The Z notation: a reference manual
The Z notation: a reference manual
Fundamentals of computer security technology
Fundamentals of computer security technology
Specification and Validation of a Security Policy Model
IEEE Transactions on Software Engineering
From object-oriented to goal-oriented requirements analysis
Communications of the ACM
Experimentation in software engineering: an introduction
Experimentation in software engineering: an introduction
Secrets & Lies: Digital Security in a Networked World
Secrets & Lies: Digital Security in a Networked World
Towards requirements-driven information systems engineering: the Tropos project
Information Systems - The 13th international conference on advanced information systems engineering (CAiSE*01)
SecureUML: A UML-Based Modeling Language for Model-Driven Security
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
UMLsec: Extending UML for Secure Systems Development
UML '02 Proceedings of the 5th International Conference on The Unified Modeling Language
Initial Industrial Experience of Misuse Cases in Trade-Off Analysis
RE '02 Proceedings of the 10th Anniversary IEEE Joint International Conference on Requirements Engineering
I3E '02 Proceedings of the IFIP Conference on Towards The Knowledge Society: E-Commerce, E-Business, E-Government
Using Abuse Case Models for Security Requirements Analysis
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Security and Privacy Requirements Analysis within a Social Setting
RE '03 Proceedings of the 11th IEEE International Conference on Requirements Engineering
IEEE Transactions on Software Engineering
Using Abuse Frames to Bound the Scope of Security Problems
RE '04 Proceedings of the Requirements Engineering Conference, 12th IEEE International
Eliciting security requirements with misuse cases
Requirements Engineering
Security Patterns: Integrating Security and Systems Engineering
Security Patterns: Integrating Security and Systems Engineering
Matching attack patterns to security vulnerabilities in software-intensive system designs
SESS '05 Proceedings of the 2005 workshop on Software engineering for secure systems—building trustworthy applications
Modeling Security Requirements Through Ownership, Permission and Delegation
RE '05 Proceedings of the 13th IEEE International Conference on Requirements Engineering
Do Viewpoints Lead to Better Conceptual Models? An Exploratory Case Study
RE '05 Proceedings of the 13th IEEE International Conference on Requirements Engineering
Empirical and statistical analysis of risk analysis-driven techniques for threat management
ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
Computer Standards & Interfaces
Comparing goal modelling languages: an experiment
REFSQ'07 Proceedings of the 13th international working conference on Requirements engineering: foundation for software quality
Automatically generating requirements from i* models: experiences with a complex airport operations
REFSQ'07 Proceedings of the 13th international working conference on Requirements engineering: foundation for software quality
A comparison of two approaches to safety analysis based on use cases
ER'07 Proceedings of the 26th international conference on Conceptual modeling
Capturing security requirements in business processes through a UML 2.0 activity diagrams profile
CoMoGIS'06 Proceedings of the 2006 international conference on Advances in Conceptual Modeling: theory and practice
DARPA Information Assurance Program dynamic defense experiment summary
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
A systematic review of security requirements engineering
Computer Standards & Interfaces
Security requirements engineering framework for software product lines
Information and Software Technology
A comparison of software design security metrics
Proceedings of the Fourth European Conference on Software Architecture: Companion Volume
Introducing mitigation use cases to enhance the scope of test cases
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
Experimental threat model reuse with misuse case diagrams
ICICS'10 Proceedings of the 12th international conference on Information and communications security
Idea: reusability of threat models – two approaches with an experimental evaluation
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Evaluation of the Pattern-based method for Secure Development (PbSD): A controlled experiment
Information and Software Technology
How to select a security requirements method? a comparative study with students and practitioners
NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems
Intelligent network security assessment with modeling and analysis of attack patterns
Security and Communication Networks
Attribute Decoration of Attack-Defense Trees
International Journal of Secure Software Engineering
Comparing Misuse Case and Mal-Activity Diagrams for Modelling Social Engineering Attacks
International Journal of Secure Software Engineering
Countermeasure graphs for software security risk assessment: An action research
Journal of Systems and Software
Comparing attack trees and misuse cases in an industrial setting
Information and Software Technology
| Hi-index | 0.00 |
A number of methods have been proposed or adapted to include security in the requirements analysis stage, but the industrial take-up has been limited and there are few empirical and comparative evaluations. This paper reports on a pair of controlled experiments that compared two methods for early elicitation of security threats, namely attack trees and misuse cases. The 28 and 35 participants in the two experiments solved two threat identification tasks individually by means of the two techniques, using a Latin-Squares design to control for technique and task order. The dependent variables were effectiveness of the techniques measured as the number of threats found, coverage of the techniques measured in terms of the types of threats found and perceptions of the techniques measured through a post-task questionnaire based on the Technology Acceptance Model. The only difference was that, in the second experiment, the participants were given a pre-drawn use-case diagram to use as a starting point for solving the tasks. In the first experiment, no pre-drawn use-case diagram was provided. The main finding was that attack trees were more effective for finding threats, in particular when there was no pre-drawn use-case diagram. However, the participants had similar opinions of the two techniques, and perception of a technique was not correlated with performance with that technique. The study underlines the need for further comparisons in a broader range of settings involving additional techniques, and it suggests several concrete experiments and other paths for further work.