Towards security requirements: Iconicity as a feature of an informal modeling language

Alexandr Vasenev, Dan Ionita, Tomasso Zoppi, Andrea Ceccarelli, Roelf J. Wieringa

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    2 Citations (Scopus)
    19 Downloads (Pure)

    Abstract

    Self-adaptive systems need to be designed with respect to threats within their operating conditions. Identifying such threats during the design phase can benefit from the involvement of stakeholders. Using a system model, the stakeholders, who may neither be IT experts nor security experts, can identify threats as a first step towards formulating security requirements. To support it, the modeling language might possess adequate features to support this task. This paper investigates how iconic signs as a feature of an informal modeling language can contribute to eliciting security requirements by non-experts. Taking urban grid as a case, we relate benefits and specifics of using iconic signs to the two modeling challenges: i) reducing the cognitive complexity required to understand and model a system by non-experts, and ii) facilitating the threat identification activity using a system model. Outputs of three experiments suggest that iconic signs do assists in addressing the challenges.
    Original languageEnglish
    Title of host publicationCEUR Workshop Proceedings
    Place of PublicationRWTH Aachen
    PublisherCEUR
    Pages1-15
    Number of pages15
    Volume1796
    Publication statusPublished - 2017
    Event23rd International Working Conference on Requirements Engineering: Foundation for Software Quality 2017 - Essen, Germany
    Duration: 27 Feb 20172 Mar 2017
    Conference number: 23
    https://refsq.org/2017/welcome/

    Publication series

    NameCEUR Workshop Proceedings
    PublisherRWTH Aachen
    Volume1796
    ISSN (Print)1613-0073

    Conference

    Conference23rd International Working Conference on Requirements Engineering: Foundation for Software Quality 2017
    Abbreviated titleREFSQ 2017
    CountryGermany
    CityEssen
    Period27/02/172/03/17
    Internet address

    Keywords

    • EC Grant Agreement nr.: FP7/318003
    • EWI-27732
    • SCS-Cybersecurity
    • Experiments
    • Security Requirements
    • Cyber-physical networks
    • Electrical network
    • Requirements elicitation and analysis
    • Smart Grid
    • IR-103393

    Fingerprint

    Dive into the research topics of 'Towards security requirements: Iconicity as a feature of an informal modeling language'. Together they form a unique fingerprint.

    Cite this