To main content

Quality Evaluation of the CORAS UmL Profile

Abstract

This report contains an evaluation of the CORAS UML profile and consists og two parts:Modeling a benchmarking test called ""the core security risk scenarios"" using the CORAS UML profileAssessing the quality og the CORAS UML profile using a quality evaluation framework for modeling languages.The results shows that it was possible to model almost all the information in the core security risk scenarios with the CORAS UML profile. However, being able to express the core security risk scenarios is not sufficient. The diagrams are characterized by duplication of information, and information that is spread out over several diagrams which makes it difficult to get an overview.In the quality evaluation the CORAS UML profile has been found to include the main security analyses concepts and modeling perspectives, and therefor have a high domain appropriateness factor. It benefits from being based on a well-known and widely used modeling language for which several tools are available. The quality evaluation shows that the main weakness of the UML profile are related to its graphical symbols and and diagram types.The symbols do not always conforme to best practice within symbol design. Some of the diagrams are more confusing than they are explanatory, and they require a substancial effort from the modeler.  

Oppdragsgiver: Norges Forskningsråd

Category

Report

Client

  • SINTEF AS / 40332800

Language

English

Author(s)

Affiliation

  • SINTEF Digital / Software and Service Innovation

Year

2007

Publisher

SINTEF

Issue

A2199

ISBN

9788214040685

View this publication at Cristin