Lund, Mass Soldal
DepartmentNorwegian Defence University College, Norwegian Defence Cyber Academy
PositionProfessor
Phone+47 61 10 34 26
E-mailmaslund@fhs.mil.no

(b. 1977). MSc (2002) and PhD (2008) in informatics from the University of Oslo. Has worked as Associate Professor in information security at the Norwegian Defence Cyber Academy since 2013. Worked earlier as research scientist for SINTEF (2002-2012). Teaches information security and computer network operations (CNO). Conducts research on concepts, techniques, tactics and procedures for defensive cyberspace operations, the role of cyberspace operations in joint operations, and cyber resilience.


FIELDS OF INTEREST

  • Defensive cyberspace operations
  • Risk analysis and threat modelling
  • Cyber resilient systems
  • Formal methods for cyber security
  • The history of computing


Books/reports/dissertations

  • Lund, Mass Soldal and Ketil Stølen. 2007. A fully general operational semantics for UML sequence diagrams with potential and mandatory choice. Report, Institutt for Informatikk, Universitetet i Oslo.
  • den Braber, Folker, Mass Soldal Lund and Ketil Stølen. 2004. Using the CORAS threat modelling language to document threat scenarios for several Microsoft relevant technologies. Technical report STF90 A04057. Report, SINTEF IKT.
  • Lund, Mass Soldal, Folker den Braber, Ketil Stølen and Fredrik Vraalsen. 2004. A UML profile for the identification and analysis of security risks during structured brainstorming. Technical report STF40 A03067. Report, SINTEF IKT.
  • Vraalsen, Fredrik, Folker den Braber, Ida Hogganvik, Mass Soldal Lund and Ketil Stølen. 2004. The CORAS tool-supported methodology for UML-based security analysis. Technical report STF90 A04015. Report, SINTEF IKT.
  • Lund, Mass Soldal, Folker den Braber, Ketil Stølen and Fredrik Vraalsen. 2003. A UML profile for the identification and analysis of security risks during structured brainstorming. Report, SINTEF Telecom and Informatics.
  • Lund, Mass Soldal, Folker den Braber and Fredrik Vraalsen. 2003. COBRA - Component-Based Security Assessment. Report, SINTEF Telecom and Informatics.
  • den Braber, Folker, Chingwoei Gan, Mass Soldal Lund, Fredrik Seehusen, Ketil Stølen and Fredrik Vraalsen. 2003. An experience repository supporting security risk analysis. Report, SINTEF Telecom and Informatics.
  • Lund, Mass Soldal, Ida Hogganvik, Fredrik Seehusen and Ketil Stølen. 2003. UML profile for security assessment. Report, SINTEF Telecom and Informatics.
  • Lund, Mass Soldal. 2002. Validation of contract decomposition by testing. Master’s thesis, Department of Informatics, University of Oslo.
Full list

Parts of books/reports

  • Lund, Mass Soldal, Jørgen Emil Gulland, Odd Sveinung Hareide, Øyvind Jøsok and Karl Olav Carlsson Weum. 2018. "Integrity of Integrated Navigation Systems". In 2018 IEEE Conference on Communications and Network Security (CNS), edited by Jing Jiwu, Lazos Loukas and Peng Liu. IEEE.
  • Helkala, Kirsi Marjaana, Silje Knox and Mass Soldal Lund. 2015. "Effect of Motivation and Physical Fitness on Cyber Tasks". In Proceedings of the Ninth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2015), edited by Steve M Furnell and Nathan Clarke, 108–119. United Kingdom: Center for Security, Communications & Network Research, Plymouth University.
  • Lund, Mass Soldal, Benjamin James Knox and Hanne Eggen Røislien. 2014. "What do Cyber Soldiers Need to Know?" In Proceedings of the 9th International Conference on Cyber Warfare and Security ICCWS-2014. Purdue University, West Lafayette, Indiana, USA. 24-25 March 2014, edited by Sam Liles, 371–372. Academic Conferences Publishing.
  • Røislien, Hanne Eggen, Mass Soldal Lund and Benjamin James Knox. 2014. "Mapping the "Cyber Warrior": What Skill-Set Does the Cyber Warrior Need?" In Proceedings of the 9th International Conference on Cyber Warfare and Security ICCWS-2014. Purdue University, West Lafayette, Indiana, USA. 24-25 March 2014, edited by Sam Liles, 373–376. Academic Conferences Publishing.
  • Ligaarden, Olav Skjelkvåle, Mass Soldal Lund, Fredrik Seehusen, Atle Refsdal and Ketil Stølen. 2011. "An Architectural Pattern for Enterprise Level Monitoring Tools". In 2011 International Workshop on the Maintenance and Evolution of Service-Oriented and Cloud-Based Systems (MESOCA 2011), edited by Grace A. Lewis, 1–10. IEEE.
  • den, Braber Folker, Mass Soldal Lund, Ketil Stølen and Fredrik Vraalsen. 2007. "Integrating security in the development process with UML". In Information security and ethics: Concepts, methodologies, tools and applications. Information Science Reference.
  • Vraalsen, Fredrik, Tobias Mahler, Mass Soldal Lund, Ida Hogganvik, Folker den Braber and Ketil Stølen. 2007. "Assessing Enterprise Risk Level : the CORAS Approach". In Advances in Enterprise Information Technology Security, edited by Djamel Khadraoui and Francine Herrmann, 311–333. IGI Global.
  • Lund, Mass Soldal and Ketil Stølen. 2006. "Deriving tests from UML 2.0 sequence diagrams with neg and assert". In Proceedings of the 28th International Conference on Software Engineering & Co-Located Workshops, edited by Kenneth M. Anderson. ACM Publications.
  • Rossebø, Judith Ellen Yarranton, Mass Soldal Lund, Knut Eilif Husa and Atle Refsdal. 2006. "A conceptual model for service availability". In Quality Of Protection - Security Measurements and Metrics, edited by Dieter Gollmann, 107–118. Springer Publishing Company.
  • den Braber, Folker, Mass Soldal Lund, Ketil Stølen and Fredrik Vraalsen. 2005. "Integrating security in the development process with UML". In Encyclopedia of Information Science and Technology, edited by Mehdi Khosrow-Pour, 1560–1566. Idea Group.
  • Lund, Mass Soldal. 2005. "Specifying Legal Risk Scenarios Using the CORAS Threat Modelling Language". In Trust Management, Third International Conference, iTrust 2005, Proceedings, 45–60. Springer.
  • Vraalsen, Fredrik, Mass Soldal Lund, Braber Folker den and Ketil Stølen. 2005. "The CORAS tool for security risk analysis". In Trust Management, Third International Conference, iTrust 2005, Proceedings, 402–405. Springer.
  • den Braber, Folker, Theo Dimitrakos, Bjørn Axel Gran, Mass Soldal Lund, Ketil Stølen and Jan Øyvind Aaagedal. 2003. "The CORAS methodology: Model-based risk assessment using UML and UP". In UML and the Unified Process, edited by Liliana Favre, 332–357. IRM Press.
  • Lund, Mass Soldal. 2003. "Testing decomposition of component specifications based on a rule for formal verification". In Proceedings of the Third International Conference on Quality Software (QSIC 2003), edited by Huimin Lin and Hans-Dieter Ehrich, 154–160. IEEE.
  • Lund, Mass Soldal, Folker den Braber and Ketil Stølen. 2003. "A component-oriented approach to security risk assessment". In Proceedings of the 1st Intenational Workshop of Quality of Service in Component-Based Software Engineering (QoS in CBSE 2003), edited by Jean-Michel Bruel, 99–110. Cépaduès-Éditions.
  • Lund, Mass Soldal, Folker den Braber and Ketil Stølen. 2003. "Maintaining results from security assessments". In Proceedings of the Seventh European Conference on Software Maintenance and Reengineering (CSMR 2003), edited by Gerardo Canfora, Mark van den Brand and Tibor Gymóthy, 341–350. IEEE.
  • Stamatiou, Yannis c., Eva Skipenes, Eva Henriksen, Nikos Stathiakis, Adamantios Sikianakis, Eliana Charalambous, Nikos Antonakis, Ketil Stølen, Folker den Braber, Mass Soldal Lund, Katerina Papadaki and George Valvis. 2003. "The CORAS approach for model-based risk management applied to a telemedicine service". In The new navigators: From professionals to patients. Proceedings of MIE2003, edited by Robert Baud, M Fieschi, Pierre Le Beux and Patrick Ruch, 206–211. IOS Press.
  • Houmb, Siv-Hilde, Folker den Braber, Mass Soldal Lund and Ketil Stølen. 2002. "Towards a UML profile for model-based risk assessment". In Critical Systems Development with UML (CSDUML 2002). UML 2002 satellite workshop proceedings, edited by Jan Jürjens, Victoria Cengarle, BE Fernandez, Bernhard Rumpe and R. Sander, 79–91. Techniche Universität München.
  • Lund, Mass Soldal. 2002. "Validation of contract decomposition by testing". In Norsk Informatikkonferanse 2002, edited by Norvald Stol, 191–202. Tapir Akademisk Forlag.
  • Stamatiou, Yannis c., Eva Henriksen, Mass Soldal Lund, Eva Mantzouranis, Michalis Psarros, Eva Skipenes, Nikos Stathiakis and Ketil Stølen. 2002. "Experiences from using model-based risk assessment to evaluate the security of a telemedicine application". In Telemedicine in Care Delivery. Technology and Applications, edited by Velio Macellari and Remo Bedini, 115–119. Rome: National Institute of Health.
  • Stølen, Ketil, Folker den Braber, Theo Dimitrakos, Rune Fredriksen, Bjørn Axel Gran, Siv-Hilde Houmb, Mass Soldal Lund, Yannis c. Stamatiou and Jan Øyvind Aaagedal. 2002. "Model-based risk assessment - the CORAS approach". In Norsk Informatikkonferanse NIK'2002, edited by Norvald Stol, Torbjørn Strøm, Terje Fallmyr, Sissel Haddjerroudit, Dag Langmyhr, Ole Chr. Lingjærde, Fredrik Manne, Roger Midtstraum and Weihai Yu, 239–249. Kongsberg: Høgskolen i Buskerud.
Full list

Peer-reviewed articles

  • Hareide, Odd Sveinung, Øyvind Jøsok, Mass Soldal Lund, Runar Ostnes and Kirsi Marjaana Helkala. 2018. "Enhancing Navigator Competence by Demonstrating Maritime Cyber Security". Journal of navigation 71 (5): 1025–1039.
  • Lund, Mass Soldal, Odd Sveinung Hareide and Øyvind Jøsok. 2018. An Attack on an Integrated Navigation System. Necesse 3 (2): 149–163.
  • Helkala, Kirsi Marjaana, Benjamin James Knox, Øyvind Jøsok, Silje Knox and Mass Soldal Lund. 2016. Factors to affect improvement in cyber officer performance. Information and Computer Security 24 (2): 152–163.
  • Flåten, Ola and Mass Soldal Lund. 2014. How Good are Attack Trees for Modelling Advanced Cyber Threats? Norsk Informasjonssikkerhetskonferanse (NISK) .
  • Lund, Mass Soldal and Atle Refsdal. 2012. "BRIDGE Risk Analyzer: A Collaborative Tool for Enhanced Risk Analysis in Crisis Situations". CEUR Workshop Proceedings 953 .
  • Grøndahl, Ida Hogganvik, Mass Soldal Lund and Ketil Stølen. 2011. Reducing the effort to comprehend risk models: text labels are often preferred over graphical means. Risk Analysis 31 (11): 1813–1831.
  • Lund, Mass Soldal, Bjørnar Solhaug and Ketil Stølen. 2011. Risk Analysis of Changing and Evolving Systems Using CORAS. Lecture Notes in Computer Science (LNCS) 6858 : 231–274.
  • Massacci, Fabio, Fabrice Bouquet, Elizabeta Fourneret, Jan Jurjens, Mass Soldal Lund, Sébastien Madelénat, JanTobias Muehlberg, Federica Paci, Stéphane Paul, Frank Piessens, Bjørnar Solhaug and Sven Wenzel. 2011. Orchestrating Security and System Engineering for Evolving Systems. Lecture Notes in Computer Science (LNCS) 6994 : 134–143.
  • Lund, Mass Soldal, Bjørnar Solhaug and Ketil Stølen. 2010. EVOLUTION IN RELATION TO RISK AND TRUST MANAGEMENT. Computer 43 (5): 49–55.
  • den Braber, Folker, Ida Hogganvik, Mass Soldal Lund, Ketil Stølen and Fredrik Vraalsen. 2007. Model-based security analysis in seven steps — a guided tour to the CORAS method. BT technology journal 25 (1): 101–117.
  • den, Braber Folker, Ida Hogganvik, Mass Soldal Lund, Ketil Stølen and Fredrik Vraalsen. 2007. Model-based security analysis in seven steps – a guided tour to the CORAS method. BT technology journal 25 (1): 101–117.
  • Lund, Mass Soldal and Ketil Stølen. 2006. A fully general operational semantics for UML 2.0 sequence diagrams with potential and mandatory choice. Lecture Notes in Computer Science (LNCS) 4085 : 380–395.
  • Rossebø, Judith, Mass Soldal Lund, Atle Refsdal and Knut Eilif Husa. 2006. A conceptual model for service availability. Advances in Information Security 23 : 107–118.
  • Vraalsen, Fredrik, Folker den Braber, Mass Soldal Lund and Ketil Stølen. 2005. The CORAS tool for security risk analysis. Lecture Notes in Computer Science (LNCS) (3477): 402–405.
  • Vraalsen, Fredrik, Mass Soldal Lund, Tobias Mahler, Xavier Parent and Ketil Stølen. 2005. "Specifying legal risk scenarios using the CORAS threat modelling language - Experiences and the way forward". Lecture Notes in Computer Science (LNCS) 3477 .
Full list

Non-refereed articles

  • Lund, Mass Soldal. 2017. Cyber som operasjonsdomene. Norsk Militært Tidsskrift 186 (1): 28–34.
  • Lund, Mass Soldal. 2001. Modulær testing basert på universelle lover. Elektronikk : tidsskrift for IT og telekom (10): 34–36.

Op-eds/comments/blog posts

  • Lund, Mass Soldal. 2017. Internetthøgre frå 4chan til Trump. Gnist- Marxistisk tidsskrift.
  • Lund, Mass Soldal. 2012. "It-sikkerheit krev risikoanalyse". ComputerWorld Norge.
Published 13 September 2018 14:25.. Last updated 05 December 2019 14:53.