The University of Southampton
University of Southampton Institutional Repository

An experimental comparison of two risk-based security methods

Labunets, Katsyarina, Massacci, Fabio, Paci, Federica and Tran, Le Minh Sang (2013) An experimental comparison of two risk-based security methods At 2013 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), United States. 10 - 11 Oct 2013. 10 pp. (doi:10.1109/ESEM.2013.29).

Record type: Conference or Workshop Item (Paper)

Abstract

A significant number of methods have been proposed to identify and analyze threats and security requirements, but there are few empirical evaluations that show these methods work in practice. This paper reports a controlled experiment conducted with 28 master students to compare two classes of risk-based methods, visual methods (CORAS) and textual methods (SREP). The aim of the experiment was to compare the effectiveness and perception of the two methods. The participants divided in groups solved four different tasks by applying the two methods using a randomized block design. The dependent variables were effectiveness of the methods measured as number of threats and security requirements identified, and perception of the methods measured through a post-task questionnaire based on the Technology Acceptance Model. The experiment was complemented with participants' interviews to determine which features of the methods influence their effectiveness. The main findings were that the visual method is more effective for identifying threats than the textual one, while the textual method is slightly more effective for eliciting security requirements. In addition, visual method overall perception and intention to use were higher than for the textual method.

PDF labunets-esem-2013.pdf - Version of Record
Restricted to Repository staff only
Download (347kB)

More information

e-pub ahead of print date: October 2013
Venue - Dates: 2013 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM), United States, 2013-10-10 - 2013-10-11
Organisations: Electronic & Software Systems

Identifiers

Local EPrints ID: 403225
URI: http://eprints.soton.ac.uk/id/eprint/403225
PURE UUID: ac2eca8d-01f6-4059-836d-19cfe7b75b7e

Catalogue record

Date deposited: 02 Dec 2016 13:56
Last modified: 17 Jul 2017 17:43

Export record

Altmetrics

Contributors

Author: Katsyarina Labunets
Author: Fabio Massacci
Author: Federica Paci
Author: Le Minh Sang Tran

University divisions

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×