User Tools

Site Tools


seceng-course-exp-2012

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
seceng-course-exp-2012 [2014/07/08 17:34]
federica.paci@unitn.it [Measurements]
seceng-course-exp-2012 [2021/01/29 10:58] (current)
Line 3: Line 3:
 An experiment by Katsyarina Labunets, Fabio Massacci, Federica Paci, Le Minh Sang Tran. An experiment by Katsyarina Labunets, Fabio Massacci, Federica Paci, Le Minh Sang Tran.
  
-This page provides additional resources that enable replication of our work published at {{:​research_activities:​experiments:​2013-seceng:​labunets-esem-2013-accepted.pdf|ESEM 2013}}.+This page provides additional resources that enable replication of our work published at {{:​research_activities:​experiments:​2013-seceng:​labunets-esem-2013-accepted.pdf|ESEM 2013}}. See the [[validation_of_risk_and_security_requirements_methodologies|main page]] for our work on empirical validation of security risk assessment methods and other experiments.
 ===== Goals ===== ===== Goals =====
 The goal of the experiment was to evaluate and compare two types of risk-driven methods, namely, visual methods (CORAS) and textual methods (SREP) with respect to their //​effectiveness//​ in identifying threats and security requirements,​ and the //​participants’ perception//​ of the two methods. The goal of the experiment was to evaluate and compare two types of risk-driven methods, namely, visual methods (CORAS) and textual methods (SREP) with respect to their //​effectiveness//​ in identifying threats and security requirements,​ and the //​participants’ perception//​ of the two methods.
Line 32: Line 32:
  
 ===== Results ===== ===== Results =====
-The main findings are that the visual method ​yields to identify ​more threats than textual ​one, while the textual one is slightly better to identify security requirementsThe difference in the number of threats identified with the two methods is statistically significant ​and participants’ interviews suggests that this is due to the difference in the artifacts used to model threats.  +  * //​Methods'​ effectiveness//​ 
-The visual method ​uses diagrams ​to represent threats while the textual method uses tables: diagrams help brainstorming on threats ​and thus yield participants to identify more threatsOn the contrary, the difference in the number of security requirements identified ​with the two methods ​is not statistically significant +Results show that visual method ​is more effective in identifying ​threats than textual ​methodThis is confirmed if we consider ​the //number of threats// identified with visual ​and textual methods across the task assigned ​to the groups. ​ Instead, with respect ​to //number of security requirements//,​ textual method is slightly more effective than 
-The textual ​method ​identified a slightly higher number ​of security requirements but this is not statistically significant. A possible explanation emerging from the interviews ​is that process supported ​by the textual method +the visual one in identifying security requirements
-offers ​systematic approach to identify security requirements+  * //​Methods'​ perception//​ 
-In addition, ​the visual method’s overall perception and intention ​to use are higher than for the textual ​method.+Participants’ //overall preference//​ is higher for visual ​than for textual ​method, while regarding ​to the perceived ease of use and the usefulness no statistically significant difference is proven by the experimentMoreover, in respect to the intention to use, the difference in participants’ perception is statistically significant in favour of the visual method.  
 +  * //​Qualitative Explanation//​ 
 +The different ​number of threats and security requirements identified ​can be likely explained by the differences between ​the two methods ​indicated by the participants during the interviews//Diagrams in visual ​method ​help brainstorming on the threats//, giving an overview ​of the possible threats, the threat scenarios and the assets, while the identification of threats in textual method ​is not facilitated by the use of tables as it is more difficult to link assets and threats. As suggested ​by the participants then, the identification of threats in textual method ​could be made easier if catalog of common threats was available.  
 +On the other side, //textual method is slightly more effective in eliciting security requirements//​ than visual ​approach because the order of steps in textual ​method ​process guides the analyst, while the same it seems not to hold for the visual ​method’s process.
 ===== Additional Material ===== ===== Additional Material =====
   * For additional information on the experimental design please see the {{:​research_activities:​experiments:​2013-seceng:​experiment-description.pdf|Experimental Protocol}}.   * For additional information on the experimental design please see the {{:​research_activities:​experiments:​2013-seceng:​experiment-description.pdf|Experimental Protocol}}.
   * For privacy reasons, at the beginning of the experiment a {{:​research_activities:​experiments:​2013-seceng:​consent-form-security-engineering.docx|Consent Form}} was administered to participants.  ​   * For privacy reasons, at the beginning of the experiment a {{:​research_activities:​experiments:​2013-seceng:​consent-form-security-engineering.docx|Consent Form}} was administered to participants.  ​
   * Participants'​ results have been assessed by methods and domain experts (see {{:​research_activities:​experiments:​2013-seceng:​evaluation_sheet.xlsx|Evaluation Score Sheet}}). ​   * Participants'​ results have been assessed by methods and domain experts (see {{:​research_activities:​experiments:​2013-seceng:​evaluation_sheet.xlsx|Evaluation Score Sheet}}). ​
 +  * 
 +
 +
 +**Data collected during the experiment are available upon request.**
   ​   ​
seceng-course-exp-2012.1404833692.txt.gz · Last modified: 2021/01/29 10:58 (external edit)