Abstract
This paper presents an experiment on the reusability of threat models, specifically misuse case diagrams. The objective was to investigate the produced and perceived differences when modelling with or without the aid of existing models. 30 participants worked with two case studies using a Latin-squares experimental design. Results show that reuse is the preferred alternative. However, the existing models must be of high quality, otherwise a security risk would arise due to false confidence. Also, reuse of misuse case diagrams is perceived to improve the quality of the new models as well as improve productivity compared to modelling from scratch.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Alexander, I.: Initial industrial experience of misuse cases in trade-off analysis. In: Proceedings of IEEE Joint International Conference on Requirements Engineering, pp. 61–68 (2002)
Carver, J.C., Jaccheri, L., Morasca, S., Shull, F.: A checklist for integrating student empirical studies with research and teaching goals. Empirical Softw. Engg. 15(1), 35–59 (2010)
Davis, F.: Perceived usefulness, perceived ease of use, and user acceptance of information technologies. MIS Quarterly 13(3), 319–340 (1989)
Firesmith, D.: Specifying reusable security requirements. Journal of Object Technology 3, 61–75 (2004)
Geer, D.: Are companies actually using secure development life cycles? Computer 43, 12–16 (2010)
Höst, M., Regnell, B., Wohlin, C.: Using students as subjects - a comparative study of students and professionals in lead-time impact assessment. Empirical Softw. Engg. 5(3), 201–214 (2000)
McDermott, J., Fox, C.: Using abuse case models for security requirements analysis. In: Proceedings of 15th Annual Computer Security Applications Conference, ACSAC 1999, pp. 55–64 (1999)
Meland, P.H., Tøndel, I.A., Jensen, J.: Idea: Reusability of threat models - two approaches with an experimental evaluation. In: Massacci, F., Wallach, D., Zannone, N. (eds.) ESSoS 2010. LNCS, vol. 5965, pp. 114–122. Springer, Heidelberg (2010)
Opdahl, A.L., Sindre, G.: Experimental comparison of attack trees and misuse cases for security threat identification. Information and Software Technology 51(5), 916–932 (2009)
Schneier, B.: Attack trees. Dr. Dobb’s Journal (1999)
Sindre, G., Opdahl, A.L.: Eliciting security requirements with misuse cases. Requirements Engineering 10(1), 33–44 (2005)
Sindre, G., Opdahl, A.: Eliciting security requirements by misuse cases. In: Proceedings of 37th International Conference on Technology of Object-Oriented Languages and Systems, TOOLS-Pacific 2000, pp. 120–131 (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jensen, J., Tøndel, I.A., Meland, P.H. (2010). Experimental Threat Model Reuse with Misuse Case Diagrams. In: Soriano, M., Qing, S., López, J. (eds) Information and Communications Security. ICICS 2010. Lecture Notes in Computer Science, vol 6476. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17650-0_25
Download citation
DOI: https://doi.org/10.1007/978-3-642-17650-0_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17649-4
Online ISBN: 978-3-642-17650-0
eBook Packages: Computer ScienceComputer Science (R0)