
Asst. Research Director
Bjarte M. Østvold
- Department Applied research in information and communication technology
- Mobile phone +47 976 47 389
- Phone number +47 22 85 26 22
- E-mail bjarte@nr.stage.dekodes.no
Projects
Smart real estate transactions
- Digital security and privacy
- Digital transformation
Privacy Matters
- Information and communication technology
- Digital transformation
Better price assessment of homes
- Digital transformation
Digitization-friendly regulations
- Digital security and privacy
Resilient transport infrastructure (ResiTrans)
Publications
- 97 publications found
Stolpe, Audun; Kristoffersen, Thor O. og Østvold, Bjarte M.. (2026).
Regelverksforenkling med generativ KI: Å kappe hodet av en hydra?
Vis sammendrag
Offentlige virksomheter er i ferd med å ta i bruk generativ kunstig intelligens (KI) for mange ulike oppgaver, blant annet tekstredigering og svar på spørsmål om tekster. For offentlig sektor er regelverk en særlig viktig type tekster, og to sentrale oppgaver knyttet til regelverk, som lover og forskrifter, er utforming og anvendelse av regelverket. Lover og forskrifter følger en bestemt logikk, der teksten er bygget opp av nøstede strukturer av forbud, tillatelser og unntak. For å arbeide med en slik tekst er det nødvendig å forstå hvordan denne strukturen gir den enkelte bestemmelse en semantisk kontekst. Vi studerer i hvilken grad og med hvilken kvalitet generativ KI kan håndtere oppgaver knyttet til forenkling og anvendelser av slikt regelverk. Våre undersøkelser viser at generativ KI per i dag er langt fra å være moden for slike oppgaver.
Fuglerud, Kristin Skeide; Østvold, Bjarte M.; Robertson, Nicholas og Moen, Martin Styrmoe. (2026).
Smart trygghet for eldre: Proof of Concept for proaktiv sensorteknologi i private hjem. Resultater fra et forprosjekt.
Vis sammendrag
Norge står overfor en demografisk endring med en raskt voksende eldre befolkning. Dette øker presset på helse- og omsorgstjenestene. Samtidig ønsker de fleste eldre å bo trygt og selvstendig i eget hjem så lenge som mulig.
Forprosjektet "Smart trygghet for eldre" har tatt utgangspunkt i dette behovet og gjennomført en Proof of Concept (PoC) for en innovativ sensorløsning utviklet av Eldurai AS. Hovedmålet har vært å validere et teknisk konsept som, ved hjelp av sensorer og kunstig intelligens (KI), kan monitorere bevegelsesmønstre og proaktivt avdekke unormale hendelser eller tidlige tegn på forverret helsetilstand. Løsningen er installert og testet i 7 leiligheter hos enslige eldre over 65 år. I samarbeid med Norsk Regnesentral (NR) har prosjektet innhentet brukerinnsikt fra både beboere og pårørende gjennom intervjuer og observasjon. Sentrale forskningsområder er brukeropplevelse, personvern, nytteverdi og balansen mellom trygghet og personlig integritet. Resultatene fra PoC-en, inkludert brukererfaringer, brukskvalitet, nytteopplevelse, aksept, teknisk validering, analyse av bevegelsesmønstre, bidrar til å danne grunnlag for beslutning om videreføring til et hovedprosjekt og en kommersiell løsning
Rummelhoff, Ivar og Østvold, Bjarte M.. (2026).
Regelverk, digitalisering og KI.
NVA
Rapport
Vis sammendrag
Oppsummering av arbeidet i prosjektet «Regelverk,digitalisering og KI» i 2025.
Stolpe, Audun; Kristoffersen, Thor O. og Østvold, Bjarte M.. (2025).
Kunstig intelligens som regelverksredaktør. GoforIT
Rummelhoff, Ivar; Kristoffersen, Thor O. og Østvold, Bjarte M.. (2025).
Reproducible preservation of databases through executable specifications.
Vis sammendrag
We propose a new preservation method for relational data and a corresponding tool. The method involves writing a specification that can later be executed by the tool without user interaction, transforming the input files and databases into an encapsulated package suitable for archiving. Thus, the transformation steps become reproducible, which facilitates automation by reusing the specifications and allows for an iterative process, where for each iteration the specification is extended or adjusted and then executed to check that the result is closer to fulfilling future access requirements.
Løland, Anders; Østvold, Bjarte M.; Stolpe, Audun og Gjuvsland, Elin Ruhlin. (2025).
Digitaliseringsvennlig regelverk: et mål å gjøre regelverk enklere og tydeligere.
Vis sammendrag
Hvordan kan vi balansere teknologiske muligheter med kravene til rettssikkerhet og demokrati? Overgangen fra manuell til automatisert saksbehandling krever klare retningslinjer for utviklere, slik at regelverket blir ivaretatt i digitale løsninger. Seniorforsker Audun Stolpe og assisterende forskningssjef Bjarte Østvold i NR forteller om samarbeidet med Statens vegvesen, det første prosjektet på huset som tar for seg digitaliseringsvennlig regelverk, som også har ført til et løpende nettverk for offentlige etater der erfaringsdeling står på plakaten. En podkastserie av Norsk Regnesentral med Anders Løland i studio, produsent Elin Ruhlin Gjuvsland.
Østvold, Bjarte M.; Rummelhoff, Ivar og Stolpe, Audun. (2025).
Legal knowledge representation and reasoning with generative AI.
NVA
Rapport
Rummelhoff, Ivar; Kristoffersen, Thor O. og Østvold, Bjarte Mayanja. (2024).
Reproducible preservation of databases through executable specifications. Digital Curation Centre
NVA
Vitenskapelig foredrag
Østvold, Bjarte Mayanja. (2024).
Finding privacy-relevant source code. MSR4P&S
NVA
Vitenskapelig foredrag
Tang, Feiyang; Østvold, Bjarte M. og Vinterbo, Staal Amund. (2024).
Analyzing Privacy in Software.
Vis sammendrag
In our increasingly digital world, a pressing concern emerges: How do we secure our privacy as we increasingly depend on software? As we navigate through apps and platforms, the complexities of data privacy become evident. Understanding the intricate flow of personal data, ensuring compliance with evolving global regulations, and developing adaptable tools for diverse software environments are paramount. This Ph.D. thesis delves deep into these challenges, offering insights and solutions that span from the granular details of code to the broader validation of privacy policies. The first challenge is the subtlety of personal data. Legal definitions are often abstract and translating them into technical requirements is no easy task. Identifying what constitutes personal data in a sea of code is a daunting challenge. Secondly, understanding how personal data flows within systems is crucial. With regulations like the General Data Protection Regulation (GDPR) in place, it is crucial to know what kind of processing personal data undergoes for compliance checks. Lastly, different projects have different needs. For developers doing self-analysis, a detailed examination of compiled code can reveal intricate data flows. However, for large industry projects, high-level source code analysis may be more practical for third parties to quickly gauge privacy compliance situations across millions of lines. Investigations into these aspects resulted in the eight papers that are presented in this dissertation. They also led to the following additional contributions: (1) A privacy flow-graph tailored for Java and Android applications; this approach aids in the Data Protection Impact Assessment (DPIA) process. (2) A biometric data identification approach developed to pinpoint biometric API usage within Java and Android applications; this method ensures alignment with the GDPR. (3) An automatic comparison approach that addresses the collection of user interaction data in mobile apps by comparing an app’s privacy policy claims with its actual code implementation. (4) An automated code review assistant that offers a method to identify and categorize relevant code segments in source code, thus reducing the manual review effort. The contributions offer guidance for developers and legal experts, connecting the detailed aspects of software development with the clear rules of privacy regulations. These contributions can pave the way for a clearer, more streamlined, and compliant online environment, ensuring that as we use digital platforms, our privacy is always protected.
Tang, Feiyang og Østvold, Bjarte Mayanja. (2024).
User Interaction Data in Apps: Comparing Policy Claims to Implementations.
Vis sammendrag
As mobile app usage continues to rise, so does the generation of extensive user interaction data, which includes actions such as swiping, zooming, or the time spent on a screen. Apps often collect a large amount of this data and claim to anonymize it, yet concerns arise regarding the adequacy of these measures. In many cases, the so-called anonymized data still has the potential to profile and, in some instances, re-identify individual users. This situation is compounded by a lack of transparency, leading to potential breaches of user trust.
Our work investigates the gap between privacy policies and actual app behavior, focusing on the collection and handling of user interaction data. We analyzed the top 100 apps across diverse categories using static analysis methods to evaluate the alignment between policy claims and implemented data collection techniques. Our findings highlight the lack of transparency in data collection and the associated risk of re-identification, raising concerns about user privacy and trust. This study emphasizes the importance of clear communication and enhanced transparency in privacy practices for mobile app development.
Tang, Feiyang og Østvold, Bjarte M.. (2024).
Finding Privacy-Relevant Source Code.
Vis sammendrag
Privacy code review is a critical process that enables developers and legal experts to ensure compliance with data protection regulations. However, the task is challenging due to resource constraints. To address this, we introduce the concept of privacy-relevant methods — specific methods in code that are directly involved in the processing of personal data. We then present an automated approach to assist in code review by identifying and categorizing these privacy-relevant methods in source code. Using static analysis, we identify a set of methods based on their occurrences in 50 commonly used libraries. We then rank these methods according to their frequency of invocation with actual personal data in the top 30 GitHub applications. The highest-ranked methods are the ones we designate as privacy relevant in practice. For our evaluation, we examined 100 opensource applications and found that our approach identifies fewer than 5% of the methods as privacy-relevant for personal data processing. This reduces the time required for code reviews. Case studies on Signal Desktop and Cal.com further validate the effectiveness of our approach in aiding code reviewers to produce enhanced reports that facilitate compliance with privacy regulations.
Kristoffersen, Thor O.; Rummelhoff, Ivar; Stolpe, Audun og Østvold, Bjarte M.. (2023).
Regelverk, digitalisering og automatisering.
NVA
Rapport
Stolpe, Audun; Kristoffersen, Thor O. og Østvold, Bjarte M.. (2023).
R2030: Digitaliseringsvennlig regelverk. Metoder for regelverksforenkling, med eksempler fra bruksforskriften.
Vis sammendrag
Digitalisering av regelverk gir effektiviseringsgevinster gjennom utvikling av digitale tjenester. For at et regelverk skal kunne digitaliseres effektivt, er det viktig å sørge for at reglene er så enkle som mulige og at de henger sammen i en klar logisk struktur. Disse egenskapene ved et regelverk er med på å gjøre det digitaliseringsvennlig. Denne rapporten gir et kunnskapsgrunnlag for utvikling av digitalisingsvennlig regelverk, i form av konkrete metoder for å forenkle eksisterende regelverk uten å endre regelverkets meningsinnhold. Metodene hjelper regelverksforvaltere å identifisere uhensiktsmessige begreper eller regelstrukturer og viser hvordan disse kan omformes disse til enklere og mer hensiktsmessige regler. Rapporten inkluderer prinsipper og tommelfingerregler markert som grå bokser i teksten. Metodene er illustrert med eksempler fra kapittel 5 i forskrift om bruk av kjøretøy som forvaltes av Statens vegvesen. Til slutt beskriver vi hvordan et forenklet regelverk kan digitaliseres og danne basis for etterprøvbare digitale tjenester, dvs. tjenester som i stand til å produsere en begrunnelse for beslutninger med referanse til juridiske begreper og rettsregler.
Kristoffersen, Thor O.; Østvold, Bjarte M. og Rummelhoff, Ivar. (2023).
O3.1: Process definition and guidelines for system decommissioning.
NVA
Rapport
Rummelhoff, Ivar; Kristoffersen, Thor O. og Østvold, Bjarte M.. (2023).
O3.2-3: The DbSpec Executable Specification Language.
NVA
Rapport
Østvold, Bjarte M.; Rummelhoff, Ivar og Haukli, Lars. (2023).
Malware analysis: Tool support and innovation opportunities.
NVA
Rapport
Kristoffersen, Thor O.; Stolpe, Audun og Østvold, Bjarte M.. (2023).
Sustainability: Regulation, processes, and technology.
NVA
Rapport
Tang, Feiyang; Østvold, Bjarte M. og Bruntink, Magiel. (2023).
Identifying Personal Data Processing for Code Review.
Vis sammendrag
Code review is a critical step in the software development life cycle, which assesses and boosts the code's effectiveness and correctness, pinpoints security issues, and raises its quality by adhering to best practices. Due to the increased need for personal data protection motivated by legislation, code reviewers need to understand where personal data is located in software systems and how it is handled. Although most recent work on code review focuses on security vulnerabilities, privacy-related techniques are not easy for code reviewers to implement, making their inclusion in the code review process challenging. In this paper, we present ongoing work on a new approach to identifying personal data processing, enabling developers and code reviewers in drafting privacy analyses and complying with regulations such as the General Data Protection Regulation (GDPR).
Tang, Feiyang; Østvold, Bjarte M. og Bruntink, Magiel. (2023).
Helping Code Reviewer Prioritize: Pinpointing Personal Data and Its Processing.
Vis sammendrag
Ensuring compliance with the General Data Protection Regulation (GDPR) is a crucial aspect of software development. This task, due to its time-consuming nature and requirement for specialized knowledge, is often deferred or delegated to specialized code reviewers. These reviewers, particularly when external to the development organization, may lack detailed knowledge of the software under review, necessitating the prioritization of their resources.
To address this, we have designed two specialized views of a codebase to help code reviewers in prioritizing their work related to personal data: one view displays the types of personal data representation, while the other provides an abstract depiction of personal data processing, complemented by an optional detailed exploration of specific code snippets. Leveraging static analysis, our method identifies personal data-related code segments, thereby expediting the review process. Our approach, evaluated on four open-source GitHub applications, demonstrated a precision rate of 0.87 in identifying personal data flows. Additionally, we fact-checked the privacy statements of 15 Android applications. This solution, designed to augment the efficiency of GDPR-related privacy analysis tasks such as the Record of Processing Activities (ROPA), aims to conserve resources, thereby saving time and enhancing productivity for code reviewers.
Tang, Feiyang og Østvold, Bjarte Mayanja. (2023).
Transparency in App Analytics: Analyzing the Collection of User Interaction Data.
Vis sammendrag
The rise of mobile apps has brought greater convenience and many options for users. However, many apps use analytics services to collect a wide range of user interaction data, with privacy policies often failing to reveal the types of interaction data collected or the extent of the data collection practices. This lack of transparency potentially breaches data protection laws and also undermines user trust. We conducted an analysis of the top 20 analytic libraries for Android apps to identify common practices of interaction data collection and used this information to develop a standardized collection claim template for summarizing an app’s data collection practices wrt. user interaction data. We selected the top 100 apps from popular categories on Google Play and used automatic static analysis to extract collection evidence from their data collection implementations. Our analysis found that a significant majority of these apps actively collected interaction data from UI types such as View (89%), Button (76%), and Textfield (63%), highlighting the pervasiveness of user interaction data collection. By comparing the collection evidence to the claims derived from privacy policy analysis, we manually fact-checked the completeness and accuracy of these claims for the top 10 apps. We found that, except for one app, they all failed to declare all types of interaction data they collect and did not specify some of the collection techniques used.
Stolpe, Audun; Kristoffersen, Thor O. og Østvold, Bjarte M.. (2022).
Automatisering av bærekraftsrevisjon.
NVA
Rapport
Kristoffersen, Thor O.; Stolpe, Audun og Østvold, Bjarte M.. (2022).
Automatiserte prosesser innen regnskap, revisjon og finans.
NVA
Rapport
Østvold, Bjarte Mayanja. (2022).
Applying for innovation projects. NORA – Norwegian Artificial Intelligence Research Consortium
NVA
Faglig foredrag
Goodwin, Morten; Øverby, Erlend; Riemer-Sørensen, Signe og Østvold, Bjarte M.. (2022).
#56: Innovation Project in the Industrial Sector (IPN).
NVA
Programdeltagelse
Tang, Feiyang og Østvold, Bjarte M.. (2022).
Assessing software privacy using the privacy flow-graph.
Vis sammendrag
We increasingly rely on digital services and the conveniences they provide. Processing of personal data is integral to such services and thus privacy and data protection are a growing concern, and governments have responded with regulations such as the EU's GDPR. Following this, organisations that make software have legal obligations to document the privacy and data protection of their software. This work must involve both software developers that understand the code and the organisation's data protection officer or legal department that understands privacy and the requirements of a Data Protection and Impact Assessment (DPIA).
To help developers and non-technical people such as lawyers document the privacy and data protection behaviour of software, we have developed an automatic software analysis technique. This technique is based on static program analysis to characterise the flow of privacy-related data. The results of the analysis can be presented as a graph of privacy flows and operations---that is understandable also for non-technical people. We argue that our technique facilitates collaboration between technical and non-technical people in documenting the privacy behaviour of the software. We explain how to use the results produced by our technique to answer a series of privacy-relevant questions needed for a DPIA. To illustrate our work, we show both detailed and abstract analysis results from applying our analysis technique to the secure messaging service Signal and to the client of the cloud service NextCloud and show how their privacy flow-graphs inform the writing of a DPIA.
Hannay, Jo Erskine; Fuglerud, Kristin Skeide og Østvold, Bjarte Mayanja. (2022).
Stakeholder Perceptions on Requirements for Accessible Technical Condition Information in Residential Real Estate Transactions.
Vis sammendrag
Buyers of residential real estate frequently experience dissatisfaction with the property they have purchased. Recent findings suggest that insufficient knowledge about the property is a key trigger to ensuing disappointment and claims for compensation. Further, a good technical condition report reduces the probability of dissatisfaction and insurance claims. For the purpose of designing services for improving technical condition information and its flow, we elicited stakeholder perceptions on the suitability of residential real estate technical condition reports. Specifically, we conducted multiple surveys which we content analyzed and used as the basis for a conceptual model of information products and dependencies needed to deliver better information to stakeholders in a real estate transaction process. The conceptual model, in turn, forms the basis for specific service design in future work.
Hannay, Jo Erskine; Fuglerud, Kristin Skeide og Østvold, Bjarte Mayanja. (2022).
Stakeholder Perceptions on Requirements for Accessible Technical Condition Information in Residential Real Estate Transactions. HCI International Conference
NVA
Vitenskapelig foredrag
Hannay, Jo Erskine; Fuglerud, Kristin Skeide og Østvold, Bjarte Mayanja. (2022).
Eliciting and Prioritizing Services for Accessible Information for Residential Real Estate Transactions Estate Technical Conditions Information.
Vis sammendrag
A number of initiatives are underway for digitalizing real estate transaction processes. Public and private sector bodies are working to automate information retrieval and processing of the financial, ordinance and fiscal aspects of such transactions. Other initiatives, such as ours, are targeted toward helping stakeholders directly involved in selling and buying real estate. We present the results from a set of group sessions, where the focus was on improving the presentation of salient information to sellers and buyers of property. Based on an earlier conceptualization of perceived information difficulties, we elicited user stories for facilitating a better generation, provision and consumption of relevant information for the residential real estate transaction process. A total of ten services were aggregated from the user stories. We then asked a set of stakeholders to rate the effect of the services on functional objectives; i.e., on how they will affect the transaction process. We asked stakeholders at the managerial level to rate the functional objectives on strategic objectives. Combining the two sets of ratings, one obtains a rating of perceived benefit for the services, which can help in prioritizing which services to start developing first. In the outset, real estate transactions involve stakeholders with opposing interests. We conclude that multi-stakeholder group sessions can help generate services that serve these conflicting interests on a common ground.
Hannay, Jo Erskine; Fuglerud, Kristin Skeide og Østvold, Bjarte Mayanja. (2022).
Eliciting and Prioritizing Services for Accessible Information for Residential Real Estate Transactions Estate Technical Conditions Information. HCI International Conference
NVA
Vitenskapelig foredrag
Rummelhoff, Ivar; Gutiérrez, Eladio; Kristoffersen, Thor O.; Liabø, Ole; Østvold, Bjarte Mayanja; Plata, Oscar og Romero, Sergio. (2021).
An Abstract Machine Approach to Preserving Digital Information.
Vis sammendrag
Preserving digital information for a very long time is difficult even when using a durable passive storage medium such as photographic film stored under the right conditions. On film one can combine analog descriptions, that is, visual and thus human-readable text and diagrams, with encoded digital information. After hundreds of years, however, the formats used to represent and encode this information may have been forgotten, and any surviving source code may not simply be compiled and run. Explaining how to interpret data stored in a complex format runs the risks both of errors made today and of future misunderstandings. We present a solution based on (1) a very simple abstract machine, (2) independent, technology-neutral descriptions of the machine, preserved in analog form and aimed at future programmers and mathematicians, and (3) a C compiler targeting this machine. Currently, our toolset supports storing and retrieving data in the formats JPEG, TIFF and PDF/A, but other formats can be easily be added by adapting existing C programs for processing these formats. Binaries for the abstract machine are preserved alongside the digital information and the machine descriptions so that future generations can decode and present the information simply by implementing this machine.
Leister, Wolfgang; Halbach, Till; Schulz, Trenton Wade og Østvold, Bjarte M.. (2020).
Security & Privacy in Social Robots.
NVA
Rapport
Vis sammendrag
This note reviewed security aspects of social robots with an emphasis on Nao. We also looked at aspects to how and where to process data from sensors, that are necessary for the operation of the robot, such as a microphone, camera, and so on. Further, we presented elements that could be used for an evaluation of social robots. Such evaluation includes security and privacy, as well as other aspects such as usability and quality.
Hannay, Jo Erskine; Fuglerud, Kristin Skeide og Østvold, Bjarte M.. (2020).
Stakeholder Journey Analysis for Innovation:
A Multiparty Analysis Framework for Startups.
Vis sammendrag
When analysing how the information-technological innovation of a startup company is perceived to affect the market, we encountered challenges when using existing customer journey analysis frameworks. In particular, we identified a need to express critical events for technology adoption, a need to express universal access principles and a need to express journeys for multiple stakeholders in the same diagram; all in an easily readable manner. To do this, we extended an existing stripped-down customer journey framework with elements for the above aspects. We present this extended framework as a stakeholder journey framework. Based on the initial application of this framework on the startup company’s innovation product, we conclude that the stakeholder journey framework aided in uncovering issues within technology adoption and universal access that would otherwise not have been addressed.
Rummelhoff, Ivar; Østvold, Bjarte M. og Liabø, Ole. (2019).
Immortal Virtual Machine – solving the problem of file format and infrastructure obsolescence. DLM Forum
NVA
Faglig foredrag
Østvold, Bjarte M.. (2019).
Data-drevet autentisering for mobile tjenester. Norsk Informasjonssikkerhetsforum (ISF)
NVA
Faglig foredrag
Eskeland, Sigurd og Østvold, Bjarte M.. (2018).
Assuring authenticity in Piql Preservation Services.
NVA
Rapport
Christoph, Endres; Oussama, Renuli og Østvold, Bjarte M.. (2016).
Deliverable D5.2: Wallet framework with TSM supporting security levels QAA1 to QAA4 with physical and/or SSE, tested and validated -- HighTrustWallet FP7-SME-2013-605960.
NVA
Rapport
Kristoffersen, Thor O.; Østvold, Bjarte M. og Rummelhoff, Ivar. (2016).
PCAS Deliverable D8.1: Security Evaluation – Communication.
NVA
Rapport
Vis sammendrag
This document describes the results of the security evaluation of the communications system. The evaluation considers communications between the SPD, the STG, the SP node, and the RA node, with respect to threats such as eavesdropping, masquerading, message tampering, and replay attacks. The method of evaluation is to systematically compare a precise description of the communications with the actual messages exchanged in the implementation. The message contents is extracted via network analysis tools applied to a running PCAS instance.
Bai, Aleksander; Mork, Heidi Camilla; Fuglerud, Kristin Skeide; Halbach, Till; Tjøstheim, Ingvar; Leister, Wolfgang og Østvold, Bjarte M.. (2016).
State of the art: Universal Design of Ambient Hybrid Environments.
NVA
Rapport
Østvold, Bjarte M. og Hagalisletto, Moen Anders. (2015).
Deliverable D2.4: Test strategy and plan -- HighTrustWallet FP7-SME-2013-605960.
NVA
Rapport
Kristoffersen, Thor O. og Østvold, Bjarte M.. (2015).
Deliverable D3.1: Protocol Security Design -- HighTrustWallet FP7-SME-2013-605960.
NVA
Rapport
Eskeland, Sigurd; Kristoffersen, Thor O. og Østvold, Bjarte M.. (2015).
Deliverable D2.5: Prototype of Secure Software Element --
HighTrustWallet FP7-SME-2013-605960.
NVA
Rapport
Østvold, Bjarte M.. (2015).
Deliverable D2.7: Final Test Report -- HighTrustWallet FP7-SME-2013-605960.
NVA
Rapport
Hagalisletto, Moen Anders; Torjusen, Arild Braathen og Østvold, Bjarte M.. (2015).
Deliverable D2.3: Evaluation Plan Against Chosen Security Standard -- HighTrustWallet FP7-SME-2013-605960.
NVA
Rapport
Kristoffersen, Thor O. og Østvold, Bjarte M.. (2015).
Deliverable D3.4: Test and Security and Privacy Risk Analysis -- HighTrustWallet FP7-SME-2013-605960.
NVA
Rapport
Soleimanifard, Siavash; Gurov, Dilian; Schaefer, Ina; Østvold, Bjarte M. og Markov, Minko. (2015).
Model mining and efficient verification of software product lines.
NVA
Vitenskapelig artikkel
Kristoffersen, Thor; Hagalisletto, Moen Anders; Skomedal, Åsmund og Østvold, Bjarte M.. (2014).
PCAS Project Deliverable 2.3: Secure Communication Protocols and Services.
NVA
Rapport
Kristoffersen, Thor; Nassie, Evyatar og Østvold, Bjarte M.. (2014).
PCAS Project Deliverable 2.1: PCAS High-level Design.
NVA
Rapport
Allalouf, Miriam; Andrade, Daniel; Fish, Gila; Guerra, Javier; Korman, Avner; Nassie, Evyatar; Østvold, Bjarte M.; Silva, Joao Nuno og Sousa, Paulo. (2014).
PCAS Project Deliverable 1.1: PCAS Scenarios and Use Cases.
NVA
Rapport
Andrade, Daniel; Silva, Joao Nuno; Gerdov, Alex; Kristoffersen, Thor; Nassie, Evyatar; Østvold, Bjarte M. og Shani, Alex. (2014).
PCAS Project Deliverable D5.1: Smartphone/Desktop Software Architecture.
NVA
Rapport
Kristoffersen, Thor; Østvold, Bjarte M.; Skomedal, Åsmund; Guerra, Javier; Andrade, Daniel; Gerdov, Alex; Ofek, David Mor og Nassie, Evyatar. (2014).
PCAS Project Deliverable 2.2: Precise Architecture Model.
NVA
Rapport
Østvold, Bjarte M.; Kristoffersen, Thor og Gröne, Michael. (2014).
HighTrustWallet Deliverable D1.1: Project Handbook.
NVA
Rapport
Gröne, Michael; Kristoffersen, Thor; Østvold, Bjarte M.; Torjusen, Arild Braathen; Hagalisletto, Moen Anders og Stüble, Christian. (2014).
HighTrustWallet Deliverable D1.2: Security Requirements.
NVA
Rapport
Hermansen, Gudmund Horn og Østvold, Bjarte M.. (2014).
INPRED: Intelligent prediction for package transport.
NVA
Rapport
Gröne, Michael; Stüble, Christian; Schmidt-Egermann, Stefan; Hagalisletto, Moen Anders; Leest, Vincent van der; Olsen, John Olav og Østvold, Bjarte M.. (2014).
HighTrustWallet Deliverable D1.3: Test Scenarios.
NVA
Rapport
Gurov, Dilian; Østvold, Bjarte M. og Schaefer, Ina. (2012).
A hierarchical variability model for software product lines.
NVA
Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
Vis sammendrag
A key challenge in software product line engineering is to represent solution space variability in an economic, yet easily understandable fashion. We introduce the notion of hierarchical variability models to describe families of products in a manner that facilitates their modular design and analysis. In this model, a family is represented by a common set of artifacts and a set of variation points with associated variants. A variant is again a hierarchical variability model, leading to a hierarchical structure. These models, however, are not unique with respect to the families they define. We therefore propose a quantitative measure on hierarchical variability models that expresses the degree to which a variability model captures commonality and variability in a family. Further, by imposing well-formedness constraints, we identify a class of variability models that, by construction, have maximal measure and are unique for the families they define. For this class of simple families, we provide a procedure that reconstructs their hierarchical variability model. The reconstructed model can be used to drive various static analyses by divide-and-conquer reasoning. Hierarchical variability models strike a balance between the formalism’s expressiveness and the desirable property of model uniqueness. We illustrate the approach by a small product line of Java classes.
Albert, Elvira; Østvold, Bjarte M. og Rojas, José Miguel. (2012).
Automated Extraction of Abstract Behavioural Models from JMS Applications.
Vis sammendrag
Distributed systems are hard to program, understand and analyze. Two key sources of complexity are the many possible behaviors of a system, arising from the parallel execution of its distributed nodes, and the handling of asynchronous messages exchanged between nodes. We show how to systematically construct executable models of publish/subscribe systems based on the Java Messaging Service (JMS). These models, written in the Abstract Behavioural Specification (ABS) language, capture the essentials of the messaging behavior of the original Java systems, and eliminate details not related to distribution and messages. We report on jms2abs, a tool that automatically extracts ABS models from the bytecode of JMS systems. Since the extracted models are formal and executable, they allow us to reason about the modeled JMS systems by means of tools built specifically for the modeling language. For example, we have succeeded to apply simulation, termination and resource analysis tools developed for ABS to, respectively, execute, prove termination and infer the resource consumption of the original JMS applications.
Østvold, Bjarte M. og Karlsen, Edvard Kristoffer. (2012).
Public review of e-voting source code: Lessons learnt from E-vote 2011.
NVA
Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
Vis sammendrag
In the Norwegian local elections of 2011, constituents in ten municipalities had the option to vote electronically over the Internet. The source code of the e-voting system was made publicly available by the Norwegian government, with the expressed intention to build confidence in the system and to facilitate public review of the code.
We conducted a low-effort review of this source code, finding significant problems with coding style, security, and correctness. Building on the lessons we learnt, and on general principles of good software engineering, we give recommendations to governments and others with source code where public trust is important. We end by giving specific advice to the Norwegian government on e-voting.
Karlsen, Edvard Kristoffer; Høst, Einar W. og Østvold, Bjarte M.. (2012).
Finding and fixing Java naming bugs with the Lancelot Eclipse plugin.
Vis sammendrag
The Lancelot plugin extends the integrated development environment Eclipse with support for finding and fixing 'naming bugs' in Java programs. A naming bug is a mismatch between the name and implementation of a method, in the sense that the pairing of name and implementation do not correspond to the implicit method naming conventions used by many well-known open source applications.
Lancelot has not been presented before, but its theoretical foundations and evaluation have been published. The contribution of the present paper is to present a publicly available tool building on our theory, explain the design of the tool, including some necessary adaptations to the interactive use setting, and report on our experience with it. The source code of Lancelot is available under an open source license.
Østvold, Bjarte M. og Karlsen, Edvard K.. (2012).
Random value transformers: Motivation and idea.
NVA
Rapport
Høst, Einar Waaler og Østvold, Bjarte M.. (2011).
Canonical Method Names for Java - Using Implementation Semantics to Identify Synonymous Verbs.
Karlsen, Edvard K. og Østvold, Bjarte M.. (2011).
Finding and fixing Java naming bugs with the Lancelot Eclipse plugin.
NVA
Rapport
Østvold, Bjarte M.. (2010).
PETweb II deliverable D8: Case study — Privacy-relevant information flow in identity management systems.
NVA
Rapport
Leister, Wolfgang; Liang, Xuedong; Klüppelholz, Sascha; Klein, Joachim; Owe, Olaf; Kazemeyni, Fatemeh Sadat; Bjørk, Joakim og Østvold, Bjarte Mayanja. (2009).
Modelling of Biomedical Sensor Networks using the Creol Tools.
NVA
Rapport
Berg, Henrik; Olsson, Roland; Owe, Olaf og Østvold, Bjarte Mayanja. (2009).
Evolutionary Machine Learning: Neutrality, Diversity and Applications.
NVA
Doktorgradsavhandling
Østvold, Bjarte M.. (2009).
Resultatrapport for prosjekt 165763 - Reducing Software Entropy.
NVA
Rapport
Høst, Einar W. og Østvold, Bjarte M.. (2009).
The Java Programmer's Phrase Book.
NVA
Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
Høst, Einar W. og Østvold, Bjarte M.. (2009).
Debugging Method Names.
NVA
Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
Salden, Alfons; Stam, Andries; Chothia, Tom; Leister, Wolfgang; Østvold, Bjarte M.; Liang, Xuedong og Kyas, Marcel. (2008).
Deliverable D6.2: Initial modelling with service interfaces.
NVA
Rapport
Salden, Alfons; Stam, Andries; Balasingham, Ilangko; Steffen, Martin; Kyas, Marcel; Leister, Wolfgang; Liang, Xuedong og Østvold, Bjarte M.. (2008).
Deliverable D6.1 - User Driven Requirements - Addendum.
NVA
Rapport
Høst, Einar W. og Østvold, Bjarte M.. (2007).
The Programmer's Lexicon, Volume I: The Verbs.
NVA
Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
Balasingham, Ilangko; Kyas, Marcel; Leister, Wolfgang; Liang, Xuedong; Østvold, Bjarte M.; Rossum, Anne van; Salden, Alfons; Steffen, Martin og Valk, Jeroen M.. (2007).
CREDO - Deliverable D6.1: User driven requirements.
NVA
Rapport
Østvold, Bjarte M.; Fretland, Truls og Hagalisletto, Anders Moen. (2007).
Security assessment of the mBricks net protocol version 2.2.
NVA
Rapport
Holmqvist, Knut; Østvold, Bjarte M. og Leister, Wolfgang. (2006).
Bruk av åpne standarder i offentlig forvaltning.
NVA
Rapport
Østvold, Bjarte M. og Kristoffersen, Thor. (2006).
Pre-study: software solutions for scheduling.
NVA
Rapport
Malenfant, Jacques og Østvold, Bjarte Mayanja. (2005).
Object-Oriented Technology. ECOOP 2004 Workshop Reader.
NVA
Vitenskapelig antologi/Konferanseserie
Østvold, Bjarte M. og Kristoffersen, Thor. (2005).
Analysis of object-oriented programs: a survey.
NVA
Rapport
Østvold, Bjarte M.. (2004).
A functional reconstruction of anti-unification.
Vis sammendrag
In 1970 both Plotkin and Reynolds defined the anti-unification of a set of literal clauses, that is, atomic formulas or negated atomic formulas. They gave similar imperative anti-unification algorithms and proved the algorithms correct.
We formulate an alternative anti-unification algorithm using recursive equations and prove its correctness. This functional-style algorithm gives a modular view of anti-unification, where each equation captures a different computational aspect. Modularity makes the algorithm well-suited as a starting point for designing related algorithms. It can easily be converted into a program in a functional programming language.
Leister, Wolfgang; Hegna, Håvard; Kristoffersen, Thor; Aarhus, Lars Thore; Moen, Anders og Østvold, Bjarte M.. (2002).
Multimedia-Präsentationen auf persönlichen digitalen Assistenten mit geringer Übertragungsrate.
NVA
Vitenskapelig Kapittel/Artikkel/Konferanseartikkel
Vis sammendrag
Es wird eine einfache und robuste Client-Server-Architektur zur Präsentation von Multimedia-Inhalt auf mobilen Terminals vorgestellt. Dabei werden die Daten auf einem Server vorbereitet und in einem Streaming-Verfahren auf den
Client übertragen. Die Multimedia-Präsentation entsteht durch das Abspielen von Multimedia-Befehlen auf einer abstrakten Maschine. Unter anderem wird der Ansatz des dehnbaren Streaming eingesetzt, um variierenden Empfangsverhältnissen gerecht zu werden. Dieses Konzept wurde für sehr geringe Datenrate entwickelt (z.B. über GSM) und wurde für eine Nachrichtenanwendung vorgeführt.
Aarhus, Lars Thore; Kristoffersen, Thor; Leister, Wolfgang; Røe, Per og Østvold, Bjarte M.. (2002).
MobileSLM pre-project - Development Report.
NVA
Rapport
Aarhus, Lars Thore; Hegna, Håvard; Kristoffersen, Thor; Leister, Wolfgang; Moen, Anders og Østvold, Bjarte M.. (2002).
Streamed multimedia presentation for low-bandwidth mobile terminals: A virtual machine approach.
NVA
Vitenskapelig artikkel
Leister, Wolfgang; Hegna, Håvard; Kristoffersen, Thor; Aarhus, Lars Thore; Moen, Anders og Østvold, Bjarte M.. (2002).
Multimedia-presentasjoner på mobile terminaler med lav båndbredde.
NVA
Populærvitenskapelig artikkel
Aarhus, Lars Thore; Hegna, Håvard; Kristoffersen, Thor; Leister, Wolfgang; Moen, Anders og Østvold, Bjarte M.. (2001).
Streamed Multimedia Presentation for Low-Bandwidth Mobile Terminals: A Virtual Machine Approach.
NVA
Rapport
Kristoffersen, Thor; Moen, Anders og Østvold, Bjarte M.. (2001).
Form validation mechanism: Design relevant standards and technology.
NVA
Rapport
Haugsand, Jon; Mazaher, Shahrzade; Moen, Anders; Østvold, Bjarte M.; Groven, Arne-Kristian og Hegna, Håvard. (2000).
Mowgli - Mobile Work, Gadgets, Language and Infrastructure.
NVA
Rapport
Kristoffersen, Thor og Østvold, Bjarte M.. (2000).
Design and Implementation of the Generic Multimedia Server Platform.
NVA
Rapport