Abstract
Context: Many security risk assessment methods are proposed both in academia (typically with a graphical notation) and industry (typically with a tabular notation).Question: We compare methods based on those two notations with respect to their actual and perceived efficacy when both groups are equipped with a domain-specific security catalogue (as typically available in industry risk assessments).
Results: Two controlled experiments with MSc students in computer science show that tabular and graphical methods are (statistically) equivalent in quality of identified threats and security controls. In the first experiment the perceived efficacy of tabular method was slightly better than the graphical one, and in the second experiment two methods are perceived as equivalent. Contribution: A graphical notation does not warrant by itself better (security) requirements elicitation than a tabular notation in terms of the quality of actually identified requirements.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
To prevent participants from “auto-pilot” answering, a half of the questions were given in a positive statement and another half in a negative statement.
- 3.
LFV: RTS - One Year In Operation. Available: http://news.cision.com/lfv/r/rts---one-year-in-operation,c9930962.
- 4.
SESAR Project 16.02.03 - ATM Security Risk Assessment Methodology, February 2003. Project aims to analyze existing security risk assessment approaches and adopt them to the ATM domain.
References
Caralli, R., Stevens, J., Young, L., Wilson, W.: Introducing OCTAVE allegro: improving the information security risk assessment process. Technical report, Software Engineering Institute, Carnegie Mellon University (2007)
Carver, J.C., Jaccheri, L., Morasca, S., Shull, F.: A checklist for integrating student empirical studies with research and teaching goals. Empir. Softw. Eng. 15(1), 35–59 (2010)
Davis, F.D.: Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Q. 13, 319–340 (1989)
Deng, M., Wuyts, K., Scandariato, R., Preneel, B., Joosen, W.: A privacy threat analysis framework: supporting the elicitation and fulllment of privacy requirements. Req. Eng. 16(1), 3–32 (2011)
Food, D.A.: Guidance for industry: statistical approaches to establishing bioequivalence (2001)
Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Modeling security requirements through ownership, permission and delegation. In: Proceedings of RE 2005, pp. 167–176. IEEE (2005)
de Gramatica, M., Labunets, K., Massacci, F., Paci, F., Tedeschi, A.: The role of catalogues of threats and security controls in security risk assessment: an empirical study with ATM professionals. In: Fricker, S.A., Schneider, K. (eds.) REFSQ 2015. LNCS, vol. 9013, pp. 98–114. Springer, Heidelberg (2015). doi:10.1007/978-3-319-16101-3_7
Haley, C., Laney, R., Moett, J., Nuseibeh, B.: Security requirements engineering: a framework for representation and analysis. IEEE Trans. Softw. Eng. 34(1), 133–153 (2008)
Hernan, S., Lambert, S., Ostwald, T., Shostack, A.: Threat modeling-uncover security design flaws using the stride approach. MSDN Magazine-Louisville, pp. 68–75 (2006)
Höst, M., Regnell, B., Wohlin, C.: Using students as subjects: a comparative study of students and professionals in lead-time impact assessment. Empir. Softw. Eng. 5(3), 201–214 (2000)
Karpati, P., Redda, Y., Opdahl, A.L., Sindre, G.: Comparing attack trees and misuse cases in an industrial setting. Inform. Soft. Technol. 56(3), 294–308 (2014)
Kopardekar, P.H.: Unmanned aerial system (UAS) traffic management (UTM): Enabling low-altitude airspace and UAS operations. Technical report (2014)
Kopardekar, P.H.: Revising the airspace model for the safe integration of small unmanned aircraft systems. Technical report (2015)
Labunets, K., Massacci, F., Paci, F., Tran, L.M.S.: An experimental comparison of two risk-based security methods. In: Proceedings of ESEM 2013, pp. 163–172. IEEE (2013)
Labunets, K., Paci, F., Massacci, F., Ragosta, M., Solhaug, B.: A first empirical evaluation framework for security risk assessment methods in the ATM domain. In: Proceedings of SIDs 2014. SESAR (2014)
Labunets, K., Paci, F., Massacci, F., Ruprai, R.: An experiment on comparing textual vs. visual industrial methods for security risk assessment. In: Proceedings of EmpiRE Workshop at RE 2014, pp. 28–35. IEEE (2014)
Landoll, D.J., Landoll, D.: The Security Risk Assessment Handbook: A Complete Guide For Performing Security Risk Assessments. CRC Press, New York (2005)
Li, T., Horkoff, J.: Dealing with security requirements for socio-technical systems: a holistic approach. In: Jarke, M., Mylopoulos, J., Quix, C., Rolland, C., Manolopoulos, Y., Mouratidis, H., Horkoff, J. (eds.) CAiSE 2014. LNCS, vol. 8484, pp. 285–300. Springer, Heidelberg (2014). doi:10.1007/978-3-319-07881-6_20
Lund, M.S., Solhaug, B., Stolen, K.: A guided tour of the CORAS method. In: Lund, M.S., Solhaug, B., Stolen, K. (eds.) Model-Driven Risk Analysis, pp. 23–43. Springer, Heidelberg (2011)
Maiden, N., Robertson, S., Ebert, C.: Guest editors’ introduction: shake, rattle, and requirements. IEEE Softw. 22(1), 13 (2005)
Massacci, F., Paci, F.: How to select a security requirements method? A Comparative study with students and practitioners. In: Jøsang, A., Carlsson, B. (eds.) NordSec 2012. LNCS, vol. 7617, pp. 89–104. Springer, Heidelberg (2012). doi:10.1007/978-3-642-34210-3_7
Mellado, D., Fernández-Medina, E., Piattini, M.: Applying a security requirements engineering process. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, pp. 192–206. Springer, Heidelberg (2006). doi:10.1007/11863908_13
Meyners, M.: Equivalence tests a review. Food Qual. Prefer. 26(2), 231–245 (2012)
Mouratidis, H., Giorgini, P.: Secure tropos: a security-oriented extension of the tropos methodology. Int. J. Inform. Syst. Model. Des. 17(02), 285–309 (2007)
Opdahl, A.L., Sindre, G.: Experimental comparison of attack trees and misuse cases for security threat identification. Inform. Soft. Tech. 51(5), 916–932 (2009)
Scandariato, R., Wuyts, K., Joosen, W.: A descriptive study of Microsoft’s threat modeling technique. Req. Eng. 20, 1–18 (2014)
Schuirmann, D.: On hypothesis-testing to determine if the mean of a normal distribution is contained in a known interval. In: Biometrics. vol. 37, pp. 617-617. International Biometric Soc (1981)
SESAR: ATM Security Risk Assessment Methodology. SESAR WP16.2 ATM Security, February 2003
Stålhane, T., Sindre, G.: Identifying safety hazards: an experimental comparison of system diagrams and textual use cases. In: Bider, I., Halpin, T., Krogstie, J., Nurcan, S., Proper, E., Schmidt, R., Soffer, P., Wrycza, S. (eds.) BPMDS/EMMSAD -2012. LNBIP, vol. 113, pp. 378–392. Springer, Heidelberg (2012). doi:10.1007/978-3-642-31072-0_26
Stålhane, T., Sindre, G.: Identifying safety hazards: an experimental comparison of system diagrams and textual use cases. In: Bider, I., Halpin, T., Krogstie, J., Nurcan, S., Proper, E., Schmidt, R., Soffer, P., Wrycza, S. (eds.) BPMDS/EMMSAD -2012. LNBIP, vol. 113, pp. 378–392. Springer, Heidelberg (2012). doi:10.1007/978-3-642-31072-0_26
Stålhane, T., Sindre, G.: An experimental comparison of system diagrams and textual use cases for the identification of safety hazards. Int. J. Inform. Syst. Model. Des. 5(1), 1–24 (2014)
Stålhane, T., Sindre, G., Bousquet, L.: Comparing safety analysis based on sequence diagrams and textual use cases. In: Pernici, B. (ed.) CAiSE 2010. LNCS, vol. 6051, pp. 165–179. Springer, Heidelberg (2010). doi:10.1007/978-3-642-13094-6_14
Svahnberg, M., Aurum, A., Wohlin, C.: Using students as subjects - an empirical evaluation. In: Proceedings of ESEM 2008, pp. 288–290. ACM (2008)
Theilmann, C.A.: Integrating autonomous drones into the national aerospace system. Ph.D. thesis, University of Pennsylvania, PA, US, April 2015
Van Lamsweerde, A.: Goal-oriented requirements engineering: a guided tour. In: Proceedings of RE 2001, pp. 249–262. IEEE (2001)
Wohlin, C., Runeson, P., Host, M., Ohlsson, M.C., Regnell, B., Wesslen, A.: Experimentation in Software Engineering. Springer, Heidelberg (2012)
Acknowledgment
This work has been partly supported by the SESAR JU WPE under contract 12-120610-C12 (EMFASE).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Labunets, K., Massacci, F., Paci, F. (2017). On the Equivalence Between Graphical and Tabular Representations for Security Risk Assessment. In: Grünbacher, P., Perini, A. (eds) Requirements Engineering: Foundation for Software Quality. REFSQ 2017. Lecture Notes in Computer Science(), vol 10153. Springer, Cham. https://doi.org/10.1007/978-3-319-54045-0_15
Download citation
DOI: https://doi.org/10.1007/978-3-319-54045-0_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-54044-3
Online ISBN: 978-3-319-54045-0
eBook Packages: Computer ScienceComputer Science (R0)