Comparison of i*-based and Use Case-based Security Modelling Initiatives for Software Requirements Engineering: An empirical comparison of Secure Tropos and Misuse Cases
In the course TDT4501 - Specialization Project - ReqSec project, the preparatory course to this thesis, through purely analytical evaluation of the eight modeling approaches, the advantages and disadvantages were illustrated based on the categories - i*-based modeling approach and Use Case-based modeling approach.
However, only a purely analytical evaluation of the modeling approaches does not always
reflect their practical usefulness. Hence, the [motivation] of the thesis was selecting two modeling approaches, those are Secure Tropos and Misuse Cases, using an empirical investigation for such evaluations to guide the researchers and practitioners a better overview and understanding of the benefits of the two modeling approaches in a real life usage. The objective was to see if the advantages claimed analytically in the previous project also come true in practice. [Questions] Through a controlled experiment, two core problems shall be investigated: a) How about the participants performance when they applied the two modeling approaches to finish tasks in the experiment and b) Their preference for the two modeling approaches after the experiment. The [principle] was using two modeling approaches to perform the experiment, through the participants performance on the identified number of threats and mitigations for the experiment cases, and their perception of the two modeling approaches by means of asking them to estimate the usage of modeling diagrams, textual description of cases, and memory in the experiment. And combining with the evaluation of post-questionnaire analysis, the conclusions were summarized based on the empirical study of statistical results and the previous analytical study results, to investigate whether the empirical evaluation could match well with analytical evaluation or not.
[Contribution] The experiment project was the first time to compare the Secure Tropos
and Misuse Cases comprehensibly. The results illustrated that both modeling techniques
had no significant difference of identifying threats but they had significant difference of identifying mitigations in this controlled experiment with 50 students who apply to both modeling approaches with relevant cases. And through analyzing the same case with the same modeling approach or different modeling approach of the experiment, it was found that Net Shopping case was identified more mitigations and threats by the participants when considering the aspect of technique criteria of threats and mitigations. The participants were complementary regarding goal-based modeling approach in some security issues and performed non-techniques threats and mitigations in this controlled experiment. Hence, Secure Tropos was investigated perceiving more favorable. In the last, comparing with the six dimensions from previous analytical comparison, the investigation shows that most of the two modeling approaches advantages were confirmed, and the results also coincided to the previous analytical evaluation.
Keywords: Secure Tropos, Misuse Case, Empirical Study, Security Modeling
Place, publisher, year, edition, pages
Institutt for datateknikk og informasjonsvitenskap , 2012. , 164 p.
ntnudaim:5883, MSINFOSYST Master in Information Systems, Information Systems Engineering
IdentifiersURN: urn:nbn:no:ntnu:diva-18758Local ID: ntnudaim:5883OAI: oai:DiVA.org:ntnu-18758DiVA: diva2:566243
Sindre, Guttorm, Professor