Formative User-Centered Evaluation of Security Modeling-Reference-Cited by-同舟云学术

Formative User-Centered Evaluation of Security Modeling

Published:2012-01 Issue:1 Volume:3 Page:1-19
ISSN:1947-3036
Container-title:International Journal of Secure Software Engineering
language:en
Short-container-title:

Author:

Trösterer Sandra¹,Beck Elke¹,Dalpiaz Fabiano²,Paja Elda²,Giorgini Paolo²,Tscheligi Manfred¹

Affiliation:

1. University of Salzburg, Austria

2. University of Trento, Italy

Abstract

Developing a security modeling language is a complex activity. Particularly, it becomes very challenging for Security Requirements Engineering (SRE) languages where social/organizational concepts are used to represent high-level business aspects, while security aspects are typically expressed in a technical jargon at a lower level of abstraction. In order to reduce this socio-technical mismatch and reach a high quality outcome, appropriate evaluation techniques need to be chosen and carried out throughout the development process of the modeling language. In this article, the authors present and discuss the formative user-centered evaluation approach, namely an evaluation technique that starts since the early design stages and actively involves end-users. The authors demonstrate the approach in a real case study presenting the results of the evaluation. From the gained empirical evidence, we may conclude that formative user-centered evaluation is highly recommended to investigate any security modeling language.

Publisher

IGI Global

Subject

General Medicine

Reference31 articles.

1. Alves, A., Arkin, A., Askary, S., Barreto, C., Bloch, B., Curbera, F., et al. (Eds.). (2007). Web services business process execution language version 2.0. Retrieved from http://docs.oasis-open.org/wsbpel/2.0/CS01/wsbpel-v2.0-CS01.html

2. Tropos: An Agent-Oriented Software Development Methodology

3. Casati, F., Sayal, M., & Shan, M. (2001, June). Developing e-services for composing e-services. In K. Dittrich, A. Geppert, & M. Norrie (Eds.), Proceedings of the 13th International Conference on Advanced Information Systems Engineering, Interlaken, Switzerland (LNCS 2068, pp.171-186).

4. Dalpiaz, F., Paja, E., & Giorgini, P. (in press). Security requirements engineering via commitments. In Proceedings of the First Workshop on Socio-Technical Aspects in Security and Trust.

5. Devanbu, P. T., & Stubblebine, S. (2000). Software engineering for security: a roadmap. In Proceedings of the Conference on the Future of Software Engineering, Limerick, Ireland (pp. 227-239). New York, NY: ACM.

Cited by 8 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Designing Guided User Tasks in VR Embodied Experiences;Proceedings of the ACM on Human-Computer Interaction;2022-06-14

2. VDML4RS: a tool for reputation systems modeling and design;Proceedings of the 8th International Workshop on Social Software Engineering;2016-11-14

3. Schooladvise: Designing a Reputation System for Educational Services through Service Design and Business Modeling;2015 IEEE 12th International Conference on e-Business Engineering;2015-10

4. Modelling and reasoning about security requirements in socio-technical systems;Data & Knowledge Engineering;2015-07

5. Threat Analysis in Goal-Oriented Security Requirements Modelling;International Journal of Secure Software Engineering;2014-04