Towards Security Requirements: Iconicity as a Feature of an Informal Modeling Language

Vasenev, Alexandr; Ionita, Dan; Zoppi, Tommaso; Ceccarelli, Andrea; Wieringa, Roel

Login

Towards Security Requirements: Iconicity as a Feature of an Informal Modeling Language

BibTex:
Research Area:	Uncategorized	Year:	2017
Type of Publication:	In Proceedings	Keywords:	Requirements elicitation and analysis, Cyber-physical networks, Security requirements, Electrical network, Smart Grid, Experiments
Authors:	Alexandr Vasenev; Dan Ionita; Tommaso Zoppi; Andrea Ceccarelli; Roel Wieringa
Editor:	CEUR-WS	Volume:	1796
Book title:	3rd International Workshop on Requirements Engineering for Self-Adaptive & Cyber Physical Systems (RESACS)





@conference{RESACS2017, author = "Vasenev, Alexandr and Ionita, Dan and Zoppi, Tommaso and Ceccarelli, Andrea and Wieringa, Roel", abstract = "Self-adaptive systems need to be designed with respect to threats within their operating conditions. Identifying such threats during the design phase can benefit from the involvement of stakeholders. Using a system model, the stakeholders, who may neither be IT experts nor security experts, can identify threats as a first step towards formulating security requirements. The modeling language might possess adequate features to support this task. This paper investigates how iconic signs as a feature of an informal modeling language can contribute to eliciting security requirements by non-experts. Taking urban grid as a case, we relate benefits and specifics of using iconic signs to the two modeling challenges: i) reducing the cognitive complexity required to understand and model a system by non-experts, and ii) facilitating the threat identification activity using a system model. Outputs of three experiments suggest that iconic signs do assists in addressing the challenges.", booktitle = "3rd International Workshop on Requirements Engineering for Self-Adaptive {\&} Cyber Physical Systems (RESACS)", editor = "CEUR-WS", keywords = "Requirements elicitation and analysis, Cyber-physical networks, Security requirements, Electrical network, Smart Grid, Experiments", title = " {T}owards {S}ecurity {R}equirements: {I}conicity as a {F}eature of an {I}nformal {M}odeling {L}anguage", url = "http://ceur-ws.org/Vol-1796/resacs-paper-2.pdf", volume = "1796", year = "2017", }
Abstract:	Self-adaptive systems need to be designed with respect to threats within their operating conditions. Identifying such threats during the design phase can benefit from the involvement of stakeholders. Using a system model, the stakeholders, who may neither be IT experts nor security experts, can identify threats as a first step towards formulating security requirements. The modeling language might possess adequate features to support this task. This paper investigates how iconic signs as a feature of an informal modeling language can contribute to eliciting security requirements by non-experts. Taking urban grid as a case, we relate benefits and specifics of using iconic signs to the two modeling challenges: i) reducing the cognitive complexity required to understand and model a system by non-experts, and ii) facilitating the threat identification activity using a system model. Outputs of three experiments suggest that iconic signs do assists in addressing the challenges.
Full text: iconicity.pdf Online version

[ Back ]