Cristin-resultat-ID: 1222944
Sist endret: 17. januar 2016, 16:24
NVI-rapporteringsår: 2015
Resultat
Vitenskapelig artikkel
2015

Investigating security threats in architectural context: Experimental evaluations of misuse case maps

Bidragsytere:
  • Peter Karpati
  • Andreas Lothe Opdahl og
  • Guttorm Sindre

Tidsskrift

Journal of Systems and Software
ISSN 0164-1212
e-ISSN 1873-1228
NVI-nivå 2

Om resultatet

Vitenskapelig artikkel
Publiseringsår: 2015
Volum: 104
Sider: 90 - 111

Importkilder

Scopus-ID: 2-s2.0-84927547379

Klassifisering

Vitenskapsdisipliner

Informasjons- og kommunikasjonssystemer

Beskrivelse Beskrivelse

Tittel

Investigating security threats in architectural context: Experimental evaluations of misuse case maps

Sammendrag

Many techniques have been proposed for eliciting software security requirements during the early requirements engineering phase. However, few techniques so far provide dedicated views of security issues in a software systems architecture context. This is a problem, because almost all requirements work today happens in a given architectural context, and understanding this architecture is vital for identifying security vulnerabilities and corresponding mitigations. Misuse case maps attempt to provide an integrated view of security and architecture by augmenting use case maps with misuse case concepts. This paper evaluates misuse case maps through two controlled experiments where 33 and 54 ICT students worked on complex real-life intrusions described in the literature. The students who used misuse case maps showed significantly better understanding of intrusions and better ability to suggest mitigations than students who used a combination of two existing techniques as an alternative treatment. Misuse case maps were also perceived more favourably overall than the alternative treatment, and participants reported using misuse case maps more when solving their tasks.

Bidragsytere

Peter Karpati

  • Tilknyttet:
    Forfatter
    ved Institutt for datateknologi og informatikk ved Norges teknisk-naturvitenskapelige universitet
Aktiv cristin-person

Andreas Lothe Opdahl

  • Tilknyttet:
    Forfatter
    ved Institutt for informasjons- og medievitenskap ved Universitetet i Bergen

Guttorm Sindre

  • Tilknyttet:
    Forfatter
    ved Institutt for datateknologi og informatikk ved Norges teknisk-naturvitenskapelige universitet
1 - 3 av 3