Towards security requirements: Iconicity as a feature of an informal modeling language

Alexandr Vasenev; Dan Ionita; Tomasso Zoppi; Andrea Ceccarelli; Roelf J. Wieringa

Towards security requirements: Iconicity as a feature of an informal modeling language

Alexandr Vasenev, Dan Ionita, Tomasso Zoppi, Andrea Ceccarelli, Roelf J. Wieringa

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

2 Citations (Scopus)

19 Downloads (Pure)

Abstract

Self-adaptive systems need to be designed with respect to threats within their operating conditions. Identifying such threats during the design phase can benefit from the involvement of stakeholders. Using a system model, the stakeholders, who may neither be IT experts nor security experts, can identify threats as a first step towards formulating security requirements. To support it, the modeling language might possess adequate features to support this task. This paper investigates how iconic signs as a feature of an informal modeling language can contribute to eliciting security requirements by non-experts. Taking urban grid as a case, we relate benefits and specifics of using iconic signs to the two modeling challenges: i) reducing the cognitive complexity required to understand and model a system by non-experts, and ii) facilitating the threat identification activity using a system model. Outputs of three experiments suggest that iconic signs do assists in addressing the challenges.

Original language	English
Title of host publication	CEUR Workshop Proceedings
Place of Publication	RWTH Aachen
Publisher	CEUR
Pages	1-15
Number of pages	15
Volume	1796
Publication status	Published - 2017
Event	23rd International Working Conference on Requirements Engineering: Foundation for Software Quality 2017 - Essen, Germany Duration: 27 Feb 2017 → 2 Mar 2017 Conference number: 23 https://refsq.org/2017/welcome/

Publication series

Name	CEUR Workshop Proceedings
Publisher	RWTH Aachen
Volume	1796
ISSN (Print)	1613-0073

Conference

Conference	23rd International Working Conference on Requirements Engineering: Foundation for Software Quality 2017
Abbreviated title	REFSQ 2017
Country	Germany
City	Essen
Period	27/02/17 → 2/03/17
Internet address	https://refsq.org/2017/welcome/

Keywords

EC Grant Agreement nr.: FP7/318003
EWI-27732
SCS-Cybersecurity
Experiments
Security Requirements
Cyber-physical networks
Electrical network
Requirements elicitation and analysis
Smart Grid
IR-103393

Access to Document

iconicity
open

http://www.ceur-ws.org/Vol-1796/resacs-paper-2.pdf

Cite this

@inproceedings{f65c73295bfe4da9b3db3a1fa62c8031,

title = "Towards security requirements: Iconicity as a feature of an informal modeling language",

abstract = "Self-adaptive systems need to be designed with respect to threats within their operating conditions. Identifying such threats during the design phase can benefit from the involvement of stakeholders. Using a system model, the stakeholders, who may neither be IT experts nor security experts, can identify threats as a first step towards formulating security requirements. To support it, the modeling language might possess adequate features to support this task. This paper investigates how iconic signs as a feature of an informal modeling language can contribute to eliciting security requirements by non-experts. Taking urban grid as a case, we relate benefits and specifics of using iconic signs to the two modeling challenges: i) reducing the cognitive complexity required to understand and model a system by non-experts, and ii) facilitating the threat identification activity using a system model. Outputs of three experiments suggest that iconic signs do assists in addressing the challenges.",

keywords = "EC Grant Agreement nr.: FP7/318003, EWI-27732, SCS-Cybersecurity, Experiments, Security Requirements, Cyber-physical networks, Electrical network, Requirements elicitation and analysis, Smart Grid, IR-103393",

author = "Alexandr Vasenev and Dan Ionita and Tomasso Zoppi and Andrea Ceccarelli and Wieringa, {Roelf J.}",

year = "2017",

language = "English",

volume = "1796",

series = "CEUR Workshop Proceedings",

publisher = "CEUR",

pages = "1--15",

booktitle = "CEUR Workshop Proceedings",

note = "23rd International Working Conference on Requirements Engineering: Foundation for Software Quality 2017, REFSQ 2017 ; Conference date: 27-02-2017 Through 02-03-2017",

url = "https://refsq.org/2017/welcome/",

}

Vasenev, A, Ionita, D, Zoppi, T, Ceccarelli, A & Wieringa, RJ 2017, Towards security requirements: Iconicity as a feature of an informal modeling language. in CEUR Workshop Proceedings. vol. 1796, CEUR Workshop Proceedings, vol. 1796, CEUR, RWTH Aachen, pp. 1-15, 23rd International Working Conference on Requirements Engineering: Foundation for Software Quality 2017, Essen, Germany, 27/02/17. <http://www.ceur-ws.org/Vol-1796/resacs-paper-2.pdf>

Towards security requirements: Iconicity as a feature of an informal modeling language. / Vasenev, Alexandr; Ionita, Dan; Zoppi, Tomasso; Ceccarelli, Andrea; Wieringa, Roelf J.

CEUR Workshop Proceedings. Vol. 1796 RWTH Aachen : CEUR, 2017. p. 1-15 (CEUR Workshop Proceedings; Vol. 1796).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Towards security requirements: Iconicity as a feature of an informal modeling language

AU - Vasenev, Alexandr

AU - Ionita, Dan

AU - Zoppi, Tomasso

AU - Ceccarelli, Andrea

AU - Wieringa, Roelf J.

N1 - Conference code: 23

PY - 2017

Y1 - 2017

N2 - Self-adaptive systems need to be designed with respect to threats within their operating conditions. Identifying such threats during the design phase can benefit from the involvement of stakeholders. Using a system model, the stakeholders, who may neither be IT experts nor security experts, can identify threats as a first step towards formulating security requirements. To support it, the modeling language might possess adequate features to support this task. This paper investigates how iconic signs as a feature of an informal modeling language can contribute to eliciting security requirements by non-experts. Taking urban grid as a case, we relate benefits and specifics of using iconic signs to the two modeling challenges: i) reducing the cognitive complexity required to understand and model a system by non-experts, and ii) facilitating the threat identification activity using a system model. Outputs of three experiments suggest that iconic signs do assists in addressing the challenges.

AB - Self-adaptive systems need to be designed with respect to threats within their operating conditions. Identifying such threats during the design phase can benefit from the involvement of stakeholders. Using a system model, the stakeholders, who may neither be IT experts nor security experts, can identify threats as a first step towards formulating security requirements. To support it, the modeling language might possess adequate features to support this task. This paper investigates how iconic signs as a feature of an informal modeling language can contribute to eliciting security requirements by non-experts. Taking urban grid as a case, we relate benefits and specifics of using iconic signs to the two modeling challenges: i) reducing the cognitive complexity required to understand and model a system by non-experts, and ii) facilitating the threat identification activity using a system model. Outputs of three experiments suggest that iconic signs do assists in addressing the challenges.

KW - EC Grant Agreement nr.: FP7/318003

KW - EWI-27732

KW - SCS-Cybersecurity

KW - Experiments

KW - Security Requirements

KW - Cyber-physical networks

KW - Electrical network

KW - Requirements elicitation and analysis

KW - Smart Grid

KW - IR-103393

M3 - Conference contribution

VL - 1796

T3 - CEUR Workshop Proceedings

SP - 1

EP - 15

BT - CEUR Workshop Proceedings

PB - CEUR

CY - RWTH Aachen

T2 - 23rd International Working Conference on Requirements Engineering: Foundation for Software Quality 2017

Y2 - 27 February 2017 through 2 March 2017

ER -

Towards security requirements: Iconicity as a feature of an informal modeling language

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this