2010 | OriginalPaper | Buchkapitel
Idea: Reusability of Threat Models – Two Approaches with an Experimental Evaluation
verfasst von : Per Håkon Meland, Inger Anne Tøndel, Jostein Jensen
Erschienen in: Engineering Secure Software and Systems
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
To support software developers in addressing security, we encourage to take advantage of reusable threat models for knowledge sharing and to achieve a general increase in efficiency and quality. This paper presents a controlled experiment with a qualitative evaluation of two approaches supporting threat modelling - reuse of categorised misuse case stubs and reuse of full misuse case diagrams. In both approaches, misuse case threats were coupled with attack trees to give more insight on the attack techniques and how to mitigate them through security use cases. Seven professional software developers from two European software companies took part in the experiment. Participants were able to identify threats and mitigations they would not have identified otherwise. They also reported that both approaches were easy to learn, seemed to improve productivity and that using them were likely to improve their own skills and confidence in the results.