An Empirical Study on the Comprehensibility of Graphical Security Risk Models Based on Sequence Diagrams
Journal article, Peer reviewed
Accepted version
Date
2019Metadata
Show full item recordCollections
- Publikasjoner fra CRIStin - SINTEF AS [5667]
- SINTEF Digital [2415]
Original version
Lecture Notes in Computer Science. 2019, LNCS (11391), 1-17. 10.1007/978-3-030-12143-3_1Abstract
We report on an empirical study in which we evaluate the comprehensibility of graphical versus textual risk annotations in threat models based on sequence diagrams. The experiment was carried out on two separate groups where each group solved tasks related to either graphical or textual annotations. We also examined the efficiency of using these two annotations in terms of the average time each group spent per task. Our study reports that threat models with textual risk annotations are equally comprehensible to corresponding threat models with graphical risk annotations. With respect to efficiency, however, we found out that participants solving tasks related to the graphical annotations spent on average 23% less time per task. An Empirical Study on the Comprehensibility of Graphical Security Risk Models Based on Sequence Diagrams