Investigating security threats in architectural context: Experimental evaluations of misuse case maps
| dc.contributor.author | Karpati, Peter | |
| dc.contributor.author | Opdahl, Andreas Lothe | |
| dc.contributor.author | Sindre, Guttorm | |
| dc.date.accessioned | 2024-04-23T09:05:02Z | |
| dc.date.available | 2024-04-23T09:05:02Z | |
| dc.date.created | 2015-02-17T12:12:38Z | |
| dc.date.issued | 2015 | |
| dc.identifier.citation | Journal of Systems and Software. 2015, 104 90-111. | en_US |
| dc.identifier.issn | 0164-1212 | |
| dc.identifier.uri | https://hdl.handle.net/11250/3127742 | |
| dc.description.abstract | Many techniques have been proposed for eliciting software security requirements during the early requirements engineering phase. However, few techniques so far provide dedicated views of security issues in a software systems architecture context. This is a problem, because almost all requirements work today happens in a given architectural context, and understanding this architecture is vital for identifying security vulnerabilities and corresponding mitigations. Misuse case maps attempt to provide an integrated view of security and architecture by augmenting use case maps with misuse case concepts. This paper evaluates misuse case maps through two controlled experiments where 33 and 54 ICT students worked on complex real-life intrusions described in the literature. The students who used misuse case maps showed significantly better understanding of intrusions and better ability to suggest mitigations than students who used a combination of two existing techniques as an alternative treatment. Misuse case maps were also perceived more favourably overall than the alternative treatment, and participants reported using misuse case maps more when solving their tasks. | en_US |
| dc.description.abstract | Investigating security threats in architectural context: Experimental evaluations of misuse case maps | en_US |
| dc.language.iso | eng | en_US |
| dc.publisher | Elsevier | en_US |
| dc.rights | Attribution-NonCommercial-NoDerivatives 4.0 Internasjonal | * |
| dc.rights.uri | http://creativecommons.org/licenses/by-nc-nd/4.0/deed.no | * |
| dc.title | Investigating security threats in architectural context: Experimental evaluations of misuse case maps | en_US |
| dc.title.alternative | Investigating security threats in architectural context: Experimental evaluations of misuse case maps | en_US |
| dc.type | Journal article | en_US |
| dc.type | Peer reviewed | en_US |
| dc.description.version | acceptedVersion | en_US |
| dc.rights.holder | © 2015. This manuscript version is made available under the CC-BY-NC-ND 4.0 license https://creativecommons.org/licenses/by-nc-nd/4.0/(opens in new tab/window) | en_US |
| dc.subject.nsi | VDP::Informasjons- og kommunikasjonssystemer: 321 | en_US |
| dc.subject.nsi | VDP::Information and communication systems: 321 | en_US |
| dc.source.pagenumber | 90-111 | en_US |
| dc.source.volume | 104 | en_US |
| dc.source.journal | Journal of Systems and Software | en_US |
| dc.identifier.doi | 10.1016/j.jss.2015.02.040 | |
| dc.identifier.cristin | 1222944 | |
| cristin.ispublished | true | |
| cristin.fulltext | postprint | |
| cristin.qualitycode | 2 |
Files in this item
This item appears in the following Collection(s)
Except where otherwise noted, this item's license is described as Attribution-NonCommercial-NoDerivatives 4.0 Internasjonal