Safety Hazard Identification by Misuse Cases: Experimental Comparison of Text and Diagrams

Stålhane, Tor; Sindre, Guttorm

doi:10.1007/978-3-540-87875-9_50

Cited by 22 publications

(22 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the literature we found three main streams of works that compares textual and visual notations: a) studies that proposed cognitive theories to explain the differences between the notations or to explain their relative strengths (Vessey 1991), b) studies that compared different notations from a conceptual point of view (Kaczmarek et al 2015;Saleh and El-Attar 2015), and c) studies that empirically compare graphical and textual representations, e.g., for safety and system requirements (Sharafi et al 2013;Stålhane and Sindre 2008;Stålhane et al 2010;Stålhane and Sindre 2014;de la Vara et al 2016), software architectures (Heijstek et al 2011), and business processes (Ottensooser et al 2012). To the best of our knowledge, there are few similar studies that empirically investigated modeling notations for security risk (Hogganvik and Stølen 2005;Grøndahl et al 2011) or compared graphical and tabular security methods in full scale application experiments (Massacci and Paci 2012;Labunets et al 2013Labunets et al , 2014.…”

Section: Related Workmentioning

confidence: 99%

“…Regarding the studies on comprehensibility in security domain, a series of controlled experiments were conducted by Stålhane et al (Stålhane and Sindre 2008;Stålhane et al 2010;Stålhane and Sindre 2014) to compare the effectiveness of textual and graphical notations in identifying safety hazards during security requirements analysis. They compared textual use cases with system sequence diagrams (Stålhane et al 2010;Stålhane and Sindre 2014) and misuse case diagrams with textual misuse cases (Stålhane and Sindre 2008).…”

Section: Empirical Studies Of Security and Safety Modeling Notationsmentioning

confidence: 99%

“…In short experiments, graphical methods fared better (e.g., (Hogganvik and Stølen 2005;Stålhane and Sindre 2008)). Studies with a full-fledged application for several days had either mixed results (e.g., (Massacci and Paci 2012;Labunets et al 2013Labunets et al , 2014 or concluded that the two notations were equivalent ).…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Graphical vs. Tabular Notations for Risk Models: On the Role of Textual Labels and Complexity

Labunets

Massacci

Tedeschi

2017

2017 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)

View full text Add to dashboard Cite

Abstract[Background] Security risk assessment methods in industry mostly use a tabular notation to represent the assessment results whilst academic works advocate graphical methods. Experiments with MSc students showed that the tabular notation is better than an iconic graphical notation for the comprehension of security risks.[Aim] We investigate whether the availability of textual labels and terse UML-style notation could improve comprehensibility. [Method] We report the results of an online comprehensibility experiment involving 61 professionals with an average of 9 years of working experience, in which we compared the ability to comprehend security risk assessments represented in tabular, UML-style with textual labels, and iconic graphical modeling notations.[Results] Tabular notation are still the most comprehensible notion in both recall and precision. However, the presence of textual labels does improve the precision and recall of participants over iconic graphical models.[Conclusion] Tabular representation better supports extraction of correct information of both simple and complex comprehensibility questions about security risks than the graphical notation but textual labels help.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Empirical Studies Of Security and Safety Modeling Notationsmentioning

confidence: 99%

See 1 more Smart Citation

Graphical vs. Tabular Notations for Risk Models: On the Role of Textual Labels and Complexity

Labunets

Massacci

Tedeschi

2017

2017 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM)

View full text Add to dashboard Cite

show abstract

“…The same effect has been observed in previous experiments. We have found that FMEA outperform misuse case diagrams [17] when it comes to network problems and that misuse cases based on both diagrams and text score low on the failure modes "software unavailable", "network down" and "delete files" [18]. Thus, as a general conclusion, we will claim that TUC is better than SSD for all failure modes except those pertaining to the inner working of the computer system.…”

Section: Fig 3 Frequency Differences For All Failure Modesmentioning

confidence: 78%

Comparing Safety Analysis Based on Sequence Diagrams and Textual Use Cases

Stålhane

Sindre

Bousquet

2010

Notes on Numerical Fluid Mechanics and Multidisciplinary Design

Self Cite

View full text Add to dashboard Cite

Abstract. Safety is of growing importance for information systems due to increased integration with embedded systems. Discovering potential hazards as early as possible in the development is key to avoid costly redesign later. This implies that hazards should be identified based on the requirements, and it is then useful to compare various specification techniques to find out the strengths and weaknesses of each with respect to finding and documenting hazards. This paper reports on two experiments in hazards identification -one experiment based on textual use cases and one based on systems sequence diagrams. The comparison of the experimental results reveal that use cases are better for identifying hazards related to the operation of the system while system sequence diagrams are better for the identification of hazards related to the system itself. The combination of these two techniques is therefore likely to uncover more hazards than one technique alone.

show abstract

“…Stålhane et al have conducted a series of experiments to evaluate two representations of misuse cases: a graphical diagram and a textual template. The results reported in [23] revealed that textual use cases helped to identify more threats than use-case diagrams. In more recent experiments [24,25,26], Stålhane et al compared textual misuse cases with UML system sequence diagrams.…”

Section: Background and Related Workmentioning

confidence: 82%

On the Equivalence Between Graphical and Tabular Representations for Security Risk Assessment

Labunets

Massacci

Paci

2017

Requirements Engineering: Foundation for Software Quality

View full text Add to dashboard Cite

Abstract.[Context] Many security risk assessment methods are proposed both in academia (typically with a graphical notation) and industry (typically with a tabular notation).[Question] We compare methods based on those two notations with respect to their actual and perceived efficacy when both groups are equipped with a domain-specific security catalogue (as typically available in industry risk assessments).[Results] Two controlled experiments with MSc students in computer science show that tabular and graphical methods are (statistically) equivalent in quality of identified threats and security controls. In the first experiment the perceived efficacy of tabular method was slightly better than the graphical one, and in the second experiment two methods are perceived as equivalent.[Contribution] A graphical notation does not warrant by itself better (security) requirements elicitation than a tabular notation in terms of the quality of actually identified requirements.

show abstract

Safety Hazard Identification by Misuse Cases: Experimental Comparison of Text and Diagrams

Cited by 22 publications

References 24 publications

Graphical vs. Tabular Notations for Risk Models: On the Role of Textual Labels and Complexity

Graphical vs. Tabular Notations for Risk Models: On the Role of Textual Labels and Complexity

Comparing Safety Analysis Based on Sequence Diagrams and Textual Use Cases

On the Equivalence Between Graphical and Tabular Representations for Security Risk Assessment

Contact Info

Product

Resources

About