Towards Security Requirements: Iconicity as a Feature of an Informal Modeling Language

Research Area: Uncategorized Year: 2017
Type of Publication: In Proceedings Keywords: Requirements elicitation and analysis, Cyber-physical networks, Security requirements, Electrical network, Smart Grid, Experiments
Authors: Alexandr Vasenev; Dan Ionita; Tommaso Zoppi; Andrea Ceccarelli; Roel Wieringa
Editor: CEUR-WS Volume: 1796
Book title: 3rd International Workshop on Requirements Engineering for Self-Adaptive & Cyber Physical Systems (RESACS)
Self-adaptive systems need to be designed with respect to threats within their operating conditions. Identifying such threats during the design phase can benefit from the involvement of stakeholders. Using a system model, the stakeholders, who may neither be IT experts nor security experts, can identify threats as a first step towards formulating security requirements. The modeling language might possess adequate features to support this task. This paper investigates how iconic signs as a feature of an informal modeling language can contribute to eliciting security requirements by non-experts. Taking urban grid as a case, we relate benefits and specifics of using iconic signs to the two modeling challenges: i) reducing the cognitive complexity required to understand and model a system by non-experts, and ii) facilitating the threat identification activity using a system model. Outputs of three experiments suggest that iconic signs do assists in addressing the challenges.
Full text: iconicity.pdf

Resilient Computing Lab, 2011

Joomla - Realizzazione siti web