A scientific evaluation of the misuse case diagrams visual syntax

Misuse case modeling is a well-known technique in the domain of capturing and specifying functional security requirements. Misuse case modeling provides a mechanism for security analysts to consider and account for security requirements in the early stages of a development process instead of relying...

Full description

Saved in:
Bibliographic Details
Published in:Information and software technology 2015-10, Vol.66, p.73-96
Main Authors: Saleh, Faisal, El-Attar, Mohamed
Format: Article
Language:English
Subjects:
Cognitive evaluation
Misuse cases diagrams
Security management
Semantics
Software engineering
Studies
Visual syntax
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Misuse case modeling is a well-known technique in the domain of capturing and specifying functional security requirements. Misuse case modeling provides a mechanism for security analysts to consider and account for security requirements in the early stages of a development process instead of relying on generic defensive mechanisms that are augmented to software systems towards the latter stages of development. Many research contributions in the area of misuse case modeling have been devoted to extending the notation to increase its coverage of additional security related semantics. However, there lacks research that evaluates the perception of misuse case models by its readers. A misread or misinterpreted misuse case model can have dire consequences downstream leading to the development of an insecure system. This paper presents an assessment of the design of the original misuse case modeling notation based on the Physics of Notations framework. A number of improvements to the notation were suggested. A survey and a controlled experiment were carried out to compare the cognitive effectiveness of the new notation in comparison to the original notation. The survey had 55 participants for have mostly indicated that the new notation is more semantically transparent than the original notation. The results of the experiment show that subjects reading diagrams developed using the new notation performed their tasks an average 6min quicker, while in general the subjects performed their tasks in approximately 14.5min. The experimental tasks only required subjects reading diagrams and not creating them. The main finding of this paper is that the use of colors and icons has improved the readability of misuse case diagrams. Software engineering notations are usually black and white. It is expected that the readability of other software notations will improve if they utilize colors and icons.
ISSN:0950-5849
1873-6025
DOI:10.1016/j.infsof.2015.05.002