Change search
Refine search result
12 1 - 50 of 59
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1. Baca, Dejan
    et al.
    Boldt, Martin
    Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science and Engineering.
    Carlsson, Bengt
    Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science and Engineering.
    Jacobsson, Andreas
    A Novel Security-Enhanced Agile Software Development Process Applied in an Industrial Setting2015In: Proceedings 10th International Conference on Availability, Reliability and Security ARES 2015, IEEE Computer Society Digital Library, 2015Conference paper (Refereed)
    Abstract [en]

    A security-enhanced agile software development process, SEAP, is introduced in the development of a mobile money transfer system at Ericsson Corp. A specific characteristic of SEAP is that it includes a security group consisting of four different competences, i.e., security manager, security architect, security master and penetration tester. Another significant feature of SEAP is an integrated risk analysis process. In analyzing risks in the development of the mobile money transfer system, a general finding was that SEAP either solves risks that were previously postponed or solves a larger proportion of the risks in a timely manner. The previous software development process, i.e., the baseline process of the comparison outlined in this paper, required 2.7 employee hours spent for every risk identified in the analysis process compared to, on the average, 1.5 hours for the SEAP. The baseline development process left 50% of the risks unattended in the software version being developed, while SEAP reduced that figure to 22%. Furthermore, SEAP increased the proportion of risks that were corrected from 12.5% to 67.1%, i.e., more than a five times increment. This is important, since an early correction may avoid severe attacks in the future. The security competence in SEAP accounts for 5% of the personnel cost in the mobile money transfer system project. As a comparison, the corresponding figure, i.e., for security, was 1% in the previous development process.

  • 2. Baca, Dejan
    et al.
    Carlsson, Bengt
    Agile development with security engineering activities2011Conference paper (Refereed)
    Abstract [en]

    Agile software development has been used by industry to create a more flexible and lean software development process, i.e making it possible to develop software at a faster rate and with more agility during development. There are however concerns that the higher development pace and lack of documentation are creating less secure software. We have therefore looked at three known Security Engineering processes, Microsoft SDL, Cigatel touchpoints and Common Criteria and identified what specific security activities they performed. We then compared these activities with an Agile development process that is used in industry. Developers, from a large telecommunication manufacturer, were interviewed to learn their impressions on using these security activities in an agile development process. We produced a security enhanced Agile development process that we present in this paper. This new Agile process use activities from already established security engineering processes that provide the benefit the developers wanted but did not hinder or obstruct the Agile process in a significant way.

  • 3. Baca, Dejan
    et al.
    Carlsson, Bengt
    Lundberg, Lars
    Evaluating the Cost Reduction of Static Code Analysis for Software Security2008Conference paper (Refereed)
    Abstract [en]

    Automated static code analysis is an efficient technique to increase the quality of software during early development. This paper presents a case study in which mature software with known vul-nerabilities is subjected to a static analysis tool. The value of the tool is estimated based on reported failures from customers. An average of 17% cost savings would have been possible if the static analysis tool was used. The tool also had a 30% success rate in detecting known vulnerabilities and at the same time found 59 new vulnerabilities in the three examined products.

  • 4.
    Baca, Dejan
    et al.
    Blekinge Institute of Technology, School of Computing.
    Carlsson, Bengt
    Blekinge Institute of Technology, School of Computing.
    Petersen, Kai
    Blekinge Institute of Technology, School of Computing.
    Lundberg, Lars
    Blekinge Institute of Technology, School of Computing.
    Improving software security with static automated code analysis in an industry setting2013In: Software, practice & experience, ISSN 0038-0644, E-ISSN 1097-024X, Vol. 43, no 3, p. 259-279Article in journal (Refereed)
    Abstract [en]

    Software security can be improved by identifying and correcting vulnerabilities. In order to reduce the cost of rework, vulnerabilities should be detected as early and efficiently as possible. Static automated code analysis is an approach for early detection. So far, only few empirical studies have been conducted in an industrial context to evaluate static automated code analysis. A case study was conducted to evaluate static code analysis in industry focusing on defect detection capability, deployment, and usage of static automated code analysis with a focus on software security. We identified that the tool was capable of detecting memory related vulnerabilities, but few vulnerabilities of other types. The deployment of the tool played an important role in its success as an early vulnerability detector, but also the developers perception of the tools merit. Classifying the warnings from the tool was harder for the developers than to correct them. The correction of false positives in some cases created new vulnerabilities in previously safe code. With regard to defect detection ability, we conclude that static code analysis is able to identify vulnerabilities in different categories. In terms of deployment, we conclude that the tool should be integrated with bug reporting systems, and developers need to share the responsibility for classifying and reporting warnings. With regard to tool usage by developers, we propose to use multiple persons (at least two) in classifying a warning. The same goes for making the decision of how to act based on the warning.

  • 5. Baca, Dejan
    et al.
    Petersen, Kai
    Carlsson, Bengt
    Lundberg, Lars
    Static Code Analysis to Detect Software Security Vulnerabilities: Does Experience Matter?2009Conference paper (Refereed)
    Abstract [en]

    Code reviews with static analysis tools are today recommended by several security development processes. Developers are expected to use the tools' output to detect the security threats they themselves have introduced in the source code. This approach assumes that all developers can correctly identify a warning from a static analysis tool (SAT) as a security threat that needs to be corrected. We have conducted an industry experiment with a state of the art static analysis tool and real vulnerabilities. We have found that average developers do not correctly identify the security warnings and only developers with specific experiences are better than chance in detecting the security vulnerabilities. Specific SAT experience more than doubled the number of correct answers and a combination of security experience and SAT experience almost tripled the number of correct security answers.

  • 6. Boldt, Martin
    et al.
    Borg, Anton
    Carlsson, Bengt
    On the Simulation of a Software Reputation System2010Conference paper (Refereed)
    Abstract [en]

    Today, there are difficulties finding all malicious programs due to juridical restrictions and deficits concerning the anti-malicious programs. Also, a "grey-zone" of questionable programs exists, hard for different protection programs to handle and almost impossible for a single user to judge. A software reputation system consisting of expert, average and novice users are proposed as a complement to let anti-malware programs or dedicated human experts decide about questionable programs. A simulation of the factors involved is accomplished by varying the user groups involved, modifying each user's individual trust factor, specifying an upper trust factor limit and accounting for previous rating influence. As a proposed result, a balanced, well-informed rating of judged programs appears, i.e. a balance between quickly reaching a well-informed decision and not giving a single voter too much power.

  • 7. Boldt, Martin
    et al.
    Carlsson, Bengt
    Analysing Countermeasures Against Privacy-Invasive Software2006Conference paper (Refereed)
    Abstract [en]

    User privacy is widely affected by the occurrence of privacy-invasive software (PIS) on the Internet. Various forms of countermeasures try to mitigate the negative effects caused by PIS. We use a computer forensic tool to evaluate an anti-spyware tool, with respect to found PIS over a four years period. Within the anti-spyware tool PIS was slowly identified, caused classification problems, and formely classified PIS were sometimes excluded. Background information on both PIS and countermeasure techniques are also presented, followed by discussions on legal disputes between developers of PIS and vendors of countermeasures. © 2006 IEEE.

  • 8. Boldt, Martin
    et al.
    Carlsson, Bengt
    Analysing Privacy-Invasive Software Countermeasures2006Conference paper (Refereed)
  • 9. Boldt, Martin
    et al.
    Carlsson, Bengt
    Confidentiality Aspects within Road User Charging Systems: the Swedish Case2008Conference paper (Refereed)
    Abstract [en]

    In this paper we analyze how a proposed Swedish Road User Charging (RUC) system for differentiated distance based taxation affects the corporate confidentiality of haulers. Each hauler needs to equip all their vehicles with an On-Board Unit (OBU) that continuously send position readings back to a central server, which then is used to calculate the taxation. The fact that the system gather, process, and store information about where the vehicles travel introduce threats to the haulers’ corporate confidentiality, e.g. if the position data leak to competitors. We describe threats to various parts of the RUC system, together with protective measures. In the end of the paper we discuss the impact on corporate confidentiality if such a RUC system is introduced, e.g. how would the leakage of position data affect transports conveying sensitive goods such as medical drugs or consumer electronics.

  • 10. Boldt, Martin
    et al.
    Carlsson, Bengt
    Privacy-Invasive Software and Preventive Mechanisms2007In: Malware: An Introduction / [ed] Jain, Ravi K., ICFAI Press , 2007Chapter in book (Other academic)
  • 11. Boldt, Martin
    et al.
    Carlsson, Bengt
    Privacy-Invasive Software and Preventive Mechanisms2006Conference paper (Refereed)
  • 12. Boldt, Martin
    et al.
    Carlsson, Bengt
    Jacobsson, Andreas
    Exploring Spyware Effects2004Conference paper (Refereed)
    Abstract [en]

    In this paper, we discuss various types of spyware programs, their behaviour, how they typically infect computers, and the propagation of new varieties of spyware programs. In two experiments, we investigate the occurrence and impact of spyware programs found in popular P2P applications. Based on the findings from the empirical investigations, we try to lift the perspective to a more general view on spyware deriving from the theory of (virtual) network effects. In a model, we categorize in what ways spyware might decrease the utility of belonging to a large virtual network. Here, the baseline is that spyware programs intrude systems and networks, but since they profit from user data they also intrude user privacy. In the model, the intrusions are classified as moderate, severe or disastrous. We found that spyware has the potential to overthrow the positive aspects of belonging to a large network, and network owners should therefore be very careful about permitting such programs in applications and on networks.

  • 13. Boldt, Martin
    et al.
    Carlsson, Bengt
    Jacobsson, Andreas
    Exploring Spyware Effects2007In: Spyware: An Insight / [ed] Jain, Ravi K., Hyderabad: ICFAI University Press , 2007, p. 39-58Chapter in book (Other academic)
  • 14. Boldt, Martin
    et al.
    Carlsson, Bengt
    Larsson, Tobias
    Lindén, Niklas
    Preventing Privacy-Invasive Software using Online Reputations2008Conference paper (Refereed)
    Abstract [en]

    Privacy-invasive software, loosely labeled spyware, is an increasingly common problem for today’s computer users, one to which there is no absolute cure. Most of the privacy-invasive software are positioned in a legal gray zone, as the user accepts the malicious behaviour when agreeing to the End User License Agreement. This paper proposes the use of a specialized reputation system to gather and share information regarding software behaviour between community users. A client application helps guide the user at the point of executing software on the local computer, displaying other users’ feedback about the expected behaviour of the software. We discuss important aspects to consider when constructing such a system, and propose possible solutions. Based on the observations made, we implemented a client/server based proof-of-concept tool, which allowed us to demonstrate how such a system would work. We also compare this solution to other, more conventional, protection methods such as anti-virus and anti-spyware software.

  • 15. Boldt, Martin
    et al.
    Carlsson, Bengt
    Martinsson, Roy
    Software Vulnerability Assessment: Version Extraction and Verification2007Conference paper (Refereed)
  • 16.
    Boldt, Martin
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science and Engineering.
    jacobsson, andreas
    Malmö University, SWE.
    Baca, Dejan
    Fidesmo AB, SWE.
    Carlsson, Bengt
    Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science and Engineering.
    Introducing a novel security-enhanced agile software development process2017In: International Journal of Secure Software Engineering, ISSN 1947-3036, E-ISSN 1947-3044, ISSN 1947-3036, Vol. 8, no 2Article in journal (Refereed)
    Abstract [en]

    In this paper, a novel security-enhanced agile software development process, SEAP, is introduced. It has been designed, tested, and implemented at Ericsson AB, specifically in the development of a mobile money transfer system. Two important features of SEAP are 1) that it includes additional security competences, and 2) that it includes the continuous conduction of an integrated risk analysis for identifying potential threats. As a general finding of implementing SEAP in software development, the developers solve a large proportion of the risks in a timely, yet cost-efficient manner. The default agile software development process at Ericsson AB, i.e. where SEAP was not included, required significantly more employee hours spent for every risk identified compared to when integrating SEAP. The default development process left 50.0% of the risks unattended in the software version that was released, while the application of SEAP reduced that figure to 22.5%. Furthermore, SEAP increased the proportion of risks that were corrected from 12.5% to 67.9%, a more than five times increment.

  • 17.
    Boldt, Martin
    et al.
    Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science and Engineering.
    Jacobsson, Andreas
    Carlsson, Bengt
    Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science and Engineering.
    On the risk exposure of smart home automation systems2014In: Proceedings 2014 International Conferenceon Future Internet of Things and Cloud, IEEE Computer Society Digital Library, 2014Conference paper (Refereed)
    Abstract [en]

    A recent study has shown that more than every fourth person in Sweden feels that they have poor knowledge and control over their energy use, and that four out of ten would like to be more aware and to have better control over their consumption [5]. A solution is to provide the householders with feedback on their energy consumption, for instance, through a smart home automation system [10]. Studies have shown that householders can reduce energy consumption with up to 20% when gaining such feedback [5] [10]. Home automation is a prime example of a smart environment built on various types of cyber-physical systems generating volumes of diverse, heterogeneous, complex, and distributed data from a multitude of applications and sensors. Thereby, home automation is also an example of an Internet of Things (IoT) scenario, where a communication network extends the present Internet by including everyday items and sensors [22]. Home automation is attracting more and more attention from commercial actors, such as, energy suppliers, infrastructure providers, and third party software and hardware vendors [8] [10]. Among the non-commercial stake-holders, there are various governmental institutions, municipalities, as well as, end-users.

  • 18. Boldt, Martin
    et al.
    Wieslander, Johan
    Carlsson, Bengt
    Investigating spyware on the internet2003Conference paper (Refereed)
  • 19. Borg, Anton
    et al.
    Boldt, Martin
    Carlsson, Bengt
    Simulating malicious users in a software reputation system2011In: Communications in Computer and Information Science, Springer , 2011, Vol. 186, p. 147-156Conference paper (Refereed)
    Abstract [en]

    Today, computer users have trouble in separating malicious and legitimate software. Traditional countermeasures such as anti-virus tools mainly protect against truly malicious programs, but the situation is complicated due to a "grey-zone" of questionable programs that are difficult to classify. We therefore suggest a software reputation system (SRS) to help computer users in separating legitimate software from its counterparts. In this paper we simulate the usage of a SRS to investigate the effects that malicious users have on the system. Our results show that malicious users will have little impact on the overall system, if kept within 10% of the population. However, a coordinated attack against a selected subset of the applications may distort the reputation of these applications. The results also show that there are ways to detect attack attempts in an early stage. Our conclusion is that a SRS could be used as a decision support system to protect against questionable software.

  • 20. Carlsson, Bengt
    Conflicts in Information Ecosystems2001Doctoral thesis, comprehensive summary (Other academic)
    Abstract [en]

    The main topic of this thesis concerns the study of how conflicting interests of software agents within an information ecosystem may cause cooperative behavior. Since such agents act on the behalf of their human owners, which often act in their own interest, this will sometimes result in malignant acts. Different types of models, often inspired by biological theories such as natural selection, will be used to describe various aspects of such information ecosystems. We begin by adopting a game theoretic approach where a generous and greedy model is introduced. Different agent strategies for iterated games are compared and their ability to cooperate in conflicting games are evaluated in simulation experiments. The conclusion is that games like the chicken game favor more complex and generous strategies whereas in games like the prisoner’s dilemma, the non-generous strategy tit-for-tat often is the most successful. We then use models based on a surplus value concept to explain antagonistic group formations. The focus is on systems that consist of exploiter agents and agents being exploited. A dynamic protection model of access control is proposed, where a chain of attacks and countermeasures concerning the access are measured. This process can be described as an arms race. It is argued that arms race is a major force in the interaction between antagonistic agents within information ecosystems. Examples of this are given in several contexts such as peer-to-peer tools concerning anonymity and non-censorship, using agents for sending or filtering out mass distributed advertisement e-mails, and finally for describing the fight against viruses or spywares.

  • 21. Carlsson, Bengt
    Hot och svek— Säkerhet hos människor och datorer2006Collection (editor) (Other academic)
  • 22. Carlsson, Bengt
    Simulating how to Cooperate in Iterated Chicken Game and Iterated Prisoner's dilemma2001In: Agent Engineering, Series in Machine Perception and Artificial Intelligence / [ed] Liu, Jiming; Tang, Yuan Y; Zhong, Ning; Wang, Patric S P, World Scientific , 2001Chapter in book (Other academic)
  • 23. Carlsson, Bengt
    The Tragedy of the Commons: Arms Race Within Peer-to-Peer Tools2001Conference paper (Refereed)
    Abstract [en]

    The two major concerns about peer-to-peer are anonymity and non-censorship of documents. Music industry has highlighted these questions by forcing Napster to filter out copyright protected MP3 files and taking legal actions against local users by monitoring their stored MP3 files. Our investigation shows that when copyright protected files are filtered out, users stop downloading public music as well. The success of a distributed peer-to-peer system is dependent on both cooperating coalitions and an antagonistic arms race. An individual will benefit from cooperation if it is possible to identify other users and the cost for managing services is negligible. An arms race between antagonistic participants using more and more refined agents is a plausible outcome. Instead of “the tragedy of the common” we are witnessing “the tragedy of arms race within the common”. Arms race does not need to be a tragedy because these new tools developed or actions taken against too selfish agents may improve the peer-to-peer society.

  • 24.
    Carlsson, Bengt
    et al.
    Blekinge Institute of Technology, School of Computing.
    Ayalew, Tigist
    Kidane, Tigist
    Identification and evaluation of security activities in agile projects2013Conference paper (Refereed)
    Abstract [en]

    We compare four high-profile waterfall security-engineering processes (CLASP, Microsoft SDL, Cigital Touchpoints and Common Criteria) with the available preconditions within agile processes. Then, using a survey study, agile security activities are identified and evaluated by practitioners from large companies, e.g. software and telecommunication companies. Those activities are compared and a specific security engineering process is suggested for an agile process setting that can provide high benefit with low integration cost.

  • 25. Carlsson, Bengt
    et al.
    Baca, Dejan
    Software Security Analysis: Execution Phase Audit2005Conference paper (Refereed)
    Abstract [en]

    Code revision of a leading telecom product was performed, combining manual audit and static analysis tools. On average, one exploitable vulnerability was found for every 4000 lines of code. Half of the located threats in the product were buffer overflows followed by race condition, misplaced trust, and poor random generators. Static analysis tools were used to speed up the revision process and to integrate security tests into the overall project process. The discussion analyses the effectiveness of automatic tools for auditing software. Furthermore, the incorporation of the software security analysis into the development process, and the results and costs of the security analysis is discussed. From the initial 42 workdays used for finding all vulnerabilities, approximately 16 days were needed for finding and correcting 91,5 % of the vulnerabilities. So, proportionally small investments improve the program code security by integrating an automatic auditing tool into the ordinary execution of source code revision.

  • 26. Carlsson, Bengt
    et al.
    Boldt, Martin
    Security Analysis of the Swedish Road User Charging System2008Conference paper (Refereed)
    Abstract [en]

    A security analysis based on probabilities, consequences and costs resulted in a priority ranking for physical, logical and human threats for the proposed Swedish road user charging system using a smartcard solution. Countermeasures are described as top prioritized, highly prioritized, average prioritized and low prioritized and compared to operational errors. Logical countermeasures like encryption and local buffering are most cost efficient to implement and different human threats are most difficult to deal with. In the end a security solution based on dynamical safety mechanisms is suggested.

  • 27. Carlsson, Bengt
    et al.
    Davidsson, Paul
    A biological View on Information Ecosystems2001Conference paper (Refereed)
    Abstract [en]

    When comparing information ecosystems to biological ecosystems, it becomes clear that both types of systems seem to support robust solutions that are hard to violate for a single agent. In the analysis of information ecosystems, it is important to take into consideration that agents may have a Machiavellian intelligence, i.e., that they take the self-interest of other agents into consideration. We conclude that in the interaction between antagonistic agents within information systems, arms race is a major force. A positive result of this is a better readiness for innocent agents against the vigilant agents. Some examples are given to show how the modelling of information ecosystems in this way can explain the origin of more robust systems when antagonistic agents are around.

  • 28. Carlsson, Bengt
    et al.
    Davidsson, Paul
    Surplus Values in Information Ecosystems2002In: International Journal of Information Technology and Decision Making, ISSN 0219-6220 , Vol. 1, no 3, p. 559-571Article in journal (Refereed)
    Abstract [en]

    A model of surplus values within information ecosystems is presented. The model is based on the classical definition of surplus value. However, as this definition was developed within a manufacturing industry context, some modifications are necessary to adopt it to the context of information ecosystems, e.g. by taking into account that products are "virtual" rather than physical. Just as in agent-based computational economics, here the economics is modelled as evolving systems of autonomous interacting agents in an evolutionary framework. In this way the resulting model is able to capture more dynamic scenarios. The model is formally specified in terms of price, profit, and group gaining functions and is applied to some examples of societies of selfish agents in antagonistic groups to illustrate its dynamic properties. Moreover, the paper show how the model builds upon labour theory of value and contrasts it to consumer value models.

  • 29. Carlsson, Bengt
    et al.
    Davidsson, Paul
    Jacobsson, Andreas
    Johansson, Stefan J.
    Persson, Jan A.
    Security Aspects on Inter-Organizational Cooperation Using Wrapper Agents2005Conference paper (Refereed)
    Abstract [en]

    The significance of electronic information exchange in interorganizational cooperation is well-known. We will here focus on the particular requirements of SMEs. We describe a general “wrapper agent” solution based on open source freeware that makes it possible (in principle) for any business system to exchange information with any other business system. It has been successfully applied in a pilot study involving two companies in a transport chain using different business systems. We also suggest further improvements by addressing security and privacy issues as well as an extended, possibly dynamic, set of involved companies and higher levels of cooperation.

  • 30. Carlsson, Bengt
    et al.
    Davidsson, Paul
    Jacobsson, Andreas
    Johansson, Stefan J.
    Persson, Jan A.
    Security aspects on inter-organizational cooperation using wrapper agents2009Conference paper (Refereed)
    Abstract [en]

    The significance of electronic information exchange in inter-organizational cooperation is well-known. We will here focus on the particular requirements of SMEs. We describe a general wrapper agent solution based on open source freeware that makes it possible (in principle) for any business system to exchange information with any other business system. It has been successfully applied in a pilot study involving two companies in a transport chain using different business systems. We also suggest further improvements by addressing security issues as well as an extended, possibly dynamic, set of involved companies and higher levels of cooperation.

  • 31. Carlsson, Bengt
    et al.
    Gustavsson, Rune
    Arms Race Within Information Ecosystems2001In: Lecture Notes in Computer Science, ISSN 0302-9743, E-ISSN 1611-3349, Vol. 2182, p. 202-207Article in journal (Refereed)
    Abstract [en]

    Interacting agents of exploiters and users within an information ecosystem may be regarded both as biological beings and as part of an economic system of infohabitants. A protection system can be implemented as a filter governing the access to assets. Typically we will have a chain of attacks and countermeasures concerning this access to the desired assets. We model this process as an arms race. We base our model on a process model of a protection system based on exposure time. A user's reaction against an exploiter measure could either be a direct response to the measure or an attempt to anticipate future attacks by more general means of defeating the protection of the exploiter agent. When anticipating future attacks and countermeasures, both users and exploiters will improve their methods and tools due to an arms race. Our arms race model refines the competition as modeled in computational markets to model aspects which typically arise when societies grow beyond what can be controlled in a centralized manner. A dynamic, evolving and robust ecosystem of autonomous agents is sometimes a preferred and possible outcome of the arms race as a hardening process.

  • 32. Carlsson, Bengt
    et al.
    Gustavsson, Rune
    The rise and fall of Napster-an evolutionary approach2001Conference paper (Refereed)
    Abstract [en]

    The paper addresses dynamics in information ecosystems due to competition between selfish agents to get control of protectable resources. In our case study we investigate the first arms race on Internet triggered by the Napster introduction of an easy to use service for sharing files with music content among users. We set up a model for investigation of possible scenarios emerging from the Napster and Gnutella peer-to-peer tools for information sharing. We also introduce a formal model for analyzing the Napster scenario in the cases of selfish or altruistic users. The prediction provided by our model is in line with what really happened in the Napster case. The model also shows that the outcome was indeed unavoidable if we have selfish users.

  • 33.
    Carlsson, Bengt
    et al.
    Blekinge Institute of Technology, School of Computing.
    Jacobsson, Andreas
    An evolutionary view of collective intelligence2013Conference paper (Refereed)
    Abstract [en]

    Based on the question "How can people and computers be connected so that - collectively - they act more intelligently than any individuals, groups, or computers have ever done before?" we propose an evolutionary approach. From this point of view, there are of course fundamental differences between man and machine. Where one is artificial, the other is natural, and where the computer needs to process, the brain must adapt. We propose the use of culturally inherited units, i.e., memes, for describing collective knowledge storage. Like the genes, memes have the ability to be inherited to the next generation. Genes appear independently of our society while memes are a result of our cultural development. The concept of collective intelligence may involve a new kind of meme, entirely emerging within the intersection between man and machine, i.e., outside the scope of human control. The challenge is to model this behavior without overriding constraints within basic evolutionary vs. machine settings.

  • 34.
    Carlsson, Bengt
    et al.
    Blekinge Institute of Technology, School of Computing.
    Jacobsson, Andreas
    Blekinge Institute of Technology, School of Computing.
    Om säkerhet i digitala ekosystem2012Book (Other academic)
    Abstract [en]

    Vi är på väg mot ett samhälle som styrs av programvarukod och där digitala marknadskrafter tar över allt större delar av våra traditionella verksamhetsområden. Om säkerhet i digitala ekosystem handlar om människorna, tekniken och ekonomin som formar det dynamiska och komplexa, men även stundtals fientliga ekosystem som dagens Internet utgör. Globala trender som webb 2.0, sociala nätverk och datamoln i kombination med dominerande företag som Facebook, Amazon och Google har på kort tid förändrat förutsättningarna för nätets digitala invånare.Samtidigt har det skett en ökning av illvilliga aktiviteter i form av virus och spionprogram, men också genom diverse sociala tekniker. Som en konsekvens har vi ett digitalt ekosystem där såväl goda som mindre goda beteenden skapar dynamik och spänningar, och där mötet mellan artificiella instanser av både människor och företag väcker spännande frågor. Särskilt viktiga spörsmål har med människans behov av säkerhet,privatliv, tillit och trygghet att göra, men också om våra biologiska beteendemönster, kognitiva förutsättningar, ekonomiska affärsmodeller och tekniska upptäckariver. I denna myriad av perspektiv, områden och företeelser tar boken sin utgångspunkt.

  • 35. Carlsson, Bengt
    et al.
    Jacobsson, Andreas
    On Contamination in Information Ecosystems2005Conference paper (Refereed)
    Abstract [en]

    On the Internet, digitally active small and medium sized enterprises (SME) face numerous security risks. When SMEs join networks, business ideas and malicious activities may interfuse. E-mail marketing, remote control and information gathering are replaced by spam, virulent programs and spyware. In this paper, we use the concepts of information ecosystems to describe a security model where, as a background, humans are presumed to act as Machiavellian beings, i.e., behaving selfishly. Based on this notion, we analyse behaviours initiated by network contaminants and their effects to an entire ecosystem. The contribution of this paper is the security model, which permits a comprehensive view on the risk environment in virtual networks (like the digital SME community).

  • 36. Carlsson, Bengt
    et al.
    Jacobsson, Andreas
    Security Consistency in Information Ecosystems: Structuring the Risk Environment on the Internet2006In: Journal of Information System Security, ISSN 1551-0123, E-ISSN 1551-0808, Vol. 2 , no 1, p. 3-26Article in journal (Refereed)
    Abstract [en]

    The concepts of information ecosystems and multi agent systems are used to describe a security consistency model where, as a background, humans are presumed to act as Machiavellian beings, i.e. behaving selfishly. Based on this notion, we analyze behaviors initiated by network contaminants derived from the groupings marketing, espionage and malice, and their effects to an entire ecosystem. The contribution of this paper is a security consistency model, which illustrates a comprehensive and systemic view of the evolutionary risk environment in information networks.

  • 37. Carlsson, Bengt
    et al.
    Johansson, Stefan J.
    An Iterated Hawk-and-Dove Game1997Conference paper (Refereed)
  • 38. Carlsson, Bengt
    et al.
    Johansson, Stefan J.
    Boman, Magnus
    Generous and greedy strategies1999In: Complexity International, ISSN 1320-0682, Vol. 6Article in journal (Refereed)
    Abstract [en]

    We introduce generous, even-matched, and greedy strategies ÊÊas concepts for analyzing games. A two person prisoner's dilemma Êgame is described by the four outcomes (C,D), (C,C), (D,C), and (D,D). In a generous strategy the proportion of (C,D) is larger than that of (D,C), i.e. the probability of facing a defecting agent is larger than the probability of defecting. An even-matched strategy has the (C,D) proportion approximately equal to that of (D,C). A greedy strategy is an inverted generous strategy. The basis of the partition is that it is a zero-sum game given that the sum of the proportions of strategies (C,D) must equal that of (D,C). In a population simulation, we compare the prisoner's dilemma (PD) game with the chicken game Ê(CG), given complete as well as partial knowledge of the rules for moves in the other strategies. In a traffic intersection example, we expected a co-operating generous strategy to be successful when the cost for collision was high in addition to the presence of uncertainty. The simulation indeed showed that a generous strategy was successful in the CG part, in which agents faced uncertainty about the outcome. If the resulting zero-sum game is changed from a PD game to a CG, or if the noise level is increased, it will favor generous strategies rather than an even-matched or greedy strategies.

  • 39. Carlsson, Bengt
    et al.
    Jönsson, Ingemar
    Differences between the iterated Prisoner´s dilemma and the Chicken game under noisy conditions.2002Conference paper (Refereed)
    Abstract [en]

    The prisoner's dilemma has evolved into a standard game for analyzing the success of cooperative strategies in repeated games. With the aim of investigating the behavior of strategies in some alternative games we analyzed the outcome of iterated games for both the prisoner's dilemma and the chicken game. In the chicken game, mutual defection is punished more strongly than in the prisoner's dilemma, and yields the lowest fitness. We also ran our analyses under different levels of noise. The results reveal a striking difference in the outcome between the games. Iterated chicken game needed more generations to find a winning strategy. It also favored nice, forgiving strategies able to forgive a defection from an opponent. In particular the well-known strategy tit-for-tat has a poor successrate under noisy conditions. The chicken game conditions may be relatively common in other sciences, and therefore we suggest that this game should receive more interest as a cooperative game from researchers within computer science.

  • 40. Carlsson, Bengt
    et al.
    Jönsson, Ingemar
    The success of cooperative strategies in the iterated prisoner's dilemma and the chicken game2007In: Scalable Computing: Practice and Experience, ISSN 1895-1767, E-ISSN 1895-1767, Vol. 8, no 1, p. 87-100Article in journal (Refereed)
  • 41. Carlsson, Bengt
    et al.
    Jönsson, Ingemar
    Clark, Keith
    Describing Cryptobiosis as a Time Based Protection System Using Petri Nets2008Conference paper (Refereed)
    Abstract [en]

    Cryptobiosis represents the state of a living organism when it shows no visible signs of metabolic life, but maintains a capacity to return to an active, metabolic state. This peculiar state, although known from a wide variety of organisms, has received little attention from a theoretically biological perspective. A description based on a Petri net setting and a time based security model is proposed. In order to protect against a prolonged exposure time, the pathways for chemical reactions involved must fulfil their actions during a limited detection and response time to fulfil the protected state of entering/leaving cryptobiosis.

  • 42. Carlsson, Bengt
    et al.
    Jönsson, Ingemar
    Clark, Keith
    Describing Cryptobiosis as a Time Based Protection System using Petri Nets2008Conference paper (Refereed)
    Abstract [en]

    Cryptobiosis represents the state of a living organism when it shows no visible signs of metabolic life, but maintains a capacity to return to an active, metabolic state. This peculiar state, although known from a wide variety of organisms, has received little attention from a theoretically biological perspective. A description based on a Petri net setting and a time based security model is proposed. In order to protect against a prolonged exposure time, the pathways for chemical reactions involved must fulfil their actions during a limited detection and response time to fulfil the protected state of entering/leaving cryptobiosis.

  • 43. Gustavsson, Rune
    et al.
    Akkermans, Hans
    Hägg, Staffan
    Ygge, Fredrik
    Kozbe, Barcin
    Lundberg, Christer
    Carlsson, Bengt
    Societies of Computation (SoC). A Framework for Open Distributed systems-phase II:1995-981995Report (Other academic)
    Abstract [en]

    The research program Societies of Computation (SoC) at the IDE department of HK/R has been in operation since more than one year [ 11, [2]. The SoC framework takes a Multi Agent System (MAS) approach when addressing issues in open distributed computing. The results so far are very promising and will shortly be outlined below. Assessment of those results combined by results and ideas from the international research society as well as needs from enterprises are background material for our next phase. The goals and expected results from this phase is briefly discussed in following sections. The research group, performing activities in the SoC framework, has been formed during the first phase of the project, and has at present the following active members: Rune Gustavsson, professor and principal investigator, Hans Akkermans, professor at Twente University and guest researcher, Eric Astor, Ph.D., University of Lund, Olle Lindeberg, Ph.L., HK/R, Staffan Hagg, Ph.L., HK/R, Fredrik Ygge, MSc., HK/R and Sydkraft, Barcin Kozbe, M.Sc., Ericsson Infocom Christer Lundberg, M.Sc, University College of Kalmar, Bengt Carlsson, M.Sc., University of Lund Occasionally also other researchers at IDE are involved in shorter R&D activities conducted under the SoC umbrella. Applications developed in SoC have also been sources for several projects performed by undergra-duate students, during the fiscal year of 1994-95 about 12 person years, from several undergraduate programs. Those activities of the SoC program have mainly been performed within the center SIKT. SIKT, Society Information and Knowledge Technologies, is a recently formed center at HK/R. The key industrial partner up to this point has been Sydkraft AB. The project Intelligent Distribution Automation (IDA) at Sydkraft has been a valuable partner for developing applications and assessing results. Ronneby Energi AB (REAB) and Affarsverken i Karlskrona AB are also actively supporting our R&D. The project Communication and Distributed Computing for Efficient Management of Energy Systems, supported by governmental agencies, has been instrumental for introducing and assessing MAS technologies in the Swedish research society as well as to Swedish industry.

  • 44.
    Jacobsson, Andreas
    et al.
    Malmo Univ, Dept Comp Sci, S-20505 Malmo, Sweden..
    Boldt, Martin
    Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science and Engineering.
    Carlsson, Bengt
    Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science and Engineering.
    A risk analysis of a smart home automation system2016In: Future generations computer systems, ISSN 0167-739X, E-ISSN 1872-7115, Vol. 56, p. 719-733Article in journal (Refereed)
    Abstract [en]

    Enforcing security in Internet of Things environments has been identified as one of the top barriers for realizing the vision of smart, energy-efficient homes and buildings. In this context, understanding the risks related to the use and potential misuse of information about homes, partners, and end-users, as well as, forming methods for integrating security-enhancing measures in the design is not straightforward and thus requires substantial investigation. A risk analysis applied on a smart home automation system developed in a research project involving leading industrial actors has been conducted. Out of 32 examined risks, 9 were classified as low and 4 as high, i.e., most of the identified risks were deemed as moderate. The risks classified as high were either related to the human factor or to the software components of the system. The results indicate that with the implementation of standard security features, new, as well as, current risks can be minimized to acceptable levels albeit that the most serious risks, i.e., those derived from the human factor, need more careful consideration, as they are inherently complex to handle. A discussion of the implications of the risk analysis results points to the need for a more general model of security and privacy included in the design phase of smart homes. With such a model of security and privacy in design in place, it will contribute to enforcing system security and enhancing user privacy in smart homes, and thus helping to further realize the potential in such loT environments. (C) 2015 Elsevier B.V. All rights reserved.

  • 45. Jacobsson, Andreas
    et al.
    Boldt, Martin
    Carlsson, Bengt
    Privacy-Invasive Software in Filesharing2004Conference paper (Refereed)
    Abstract [en]

    Personal privacy is affected by the occurrence of adware and spyware in peer-topeer tools. In an experiment, we investigated five file-sharing tools and found that they all contained ad-/spyware programs, and, that these hidden components communicated with several servers on the Internet. Although there was no exchange of files by way of the file-sharing tools, they generated a significant amount of network traffic. Amongst the retrieved ad-/spyware components that communicated with the Internet, we discovered that privacy-invasive information such as, e.g., user data and Internet browsing history was transmitted. In effect, ad-/spyware activity in file-sharing tools creates serious problems not only to user privacy and security, but also to network and system performance. The increasing presence of hidden and bundled ad /spyware programs are therefore not beneficial for the development of a secure and stable use of the Internet.

  • 46. Jacobsson, Andreas
    et al.
    Carlsson, Bengt
    Privacy and Spam: Empirical Studies of Unsolicited Commercial e-Mail2003Conference paper (Refereed)
  • 47. Jacobsson, Andreas
    et al.
    Carlsson, Bengt
    Privacy and unsolicited email2003Conference paper (Refereed)
  • 48. Johansson, Stefan J.
    et al.
    Carlsson, Bengt
    Boman, Magnus
    Modelling strategies as generous and greedy in prisoners dilemma like games1999In: Simulated Evolution and Learning / [ed] McKay, B.; Yao, X.; Newton, C.S.; Kim, J.H.; Furuhashi, T., Springer Verlag , 1999Chapter in book (Other academic)
  • 49. Johansson, Stefan J.
    et al.
    Davidsson, Paul
    Carlsson, Bengt
    Coordination models for dynamic resource allocation2000Conference paper (Refereed)
    Abstract [en]

    A number of different coordination models for dynamic resource allocation are proposed, The models are based on an asynchronous and distributed approach which makes use of mobile agents to distribute the resources of the providers between the consumers. Each provider has a broker, i.e., the mobile agent, that continually visits all or a subset of the consumers, offering the resources currently available at the corresponding provider. The models are increasingly complex, starting with a rather simple static mechanism, and ending with a sophisticated solution that balance the allocations both from the consumer and the provider perspective. Finally, an evaluation of the models in a realistic Intelligent Network domain is presented.

  • 50. Jösang, Audun
    et al.
    Carlsson, BengtBlekinge Tekniska Högskola [bth.se], School of Computing.
    Secure IT systems2012Collection (editor) (Other academic)
12 1 - 50 of 59
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf