Comparing Safety Analysis Based on Sequence Diagrams and Textual Use Cases

Stålhane, Tor; Sindre, Guttorm; Bousquet, Lydie Du

doi:10.1007/978-3-642-13094-6_14

Cited by 18 publications

(15 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the literature we found three main streams of works that compares textual and visual notations: a) studies that proposed cognitive theories to explain the differences between the notations or to explain their relative strengths (Vessey 1991), b) studies that compared different notations from a conceptual point of view (Kaczmarek et al 2015;Saleh and El-Attar 2015), and c) studies that empirically compare graphical and textual representations, e.g., for safety and system requirements (Sharafi et al 2013;Stålhane and Sindre 2008;Stålhane et al 2010;Stålhane and Sindre 2014;de la Vara et al 2016), software architectures (Heijstek et al 2011), and business processes (Ottensooser et al 2012). To the best of our knowledge, there are few similar studies that empirically investigated modeling notations for security risk (Hogganvik and Stølen 2005;Grøndahl et al 2011) or compared graphical and tabular security methods in full scale application experiments (Massacci and Paci 2012;Labunets et al 2013Labunets et al , 2014.…”

Section: Related Workmentioning

confidence: 99%

“…Regarding the studies on comprehensibility in security domain, a series of controlled experiments were conducted by Stålhane et al (Stålhane and Sindre 2008;Stålhane et al 2010;Stålhane and Sindre 2014) to compare the effectiveness of textual and graphical notations in identifying safety hazards during security requirements analysis. They compared textual use cases with system sequence diagrams (Stålhane et al 2010;Stålhane and Sindre 2014) and misuse case diagrams with textual misuse cases (Stålhane and Sindre 2008).…”

Section: Empirical Studies Of Security and Safety Modeling Notationsmentioning

confidence: 99%

“…They compared textual use cases with system sequence diagrams (Stålhane et al 2010;Stålhane and Sindre 2014) and misuse case diagrams with textual misuse cases (Stålhane and Sindre 2008). These studies showed that the textual representation helps the user to focus in the relevant areas and was more effective in identification of threats related to functionalities and user behavior, whilst diagrams were more effective for understanding system's internal working and identifying related threats.…”

Section: Empirical Studies Of Security and Safety Modeling Notationsmentioning

confidence: 99%

See 2 more Smart Citations

Graphical vs. Tabular Notations for Risk Models: On the Role of Textual Labels and Complexity

Labunets

Massacci

Tedeschi

2017

2017 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)

View full text Add to dashboard Cite

Abstract[Background] Security risk assessment methods in industry mostly use a tabular notation to represent the assessment results whilst academic works advocate graphical methods. Experiments with MSc students showed that the tabular notation is better than an iconic graphical notation for the comprehension of security risks.[Aim] We investigate whether the availability of textual labels and terse UML-style notation could improve comprehensibility. [Method] We report the results of an online comprehensibility experiment involving 61 professionals with an average of 9 years of working experience, in which we compared the ability to comprehend security risk assessments represented in tabular, UML-style with textual labels, and iconic graphical modeling notations.[Results] Tabular notation are still the most comprehensible notion in both recall and precision. However, the presence of textual labels does improve the precision and recall of participants over iconic graphical models.[Conclusion] Tabular representation better supports extraction of correct information of both simple and complex comprehensibility questions about security risks than the graphical notation but textual labels help.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Empirical Studies Of Security and Safety Modeling Notationsmentioning

confidence: 99%

Section: Empirical Studies Of Security and Safety Modeling Notationsmentioning

confidence: 99%

See 1 more Smart Citation

Graphical vs. Tabular Notations for Risk Models: On the Role of Textual Labels and Complexity

Labunets

Massacci

Tedeschi

2017

2017 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)

View full text Add to dashboard Cite

show abstract

“…As described in Section 2, H4U is part of a functional requirements elicitation, whereas the approaches presented by Srivatanakul et al (2004), and Allenby and Kelly (2001) are concerned with nonfunctional requirements. Analysis of use cases has also been studied by others (Alexander 2003;Stålhane and Sindre 2007;Stålhane et al 2010); however, they are not using HAZOP at all.…”

Section: Related Workmentioning

confidence: 99%

HAZOP-based identification of events in use cases

et al. 2013

View full text Add to dashboard Cite

Completeness is one of the main quality attributes of requirements specifications. If functional requirements are expressed as use cases, one can be interested in event completeness. A use case is event complete if it contains description of all the events that can happen when executing the use case. Missing events in any use case can lead to higher project costs. Thus, the question arises of what is a good method of identification of events in use cases and what accuracy and review speed one can expect from it. The goal of this study was to check if (1) HAZOPbased event identification is more effective than ad hoc review and (2) what is the review speed of these two approaches. Two controlled experiments were conducted in order to evaluate ad hoc approach and H4U method to event identification. The first experiment included 18 students, while the second experiment was conducted with the help of 82 professionals. In both cases, accuracy and review speed of the investigated methods were measured and analyzed. Moreover, the usage of HAZOP keywords was analyzed. In both experiments, a benchmark specification based on use cases was used. The first experiment with students showed that a HAZOP-based review is more effective in event identification than ad hoc review and this result is statistically significant. However, the reviewing speed of HAZOP-based reviews is lower. The second experiment with professionals confirmed these results. These experiments showed also that event completeness is hard to achieve. It on average ranged from 0.15 to 0.26. HAZOP-based identification of events in use cases is an useful alternative to ad hoc reviews. It can achieve higher event completeness at the cost of an increase in effort.

show abstract

“…The results reported in [23] revealed that textual use cases helped to identify more threats than use-case diagrams. In more recent experiments [24,25,26], Stålhane et al compared textual misuse cases with UML system sequence diagrams. The results showed that textual misuse cases are better than sequence diagrams in identification of threats related to required functionality or user behavior.…”

Section: Background and Related Workmentioning

confidence: 99%

On the Equivalence Between Graphical and Tabular Representations for Security Risk Assessment

Labunets

Massacci

Paci

2017

Requirements Engineering: Foundation for Software Quality

View full text Add to dashboard Cite

Abstract.[Context] Many security risk assessment methods are proposed both in academia (typically with a graphical notation) and industry (typically with a tabular notation).[Question] We compare methods based on those two notations with respect to their actual and perceived efficacy when both groups are equipped with a domain-specific security catalogue (as typically available in industry risk assessments).[Results] Two controlled experiments with MSc students in computer science show that tabular and graphical methods are (statistically) equivalent in quality of identified threats and security controls. In the first experiment the perceived efficacy of tabular method was slightly better than the graphical one, and in the second experiment two methods are perceived as equivalent.[Contribution] A graphical notation does not warrant by itself better (security) requirements elicitation than a tabular notation in terms of the quality of actually identified requirements.

show abstract

Comparing Safety Analysis Based on Sequence Diagrams and Textual Use Cases

Cited by 18 publications

References 18 publications

Graphical vs. Tabular Notations for Risk Models: On the Role of Textual Labels and Complexity

Graphical vs. Tabular Notations for Risk Models: On the Role of Textual Labels and Complexity

HAZOP-based identification of events in use cases

On the Equivalence Between Graphical and Tabular Representations for Security Risk Assessment

Contact Info

Product

Resources

About