Assessing the Understandability of Attack-Defense Trees for Modelling Security Requirements: an Experimental Investigation (REFSQ 2024 - Research Track)

Who

Giovanna Broccia, Maurice ter Beek, Alberto Lluch Lafuente, Paola Spoletini, Alessio Ferrari, Guntur Budi Herwanto

Track

REFSQ 2024 Research Track

Time Zone

The program is currently displayed in (GMT+02:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna.

Use conference time zone: (GMT+02:00) Amsterdam, Berlin, Bern, Rome, Stockholm, ViennaSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Tue 9 Apr 2024 16:00 - 16:40 at Vorhangsaal Conference room MA-E0.46 - Quality Requirements (R6) Chair(s): Emilio Insfran

Abstract

Context and Motivation: Attack-Defense Trees (ADTs) are a graphical notation used to model and assess security requirements. ADTs are widely popular, as they can facilitate communication between different stakeholders involved in system security evaluation, and they are formal enough to be verified, e.g., with model checkers. Question/Problem: While the quality of this notation has been primarily assessed quantitatively, its understandability has never been evaluated, despite being mentioned as a key factor for its success. Principal idea/Results: In this paper, we conduct an experiment with human subjects to assess the understandability and user acceptance of the ADT notation. The study focuses on performance-based variables and perception-based variables, with the aim of evaluating the relationship between these measures and how they might impact the practical use of the notation. The results confirm the general understandability of ADTs, as well as the intention to use them. Contribution: This is the first study that empirically confirms the understandability of ADTs, thereby contributing to theory in security requirements engineering.

File attachments

Assessing the Understandability of Attack-Defense Trees for Modelling Security Requirements: an Experimental Investigation (Attack_Defense_Tree_Comprehensibility_Study___REFSQ__proceedings_.pdf)	905KiB

Giovanna BrocciaPresenter

ISTI-CNR, FMT Lab

Italy

Maurice ter BeekAuthor

ISTI-CNR, Pisa, Italy

Alberto Lluch LafuenteAuthor

Technical University of Denmark

Denmark

Paola SpoletiniAuthor

Kennesaw State University

United States

Alessio FerrariAuthor

CNR-ISTI

Italy

Guntur Budi HerwantoDiscussant

Universitas Gadjah Mada

Indonesia