcare information systems have been local to a healthcare facility and accessible only to clinicians. Currently there is a move towards making health informa- tion more accessible to patients. One example is the Person- ally Controlled Health Record (PCHR) where the patient is in charge of deciding who gets access to the information. In the PCHR the patient is the administrator of access control. While it certainly is possible to create roles representing peo- ple most patients would want to share with, like primary physician, it is also likely, and desirable, to afford the pa- tients a high level of control and freedom to be able to create specialized access policies tailored to their personal wishes. We entitle this personalized access control. In this paper we present a semi-formal model for how we believe personal- ized access control may be realized. The model draws on and combines properties and concepts of both Role-Based Access Control (RBAC) and Discretionary Access Control (DAC) to achieve the desired properties. Throughout the paper we use the PCHR as a motivating example and to explain our reasoning and practical use of the model.
Røstad, Lillian & Nytrø, Øystein (2008). Towards Dynamic Access Control for Healthcare Information Systems, In Stig Kjær Andersen; Gunnar O. Klein; Stefan Schulz; Jos Aarts & M. Cristina Mazzoleni (ed.), eHealth Beyond the Horizon – Get IT There - Proceedings of MIE2008 – The XXIst International Congress of the European Federation for Medical Informatics. IOS Press. ISBN 978-1-58603-864-9. 9. Privacy and Security. s 703 - 708
Røstad, Lillian; Meland, Per Håkon; Tøndel, Inger Anne & Nytrø, Øystein (2007). Access Control and Integration of Health Care Systems: An Experience Report and Future Challenges, In Nguyen Man Tho (ed.), Proceedings from the Second International Conference on Availability, Reliability and Security (ARES 2007). IEEE. ISBN 0-7695-2775-2. DAWAM.
Røstad, Lillian (2006). An extended misuse case notation: Including vulnerabilities and the insider threat, In Sawyer Peter (ed.), Proceedings of The Twelfth Working Conference on Requirements Engineering: Foundation for Software Quality. Essener Informatik Beitrage. ISBN 3-922602-26-6. Session 1 "Quality requirements". Show summary
Misuse cases are a useful technique for eliciting and modelling security requirements and threats. In addition they may be very useful in a risk analysis process, particularly as part of the system development process. The original misuse case notation adds inverted use cases to model threats and inverted actors to represent attackers. However, an attack is usually performed by exploiting a vulnerability in a system and it would be useful to be able to represent vulnerable functions in a model. In addition, it should be possible to discern between insiders and outside attackers in a model, as they have very different abilities and potential for attacking a system. This paper therefore proposes an extended misuse case notation that includes the ability to represent vulnerabilities and the insider threat, and discusses the use of this extended notation in the system development and risk analysis processes.
Røstad, Lillian & Edsberg, Ole (2006). A Study of Access Control Requirements for Healthcare Systems Based on Audit Trails from Access Logs, In Bob Werner (ed.), Proceedings of the 22nd Annual Computer Security Applications Conference. IEEE. ISBN 0-7695-2716-7. Session: Security in Systems. s 175 - 183 Show summary
In healthcare, role-based access control systems are often extended with exception mechanisms to ensure access to needed information even when the needs don't follow the expected patterns. Exception mechanisms increase the threats to patient privacy, and therefore their use should be limited and subject to auditing. We have studied access logs from a hospital EPR system with extensive use of exception-based access control. We found that the uses of the exception mechanisms were too frequent and widespread to be considered exceptions. The huge size of the log and the use of predefined or uninformative reasons for access make it infeasible to audit the log for misuse. The informative reasons that were given provided starting points for requirements on how the usage needs should be accomplished without exception-based access. With more structured and fine-grained logging, analysis of access logs could be a very useful tool for learning how to reduce the need for exception-based access.
Stav, Erlend; Walderhaug, Ståle; Tomassen, Stein Løkke; Røstad, Lillian & Moe, Nils Brede (2006). MAFIIA - an Architectural Description Framework: Experience from the Health Care Domain, In D Konstantas; J.-P. Bourrières; M. Léonard & N. Boudjlida (ed.), Interoperability of Enterprise Software and Applications. Springer Publishing Company. ISBN 1-84628-151-2. None. s 43 - 54 Show summary
Healthcare information systems are characterized by having many stakeholders, roles, complex and diverse information systems, high degree of formalized working practices and an intense focus on quality concerns like interoperability, security and reliability. There is an emerging need for a structured architectural tool for supporting system developers and architects working with this kind of critical infrastructure. This paper presents MAFIIA - an architectural descrip-tion framework specialized for the health care domain. The framework has been used in the development of three very different healthcare information systems: a system for individual care plans, a platform for image-guided surgery and a patient evacuation support system. The experience from the case studies shows that the framework is a useful and flexible tool for creating an architectural de-scription, and assists in keeping the focus on selected quality concerns.

View all works in Cristin

Jaatun, Martin Gilje; Scandariato, Riccardo & Røstad, Lillian (2014). Guest Editorial Preface - Special Issue on 7th International Workshop on Secure Software Engineering (SecSE 2013). International Journal of Secure Software Engineering. ISSN 1947-3036. 5(2), s iv- vi
Faxvaag, Arild; Røstad, Lillian; Tøndel, Inger Anne; Seim, Andreas Røsland & Toussaint, Pieter Jelle (2009). Visualizing patient trajectories on wall-mounted boards — information security challenges. Show summary
Since operating room departments are among the costliest resources at a hospital, much attention is devoted to maximize their utilization. Operating room activities are however notoriously hard to plan in advance. This has to do with the unpredictable, problem-solving nature of the work and that the work is carried out by a multidisciplinary team of health personnel, members of which also have commitments outside the operating room department. We assume that operating room teams have the capacity to coordinate themselves and that coordination might be facilitated by visualizing relevant information on wall-mounted boards. To characterize clinical situations that require coordination and re-planning of the teams’ work, we have developed a realistic scenario. We analyse and discuss the information security challenges that follow from displaying information on the whereabouts of other teams, actors and patients on wall-mounted boards in the operating rooms. Information security threats could be mitigated by de-identification techniques. Information demands could thereby be met without sacrificing the privacy of those whose information is displayed.
Røstad, Lillian (2009). Access Control in Healthcare Information Systems. Doktoravhandlinger ved NTNU. 24.
Røstad, Lillian (2005). Access Control in Healthcare Applications.
Røstad, Lillian (2004). Access Control for Distributed Health Care Applications.
Røstad, Lilian; Nytrø, Øystein; Moe, Nils Brede & Stav, Erlend (2003). Sikkerhetsarkitektur for PlanBasert Samarbeidsjournal SPBS v.1. SINTEF Rapport. SIF40 A03033. Show summary
Denne rapporten beskriver første versjon av en arkitektur for et informasjonssystem som støtter samhandling om individuelle planer. Arkitekturen er et resultat av prosjektet �Planbasert samarbeidsjournal for helhetlige individuelle psykiatriplaner � delprosjekt teknologiutvikling� som er finansiert av Norges forskningsråd, program for IKT i medisin og helsetjeneste. Arkitekturbeskrivelsen er laget ved hjelp av metoderammeverket MAFIIA/H. Hovedfokus i denne versjonen av arkitekturen har vært å beskrive systemets omgivelser, krav og de overordnede komponentene som skal være med. Arbeidet har vært fokusert på å identifisere aktuelle brukere av systemet, og hvilke funksjoner og informasjon de skal ha tilgang til. Det er mange instanser som skal delta i samhandling om individuell plan, derfor er en av hovedutfordringene å sørge for at brukere av systemet til enhver tid kun har tilgang til den informasjon de har rett til, og behov for å se. Sikkerhet er derfor viktig. Med sikkerhet mener vi informasjonssikkerhet, og fokus er først og fremst på tilgangsstyring. Tilgangsstyring betyr at brukere av systemet kun har tilgang til det de har rett til å se, i kraft av den rolle de til enhver tid innehar i forhold til den aktuelle planen

View all works in Cristin

Published June 12, 2019 2:56 PM - Last modified June 12, 2019 2:56 PM

Research groups

DIAS: Digital Security (SEC)

Lillian Røstad

Publications

Research groups

Visiting address

Mail address

Phone, fax, e-mail