Self-adaptive systems need to be designed with respect to threats within their operating conditions. Identifying such threats during the design phase can benefit from the involvement of stakeholders. Using a system model, the stakeholders, who may neither be IT experts nor security experts, can identify threats as a first step towards formulating security requirements. To support it, the modeling language might possess adequate features to support this task. This paper investigates how iconic signs as a feature of an informal modeling language can contribute to eliciting security requirements by non-experts. Taking urban grid as a case, we relate benefits and specifics of using iconic signs to the two modeling challenges: i) reducing the cognitive complexity required to understand and model a system by non-experts, and ii) facilitating the threat identification activity using a system model. Outputs of three experiments suggest that iconic signs do assists in addressing the challenges.
Towards security requirements: Iconicity as a feature of an informal modeling language / Vasenev, Alexandr; Ionita, Dan; Zoppi, Tommaso; Ceccarelli, Andrea; Wieringa, Roel. - ELETTRONICO. - 1796:(2017), pp. 0-0. (Intervento presentato al convegno 2017 Joint REFSQ Workshops, Doctoral Symposium, Research Method Track, and Poster Track, co-located with the 23rd International Conference on Requirements Engineering: Foundation for Software Quality, REFSQ 2017 tenutosi a Essen, Germany nel 2017).
Towards security requirements: Iconicity as a feature of an informal modeling language
ZOPPI, TOMMASO;CECCARELLI, ANDREA;
2017
Abstract
Self-adaptive systems need to be designed with respect to threats within their operating conditions. Identifying such threats during the design phase can benefit from the involvement of stakeholders. Using a system model, the stakeholders, who may neither be IT experts nor security experts, can identify threats as a first step towards formulating security requirements. To support it, the modeling language might possess adequate features to support this task. This paper investigates how iconic signs as a feature of an informal modeling language can contribute to eliciting security requirements by non-experts. Taking urban grid as a case, we relate benefits and specifics of using iconic signs to the two modeling challenges: i) reducing the cognitive complexity required to understand and model a system by non-experts, and ii) facilitating the threat identification activity using a system model. Outputs of three experiments suggest that iconic signs do assists in addressing the challenges.
| File | Dimensione | Formato | |
|---|---|---|---|
|
iconicity.pdf
accesso aperto
Tipologia:
Pdf editoriale (Version of record)
Licenza:
Creative commons
Dimensione
5.39 MB
Formato
Adobe PDF
|
5.39 MB | Adobe PDF |
I documenti in FLORE sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
