Empirical Software Engineering
Initial Industrial Experience of Misuse Cases in Trade-Off Analysis
RE '02 Proceedings of the 10th Anniversary IEEE Joint International Conference on Requirements Engineering
Using Abuse Case Models for Security Requirements Analysis
ACSAC '99 Proceedings of the 15th Annual Computer Security Applications Conference
Eliciting security requirements with misuse cases
Requirements Engineering
Experimental comparison of attack trees and misuse cases for security threat identification
Information and Software Technology
A checklist for integrating student empirical studies with research and teaching goals
Empirical Software Engineering
Idea: reusability of threat models – two approaches with an experimental evaluation
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Comparing Misuse Case and Mal-Activity Diagrams for Modelling Social Engineering Attacks
International Journal of Secure Software Engineering
Hi-index | 0.00 |
This paper presents an experiment on the reusability of threat models, specifically misuse case diagrams. The objective was to investigate the produced and perceived differences when modelling with or without the aid of existing models. 30 participants worked with two case studies using a Latin-squares experimental design. Results show that reuse is the preferred alternative. However, the existing models must be of high quality, otherwise a security risk would arise due to false confidence. Also, reuse of misuse case diagrams is perceived to improve the quality of the new models as well as improve productivity compared to modelling from scratch.