Assessing the Understandability and Acceptance of Attack-Defense Trees for Modelling Security Requirements
Requirements Engineering: Foundation for Software Quality Lecture Notes in Computer Science(2024)
摘要
Context and Motivation Attack-Defense Trees (ADTs) are a graphical notation
used to model and assess security requirements. ADTs are widely popular, as
they can facilitate communication between different stakeholders involved in
system security evaluation, and they are formal enough to be verified, e.g.,
with model checkers. Question/Problem While the quality of this notation has
been primarily assessed quantitatively, its understandability has never been
evaluated despite being mentioned as a key factor for its success. Principal
idea/Results In this paper, we conduct an experiment with 25 human subjects to
assess the understandability and user acceptance of the ADT notation. The study
focuses on performance-based variables and perception-based variables, with the
aim of evaluating the relationship between these measures and how they might
impact the practical use of the notation. The results confirm a good level of
understandability of ADTs. Participants consider them useful, and they show
intention to use them. Contribution This is the first study empirically
supporting the understandability of ADTs, thereby contributing to the theory of
security requirements engineering.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要