An experimental evaluation of bow-tie analysis for cybersecurity requirements

Sammendrag

Bow-tie analysis includes a graphical representation for depicting threats and consequences related to unwanted events, and shows how preventive and reactive barriers can provide control over such situations. This kind of analysis has traditionally been used to elicit requirements for safety and reliability engineering, but as a consequence of the ever-increasing coupling between the cyber and physical world, security has become an additional concern. Through a controlled experiment, we provide evidence that the expressiveness of the bow-tie notation is suitable for this purpose as well. Our results show that a sample population of graduate students, inexperienced in security modelling, perform similarly as security experts when we have a well-defined scope and familiar target system/situation. We also demonstrate that misuse case diagrams should be regarded as more of a complementary than competing modelling technique.

Les publikasjonen

Kategori

Vitenskapelig artikkel

Språk

Engelsk

Forfatter(e)

Per Håkon Meland
Karin Bernsmed
Christian Frøystad
Jingyue Li
Guttorm Sindre

Institusjon(er)

SINTEF Digital / Software Engineering, Safety and Security
Norges teknisk-naturvitenskapelige universitet

År

2019

Publisert i

Lecture Notes in Computer Science (LNCS)

ISSN

0302-9743

Årgang

11387

Side(r)

173 - 191

DOI

https://doi.org/10.1007/978-3-030-12786-2_11

Les fulltekst

https://hdl.handle.net/11250/2626339

Vis denne publikasjonen hos Nasjonalt Vitenarkiv

Kontakt oss

Tjenester

Rapporter og publikasjoner

Forskningssenter og samarbeid

Karriere

Bærekraft

Institutter

Andre enheter

Ledelse og organisering

Om oss

Følg oss