| dc.description.abstract | In the course TDT4501 - Specialization Project - ReqSec project , the preparatory course to this thesis, through purely analytical evaluation of the eight modeling approaches, the advantages and disadvantages were illustrated based on the categories - i*-based modeling approach and Use Case-based modeling approach.However, only a purely analytical evaluation of the modeling approaches does not alwaysreflect their practical usefulness. Hence, the [motivation] of the thesis was selecting two modeling approaches, those are Secure Tropos and Misuse Cases, using an empirical investigation for such evaluations to guide the researchers and practitioners a better overview and understanding of the benefits of the two modeling approaches in a real life usage. The objective was to see if the advantages claimed analytically in the previous project also come true in practice. [Questions] Through a controlled experiment, two core problems shall be investigated: a) How about the participants performance when they applied the two modeling approaches to finish tasks in the experiment and b) Their preference for the two modeling approaches after the experiment. The [principle] was using two modeling approaches to perform the experiment, through the participants performance on the identified number of threats and mitigations for the experiment cases, and their perception of the two modeling approaches by means of asking them to estimate the usage of modeling diagrams, textual description of cases, and memory in the experiment. And combining with the evaluation of post-questionnaire analysis, the conclusions were summarized based on the empirical study of statistical results and the previous analytical study results, to investigate whether the empirical evaluation could match well with analytical evaluation or not.[Contribution] The experiment project was the first time to compare the Secure Troposand Misuse Cases comprehensibly. The results illustrated that both modeling techniqueshad no significant difference of identifying threats but they had significant difference of identifying mitigations in this controlled experiment with 50 students who apply to both modeling approaches with relevant cases. And through analyzing the same case with the same modeling approach or different modeling approach of the experiment, it was found that Net Shopping case was identified more mitigations and threats by the participants when considering the aspect of technique criteria of threats and mitigations. The participants were complementary regarding goal-based modeling approach in some security issues and performed non-techniques threats and mitigations in this controlled experiment. Hence, Secure Tropos was investigated perceiving more favorable. In the last, comparing with the six dimensions from previous analytical comparison, the investigation shows that most of the two modeling approaches advantages were confirmed, and the results also coincided to the previous analytical evaluation.Keywords: Secure Tropos, Misuse Case, Empirical Study, Security Modeling | nb_NO |
