A scientific evaluation of the misuse case diagrams visual syntax

Saleh, Faisal; El‐Attar, Mohamed

doi:10.1016/j.infsof.2015.05.002

Cited by 27 publications

(11 citation statements)

References 41 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In the literature we found three main streams of works that compares textual and visual notations: a) studies that proposed cognitive theories to explain the differences between the notations or to explain their relative strengths (Vessey 1991), b) studies that compared different notations from a conceptual point of view (Kaczmarek et al 2015;Saleh and El-Attar 2015), and c) studies that empirically compare graphical and textual representations, e.g., for safety and system requirements (Sharafi et al 2013;Stålhane and Sindre 2008;Stålhane et al 2010;Stålhane and Sindre 2014;de la Vara et al 2016), software architectures (Heijstek et al 2011), and business processes (Ottensooser et al 2012). To the best of our knowledge, there are few similar studies that empirically investigated modeling notations for security risk (Hogganvik and Stølen 2005;Grøndahl et al 2011) or compared graphical and tabular security methods in full scale application experiments (Massacci and Paci 2012;Labunets et al 2013Labunets et al , 2014.…”

Section: Related Workmentioning

confidence: 99%

Graphical vs. Tabular Notations for Risk Models: On the Role of Textual Labels and Complexity

Labunets

Massacci

Tedeschi

2017

2017 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)

View full text Add to dashboard Cite

Abstract[Background] Security risk assessment methods in industry mostly use a tabular notation to represent the assessment results whilst academic works advocate graphical methods. Experiments with MSc students showed that the tabular notation is better than an iconic graphical notation for the comprehension of security risks.[Aim] We investigate whether the availability of textual labels and terse UML-style notation could improve comprehensibility. [Method] We report the results of an online comprehensibility experiment involving 61 professionals with an average of 9 years of working experience, in which we compared the ability to comprehend security risk assessments represented in tabular, UML-style with textual labels, and iconic graphical modeling notations.[Results] Tabular notation are still the most comprehensible notion in both recall and precision. However, the presence of textual labels does improve the precision and recall of participants over iconic graphical models.[Conclusion] Tabular representation better supports extraction of correct information of both simple and complex comprehensibility questions about security risks than the graphical notation but textual labels help.

show abstract

Section: Related Workmentioning

confidence: 99%

Graphical vs. Tabular Notations for Risk Models: On the Role of Textual Labels and Complexity

Labunets

Massacci

Tedeschi

2017

2017 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)

View full text Add to dashboard Cite

show abstract

“…Several studies have compared textual and visual notations: some studies have proposed cognitive theories to explain the differences between the two notations or to explain their relative strengths (Vessey 1991;Moody 2009); other studies have compared different notations from a conceptual point of view (Kaczmarek et al 2015;Saleh and El-Attar 2015). Several empirical studies have compared graphical and textual representations for requirements (Sharafi et al 2013;Stålhane and Sindre 2008;Stålhane et al 2010;Stålhane and Sindre 2014), software architectures (Heijstek et al 2011), and business processes (Ottensooser et al 2012).…”

Section: Related Workmentioning

confidence: 99%

Model Comprehension for Security Risk Assessment: An Empirical Comparison of Tabular vs. Graphical Representations

et al. 2017

View full text Add to dashboard Cite

Tabular and graphical representations are used to communicate security risk assessments for IT systems. However, there is no consensus on which type of representation better supports the comprehension of risks (such as the relationships between threats, vulnerabilities and security controls). Cognitive fit theory predicts that spatial relationships should be better captured by graphs. In this paper we report the results of two studies performed in two countries with 69 and 83 participants respectively, in which we assessed the effectiveness of tabular and graphical representations with respect to extraction correct information about security risks. The experimental results show that tabular risk models are more effective than the graphical ones with respect to simple comprehension tasks and in some cases are more effective for complex comprehension tasks. We explain our findings by proposing a simple extension of Vessey's cognitive fit theory as some linear spatial relationships could be also captured by tabular models.

show abstract

“…Dr. Andreas Opdahl correctly answered all questions in the first section of the questionnaire and has preferred the entire set of the new notation symbols." [51] Such arguments should be avoided at all costs, because they draw attention away from the design rationale itself, potentially biasing the reader to bypass direct examination of the presented evidence, trusting instead in the supposed expertise of an authority [52].…”

Section: Is It the Pon Its Followers Or Both?mentioning

confidence: 99%

A Systematic Literature Review of Applications of the Physics of Notations

Linden¹,

Hadar²

2019

IIEEE Trans. Software Eng.

View full text Add to dashboard Cite

The Physics of Notations (PoN) is a theory for the design of cognitively effective visual notations, emphasizing the need for design grounded in objective and verifiable rationale. Although increasingly applied, no systematic analysis of PoN applications has yet been performed to assess the theory's efficacy in practice. OBJECTIVES: Our primary objective was to assess the scope and verifiability of PoN applications. METHOD: We performed a systematic literature review (SLR) of peer-reviewed PoN applications. We analyzed what visual notations have been evaluated and designed using the PoN, for what reasons, to what degree applications consider requirements of their notation's users, and how verifiable these applications are. RESULTS: Seventy PoN applications were analyzed. We found major differences between applications evaluating existing notations and applications designing new notations. Particularly, in the case of new notations, we found that most applications adopted the PoN with little critical thought towards it, rarely considered its suitability for a particular context, and typically treated and discussed the PoN with few, if any, verifiable details and data. CONCLUSION: The results warrant consideration for those applying the PoN to do so carefully, and show the need for additional means to guide designers in systematically applying the PoN.

show abstract

A scientific evaluation of the misuse case diagrams visual syntax

Cited by 27 publications

References 41 publications

Graphical vs. Tabular Notations for Risk Models: On the Role of Textual Labels and Complexity

Graphical vs. Tabular Notations for Risk Models: On the Role of Textual Labels and Complexity

Model Comprehension for Security Risk Assessment: An Empirical Comparison of Tabular vs. Graphical Representations

A Systematic Literature Review of Applications of the Physics of Notations

Contact Info

Product

Resources

About