Change search
Link to record
Permanent link

Direct link
BETA
Carlsson, Bengt
Publications (10 of 59) Show all publications
Boldt, M., jacobsson, a., Baca, D. & Carlsson, B. (2017). Introducing a novel security-enhanced agile software development process. International Journal of Secure Software Engineering, 8(2)
Open this publication in new window or tab >>Introducing a novel security-enhanced agile software development process
2017 (English)In: International Journal of Secure Software Engineering, ISSN 1947-3036, E-ISSN 1947-3044, ISSN 1947-3036, Vol. 8, no 2Article in journal (Refereed) Accepted
Abstract [en]

In this paper, a novel security-enhanced agile software development process, SEAP, is introduced. It has been designed, tested, and implemented at Ericsson AB, specifically in the development of a mobile money transfer system. Two important features of SEAP are 1) that it includes additional security competences, and 2) that it includes the continuous conduction of an integrated risk analysis for identifying potential threats. As a general finding of implementing SEAP in software development, the developers solve a large proportion of the risks in a timely, yet cost-efficient manner. The default agile software development process at Ericsson AB, i.e. where SEAP was not included, required significantly more employee hours spent for every risk identified compared to when integrating SEAP. The default development process left 50.0% of the risks unattended in the software version that was released, while the application of SEAP reduced that figure to 22.5%. Furthermore, SEAP increased the proportion of risks that were corrected from 12.5% to 67.9%, a more than five times increment.

Keywords
Software development, secure software development, secure agile development, agile method, software security, risk analysis, industrial setting, Ericsson AB
National Category
Software Engineering
Identifiers
urn:nbn:se:bth-15165 (URN)
Available from: 2017-09-20 Created: 2017-09-20 Last updated: 2018-01-13Bibliographically approved
Osekowska, E., Johnson, H. & Carlsson, B. (2017). Maritime vessel traffic modeling in the context of concept drift. In: Transportation Research Procedia: . Paper presented at World Conference on Transport Research - WCTR 2016, Shanghai (pp. 1457-1476). Elsevier, 25
Open this publication in new window or tab >>Maritime vessel traffic modeling in the context of concept drift
2017 (English)In: Transportation Research Procedia, Elsevier, 2017, Vol. 25, p. 1457-1476Conference paper, Published paper (Refereed)
Abstract [en]

Maritime traffic modeling serves the purpose of extracting human-readable information and discovering knowledge in the otherwise illegible mass of traffic data. The goal of this study is to examine the presence and character of fluctuations in maritime traffic patterns. The main objective is to identify such fluctuations and capture them in terms of a concept drift, i.e., unforeseen shifts in statistical properties of the modeled target occurring over time. The empirical study is based on a collection of AIS vessel tracking data, spanning over a year. The scope of the study limits the AIS data area to the Baltic region (9-31°E, 53-66°N), which experiences some of the most dense maritime traffic in the world. The investigations employ a novel maritime traffic modeling method based on the potential fields concept, adapted for this study to facilitate the examination of concept drift. The concept drift is made apparent in course of the statistical and visual analysis of the experimental results. This study shows a number of particular cases, in which the maritime traffic is affected by concept drifts of varying extent and character. The visual representations of the traffic models make shifts in the traffic patterns apparent and comprehensible to human eye. Based on the experimental outcomes, the robustness of the modeling method against concept drift in traffic is discussed and improvements are proposed. The outcomes provide insights into regularly reoccurring drifts and irregularities within the traffic data itself that may serve to further optimize the modeling method, and - in turn - the performance of detection based on it. © 2017 The Authors. Published by Elsevier B. V.

Place, publisher, year, edition, pages
Elsevier, 2017
Series
Transportation Research Procedia
Keywords
anomaly detection, concept drift, maritime traffic, traffic modeling
National Category
Information Systems
Identifiers
urn:nbn:se:bth-14677 (URN)10.1016/j.trpro.2017.05.173 (DOI)
Conference
World Conference on Transport Research - WCTR 2016, Shanghai
Available from: 2017-06-22 Created: 2017-06-22 Last updated: 2018-01-13Bibliographically approved
Jacobsson, A., Boldt, M. & Carlsson, B. (2016). A risk analysis of a smart home automation system. Future generations computer systems, 56, 719-733
Open this publication in new window or tab >>A risk analysis of a smart home automation system
2016 (English)In: Future generations computer systems, ISSN 0167-739X, E-ISSN 1872-7115, Vol. 56, p. 719-733Article in journal (Refereed) Published
Abstract [en]

Enforcing security in Internet of Things environments has been identified as one of the top barriers for realizing the vision of smart, energy-efficient homes and buildings. In this context, understanding the risks related to the use and potential misuse of information about homes, partners, and end-users, as well as, forming methods for integrating security-enhancing measures in the design is not straightforward and thus requires substantial investigation. A risk analysis applied on a smart home automation system developed in a research project involving leading industrial actors has been conducted. Out of 32 examined risks, 9 were classified as low and 4 as high, i.e., most of the identified risks were deemed as moderate. The risks classified as high were either related to the human factor or to the software components of the system. The results indicate that with the implementation of standard security features, new, as well as, current risks can be minimized to acceptable levels albeit that the most serious risks, i.e., those derived from the human factor, need more careful consideration, as they are inherently complex to handle. A discussion of the implications of the risk analysis results points to the need for a more general model of security and privacy included in the design phase of smart homes. With such a model of security and privacy in design in place, it will contribute to enforcing system security and enhancing user privacy in smart homes, and thus helping to further realize the potential in such loT environments. (C) 2015 Elsevier B.V. All rights reserved.

Place, publisher, year, edition, pages
Elsevier, 2016
Keywords
Internet of Things, Smart home automation, Risk analys, Privacy, Security
National Category
Computer Sciences
Identifiers
urn:nbn:se:bth-11661 (URN)10.1016/j.future.2015.09.003 (DOI)000368652500060 ()
Available from: 2016-03-02 Created: 2016-02-29 Last updated: 2018-01-10Bibliographically approved
Baca, D., Boldt, M., Carlsson, B. & Jacobsson, A. (2015). A Novel Security-Enhanced Agile Software Development Process Applied in an Industrial Setting. In: Proceedings 10th International Conference on Availability, Reliability and Security ARES 2015: . Paper presented at 10th International Conference on Availability, Reliability and Security (ARES),Toulouse. IEEE Computer Society Digital Library
Open this publication in new window or tab >>A Novel Security-Enhanced Agile Software Development Process Applied in an Industrial Setting
2015 (English)In: Proceedings 10th International Conference on Availability, Reliability and Security ARES 2015, IEEE Computer Society Digital Library, 2015Conference paper, Published paper (Refereed)
Abstract [en]

A security-enhanced agile software development process, SEAP, is introduced in the development of a mobile money transfer system at Ericsson Corp. A specific characteristic of SEAP is that it includes a security group consisting of four different competences, i.e., security manager, security architect, security master and penetration tester. Another significant feature of SEAP is an integrated risk analysis process. In analyzing risks in the development of the mobile money transfer system, a general finding was that SEAP either solves risks that were previously postponed or solves a larger proportion of the risks in a timely manner. The previous software development process, i.e., the baseline process of the comparison outlined in this paper, required 2.7 employee hours spent for every risk identified in the analysis process compared to, on the average, 1.5 hours for the SEAP. The baseline development process left 50% of the risks unattended in the software version being developed, while SEAP reduced that figure to 22%. Furthermore, SEAP increased the proportion of risks that were corrected from 12.5% to 67.1%, i.e., more than a five times increment. This is important, since an early correction may avoid severe attacks in the future. The security competence in SEAP accounts for 5% of the personnel cost in the mobile money transfer system project. As a comparison, the corresponding figure, i.e., for security, was 1% in the previous development process.

Place, publisher, year, edition, pages
IEEE Computer Society Digital Library, 2015
Keywords
industrial setting, Security, risk analysis, software development, agile method
National Category
Computer Sciences
Identifiers
urn:nbn:se:bth-12947 (URN)10.1109/ARES.2015.45 (DOI)000380572600002 ()978-1-4673-6590-1 (ISBN)
Conference
10th International Conference on Availability, Reliability and Security (ARES),Toulouse
Available from: 2016-08-25 Created: 2016-08-25 Last updated: 2018-01-10Bibliographically approved
Osekowska, E. & Carlsson, B. (2015). Learning Maritime Traffic Rules Using Potential Fields. In: COMPUTATIONAL LOGISTICS (ICCL 2015): . Paper presented at 6th International Conference on Computational Logistics (ICCL), SEP 23-25, 2015, Delft, NETHERLANDS (pp. 298-312).
Open this publication in new window or tab >>Learning Maritime Traffic Rules Using Potential Fields
2015 (English)In: COMPUTATIONAL LOGISTICS (ICCL 2015), 2015, p. 298-312Conference paper, Published paper (Refereed)
Abstract [en]

The Automatic Identification System (AIS) is used to identify and locate active maritime vessels. Datasets of AIS messages recorded over time make it possible to model ship movements and analyze traffic events. Here, the maritime traffic is modeled using a potential fields method, enabling the extraction of traffic patterns and anomaly detection. A software tool named STRAND, implementing the modeling method, displays real-world ship behavior patterns, and is shown to generate traffic rules spontaneously. STRAND aids maritime situational awareness by displaying patterns of common behaviors and highlighting suspicious events, i.e., abstracting informative content from the raw AIS data and presenting it to the user. In this it can support decisions regarding, e.g., itinerary planning, routing, rescue operations, or even legislative traffic regulation. This study in particular focuses on identification and analysis of traffic rules discovered based on the computed traffic models. The case study demonstrates and compares results from three different areas, and corresponding traffic rules identified in course of the result analysis. The ability to capture distinctive, repetitive traffic behaviors in a quantitative, automatized manner may enhance detection and provide additional information about sailing practices.

Series
Lecture Notes in Computer Science, ISSN 0302-9743 ; 9335
Keywords
Anomaly detection, Visualization, Potential fields, Automatic identification system, Traffic modeling
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:bth-11351 (URN)10.1007/978-3-319-24264-4_21 (DOI)000365946400021 ()978-3-319-24264-4; 978-3-319-24263-7 (ISBN)
Conference
6th International Conference on Computational Logistics (ICCL), SEP 23-25, 2015, Delft, NETHERLANDS
Available from: 2016-01-04 Created: 2016-01-04 Last updated: 2018-01-10Bibliographically approved
Osekowska, E., Axelsson, S. & Carlsson, B. (2015). Potential fields in modeling transport over water. Operations Research/Computer Science Interfaces Series, 58, 259-280
Open this publication in new window or tab >>Potential fields in modeling transport over water
2015 (English)In: Operations Research/Computer Science Interfaces Series, ISSN 1387-666X, Vol. 58, p. 259-280Article in journal (Refereed) Published
Abstract [en]

Without an explicit road-like regulation, following the proper sailing routes and practices is still a challenge mostly addressed using seamen’s know-how and experience. This chapter focuses on the problem of modeling ship movements over water with the aim to extract and represent this kind of knowledge. The purpose of the developed modeling method, inspired by the theory of potential fields, is to capture the process of navigation and piloting through the observation of ship behaviors in transport over water on narrow waterways. When successfully modeled, that knowledge can be subsequently used for various purposes. Here, the models of typical ship movements and behaviors are used to provide a visual insight into the actual normal traffic properties (maritime situational awareness) and to warn about potentially dangerous traffic behaviors (anomaly detection). A traffic modeling and anomaly detection prototype system STRAND implements the potential field based method for a collected set of AIS data. A quantitative case study is taken out to evaluate the applicability and performance of the implemented modeling method. The case study focuses on quantifying the detections for varying geographical resolution of the detection process. The potential fields extract and visualize the actual behavior patterns, such as right-hand sailing rule and speed limits, without any prior assumptions or information introduced in advance. The display of patterns of correct (normal) behavior aids the choice of an optimal path, in contrast to the anomaly detection which notifies about possible traffic incidents. A tool visualizing the potential fields may aid traffic surveillance and incident response, help recognize traffic regulation and legislative issues, and facilitate the process of waterways development and maintenance. © Springer International Publishing Switzerland 2015.

National Category
Computer Sciences
Identifiers
urn:nbn:se:bth-10656 (URN)10.1007/978-3-319-16133-4_14 (DOI)2-s2.0-84930617045 (Scopus ID)
Available from: 2015-09-17 Created: 2015-09-15 Last updated: 2018-01-11Bibliographically approved
Osekowska, E., Johnson, H. & Carlsson, B. (2014). Grid size optimization for potential field based maritime anomaly detection. In: Benitez, FG Rossi, R (Ed.), 17TH MEETING OF THE EURO WORKING GROUP ON TRANSPORTATION, EWGT2014: . Paper presented at 17th Meeting of the EURO-Working-Group on Transportation (EWGT), JUL 02-04, 2014, Sevilla, SPAIN (pp. 720-729). ELSEVIER SCIENCE BV
Open this publication in new window or tab >>Grid size optimization for potential field based maritime anomaly detection
2014 (English)In: 17TH MEETING OF THE EURO WORKING GROUP ON TRANSPORTATION, EWGT2014 / [ed] Benitez, FG Rossi, R, ELSEVIER SCIENCE BV , 2014, p. 720-729Conference paper, Published paper (Refereed)
Abstract [en]

This study focuses on improving the potential field based maritime data modeling method, developed to extract traffic patterns and detect anomalies, in a clear, understandable and informative way. The method's novelty lies in employing the concept of a potential field for AIS vessel tracking data abstraction and maritime traffic representation. Unlike the traditional maritime surveillance equipment, such as radar or GPS, the AIS system comprehensively represents the identity and properties of a vessel, as well as its behavior, thus preserving the effects of navigational decisions, based on the skills of experienced seamen. In the developed data modeling process, every vessel generates potential charges, which value represent the vessel's behavior, and drops the charges at locations it passes. Each AIS report is used to assign a potential charge at the reported vessel positions. The method derives three construction elements, which define, firstly, how charges are accumulated, secondly, how a charge decays over time, and thirdly, in what way the potential is distributed around the source charge. The collection of potential fields represents a model of normal behavior, and vessels not conforming to it are marked as anomalous. In the anomaly detection prototype system STRAND, the sensitivity of anomaly detection can be modified by setting a geographical coordinate grid precision to more dense or coarse. The objective of this study is to identify the optimal grid size for two different conditions an open sea and a port area case. A noticeable shift can be observed between the results for the open sea and the port area. The plotted detection rates converge towards an optimal ratio for smaller grid sizes in the port area (60-200 meters), than in the open sea case (300-1000 meters). The effective outcome of the potential filed based anomaly detection is filtering out all vessels behaving normally and presenting a set of anomalies, for a subsequent incident analysis using STRAND as an information visualization tool.

Place, publisher, year, edition, pages
ELSEVIER SCIENCE BV, 2014
Series
Transportation Research Procedia, ISSN 2352-1465 ; 3
Keywords
anomaly detection, maritime traffic, potential field, AIS
National Category
Communication Systems Computer Systems
Identifiers
urn:nbn:se:bth-14579 (URN)10.1016/j.trpro.2014.10.051 (DOI)000377412600077 ()
Conference
17th Meeting of the EURO-Working-Group on Transportation (EWGT), JUL 02-04, 2014, Sevilla, SPAIN
Available from: 2017-06-19 Created: 2017-06-19 Last updated: 2017-06-19Bibliographically approved
Boldt, M., Jacobsson, A. & Carlsson, B. (2014). On the risk exposure of smart home automation systems. In: Proceedings 2014 International Conferenceon Future Internet of Things and Cloud: . Paper presented at IEEE International Conference on Future Internet of Things and Cloud, Barcelona, Spain. IEEE Computer Society Digital Library
Open this publication in new window or tab >>On the risk exposure of smart home automation systems
2014 (English)In: Proceedings 2014 International Conferenceon Future Internet of Things and Cloud, IEEE Computer Society Digital Library, 2014Conference paper, Published paper (Refereed)
Abstract [en]

A recent study has shown that more than every fourth person in Sweden feels that they have poor knowledge and control over their energy use, and that four out of ten would like to be more aware and to have better control over their consumption [5]. A solution is to provide the householders with feedback on their energy consumption, for instance, through a smart home automation system [10]. Studies have shown that householders can reduce energy consumption with up to 20% when gaining such feedback [5] [10]. Home automation is a prime example of a smart environment built on various types of cyber-physical systems generating volumes of diverse, heterogeneous, complex, and distributed data from a multitude of applications and sensors. Thereby, home automation is also an example of an Internet of Things (IoT) scenario, where a communication network extends the present Internet by including everyday items and sensors [22]. Home automation is attracting more and more attention from commercial actors, such as, energy suppliers, infrastructure providers, and third party software and hardware vendors [8] [10]. Among the non-commercial stake-holders, there are various governmental institutions, municipalities, as well as, end-users.

Place, publisher, year, edition, pages
IEEE Computer Society Digital Library, 2014
Keywords
Software, Logic gates, Smart homes, Servers, Risk analysis, Authentication
National Category
Computer Sciences
Identifiers
urn:nbn:se:bth-12950 (URN)10.1109/FiCloud.2014.37 (DOI)000378641000027 ()978-1-4799-4357-9 (ISBN)
Conference
IEEE International Conference on Future Internet of Things and Cloud, Barcelona, Spain
Available from: 2016-08-25 Created: 2016-08-25 Last updated: 2018-01-10Bibliographically approved
Carlsson, B. & Jacobsson, A. (2013). An evolutionary view of collective intelligence. Paper presented at International Conference on Agents and Artificial Intelligence, ICAART. Paper presented at International Conference on Agents and Artificial Intelligence, ICAART. Barcelona: Inst. Syst. Technol. Inf., Control Commun. (INSTICC)
Open this publication in new window or tab >>An evolutionary view of collective intelligence
2013 (English)Conference paper, Published paper (Refereed) Published
Abstract [en]

Based on the question "How can people and computers be connected so that - collectively - they act more intelligently than any individuals, groups, or computers have ever done before?" we propose an evolutionary approach. From this point of view, there are of course fundamental differences between man and machine. Where one is artificial, the other is natural, and where the computer needs to process, the brain must adapt. We propose the use of culturally inherited units, i.e., memes, for describing collective knowledge storage. Like the genes, memes have the ability to be inherited to the next generation. Genes appear independently of our society while memes are a result of our cultural development. The concept of collective intelligence may involve a new kind of meme, entirely emerging within the intersection between man and machine, i.e., outside the scope of human control. The challenge is to model this behavior without overriding constraints within basic evolutionary vs. machine settings.

Place, publisher, year, edition, pages
Barcelona: Inst. Syst. Technol. Inf., Control Commun. (INSTICC), 2013
Keywords
Artificial intelligence, Collective intelligence, Evolution, Meme
National Category
Computer Sciences
Identifiers
urn:nbn:se:bth-6959 (URN)oai:bth.se:forskinfoEFEE5A7A410CA1ACC1257B940044B8A9 (Local ID)978-989856538-9 (ISBN)oai:bth.se:forskinfoEFEE5A7A410CA1ACC1257B940044B8A9 (Archive number)oai:bth.se:forskinfoEFEE5A7A410CA1ACC1257B940044B8A9 (OAI)
Conference
International Conference on Agents and Artificial Intelligence, ICAART
Available from: 2013-06-24 Created: 2013-06-24 Last updated: 2018-01-11Bibliographically approved
Carlsson, B., Ayalew, T. & Kidane, T. (2013). Identification and evaluation of security activities in agile projects. Paper presented at 18th Nordic Conference 2013. Paper presented at 18th Nordic Conference 2013. Ilulissat, Greenland: Springer
Open this publication in new window or tab >>Identification and evaluation of security activities in agile projects
2013 (English)Conference paper, Published paper (Refereed) Published
Abstract [en]

We compare four high-profile waterfall security-engineering processes (CLASP, Microsoft SDL, Cigital Touchpoints and Common Criteria) with the available preconditions within agile processes. Then, using a survey study, agile security activities are identified and evaluated by practitioners from large companies, e.g. software and telecommunication companies. Those activities are compared and a specific security engineering process is suggested for an agile process setting that can provide high benefit with low integration cost.

Place, publisher, year, edition, pages
Ilulissat, Greenland: Springer, 2013
Keywords
Agile Process, Software security, Development Process, Security Engineering
National Category
Software Engineering Computer Sciences
Identifiers
urn:nbn:se:bth-6369 (URN)10.1007/978-3-642-41488-6_10 (DOI)000340414300010 ()oai:bth.se:forskinfoE828352BEEC6197DC1257C36004339A5 (Local ID)978-3-642-41487-9 (ISBN)oai:bth.se:forskinfoE828352BEEC6197DC1257C36004339A5 (Archive number)oai:bth.se:forskinfoE828352BEEC6197DC1257C36004339A5 (OAI)
Conference
18th Nordic Conference 2013
Available from: 2015-05-25 Created: 2013-12-03 Last updated: 2018-01-11Bibliographically approved
Organisations

Search in DiVA

Show all publications