Safety Hazard Identification by Misuse Cases: Experimental Comparison of Text and Diagrams

Authors:
Tor Stålhane;Guttorm Sindre
Affiliations:
Dept of Computer and Information Science, Norwegian Univ of Science and Technology (NTNU), Trondheim, Norway NO-7491;Dept of Computer and Information Science, Norwegian Univ of Science and Technology (NTNU), Trondheim, Norway NO-7491
Venue:
MoDELS '08 Proceedings of the 11th international conference on Model Driven Engineering Languages and Systems
Year:
2008

Citing 20
Cited 3

User acceptance of computer technology: a comparison of two theoretical models

Management Science
Comparing representations with relational and EER models

Communications of the ACM
Graphs and tables: a four-factor experiment

Communications of the ACM
Diagrams and design tools in context

ACM SIGDOC Asterisk Journal of Computer Documentation
Safeware: system safety and computers

Safeware: system safety and computers
Experimentation in software engineering: an introduction

Experimentation in software engineering: an introduction
Software engineering for safety: a roadmap

Proceedings of the Conference on The Future of Software Engineering
Writing Effective Use Cases

Writing Effective Use Cases
Replicating the CREWS Use Case Authoring Guidelines Experiment

Empirical Software Engineering
Quality and Understandability of Use Case Models

ECOOP '01 Proceedings of the 15th European Conference on Object-Oriented Programming
Guiding Use Case Authoring: Results of an Empirical Study

RE '99 Proceedings of the 4th IEEE International Symposium on Requirements Engineering
Initial Industrial Experience of Misuse Cases in Trade-Off Analysis

RE '02 Proceedings of the 10th Anniversary IEEE Joint International Conference on Requirements Engineering
Using Abuse Case Models for Security Requirements Analysis

ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Evaluating the Effect of a Delegated versus Centralized Control Style on the Maintainability of Object-Oriented Software

IEEE Transactions on Software Engineering
A Controlled Experiment for Evaluating a Metric-Based Reading Technique for Requirements Inspection

METRICS '04 Proceedings of the Software Metrics, 10th International Symposium
Eliciting security requirements with misuse cases

Requirements Engineering
Investigating the Role of Use Cases in the Construction of Class Diagrams

Empirical Software Engineering
Semiology of graphics

Semiology of graphics
Misuse Cases: Use Cases with Hostile Intent

IEEE Software
A comparison of two approaches to safety analysis based on use cases

ER'07 Proceedings of the 26th international conference on Conceptual modeling

Comparing safety analysis based on sequence diagrams and textual use cases

CAiSE'10 Proceedings of the 22nd international conference on Advanced information systems engineering
Using SMCD to reduce inconsistencies in misuse case models: A subject-based empirical evaluation

Journal of Systems and Software
Comparing attack trees and misuse cases in an industrial setting

Information and Software Technology

Quantified Score

Hi-index	0.00

Visualization

Abstract

In general, diagrams and text are both considered to have their advantages and disadvantages for the representation of use case models, but this is rarely investigated experimentally. This paper describes a controlled experiment where we compare safety hazard identification by means of misuse cases based on use case diagrams and textual use cases. The experiment participants found use case diagrams and textual use cases equally easy to use. In most cases those who used textual use cases were able to identify more failure modes or threats. The main reason for this seems to be that use cases encourage analysts to specifically focus on threats related to the functions mentioned in the use case, and textual use cases include more functional details than diagrams. The focus is decided by information in each use case which will thus decide the number of threats identified.