An Empirical Study on the Comprehensibility of Graphical Security Risk Models Based on Sequence Diagrams

Sammendrag

We report on an empirical study in which we evaluate the comprehensibility of graphical versus textual risk annotations in threat models based on sequence diagrams. The experiment was carried out on two separate groups where each group solved tasks related to either graphical or textual annotations. We also examined the efficiency of using these two annotations in terms of the average time each group spent per task. Our study reports that threat models with textual risk annotations are equally comprehensible to corresponding threat models with graphical risk annotations. With respect to efficiency, however, we found out that participants solving tasks related to the graphical annotations spent on average 23% less time per task.

Les publikasjonen

Kategori

Vitenskapelig artikkel

Oppdragsgiver

Research Council of Norway (RCN) / 236657

Språk

Engelsk

Forfatter(e)

Vetle Volden-Freberg
Gencer Erdogan

Institusjon(er)

SINTEF Digital / Sustainable Communication Technologies

År

2019

Publisert i

Lecture Notes in Computer Science (LNCS)

ISSN

0302-9743

Forlag

Springer

Årgang

11391

Side(r)

1 - 17

DOI

https://doi.org/10.1007/978-3-030-12143-3_1

Les fulltekst

https://hdl.handle.net/11250/2586246

Vis denne publikasjonen hos Cristin

Kontakt oss

Tjenester

Rapporter og publikasjoner

Forskningssenter og samarbeid

Karriere

Bærekraft

Institutter

Andre enheter

Ledelse og organisering

Om oss

Følg oss