Vis enkel innførsel

dc.contributor.authorMeland, Per Håkon
dc.contributor.authorBernsmed, Karin
dc.contributor.authorFrøystad, Christian
dc.contributor.authorLi, Jingyue
dc.contributor.authorSindre, Guttorm
dc.date.accessioned2020-03-18T10:02:42Z
dc.date.available2020-03-18T10:02:42Z
dc.date.created2019-06-18T08:57:25Z
dc.date.issued2019
dc.identifier.citationLecture Notes in Computer Science. 2019, 11387 173-191.nb_NO
dc.identifier.issn0302-9743
dc.identifier.urihttp://hdl.handle.net/11250/2647342
dc.descriptionPostprint version of published article. The final publication is available at Springer via http://dx.doi.org/10.1007/978-3-030-12786-2_11nb_NO
dc.description.abstractBow-tie analysis includes a graphical representation for depicting threats and consequences related to unwanted events, and shows how preventive and reactive barriers can provide control over such situations. This kind of analysis has traditionally been used to elicit requirements for safety and reliability engineering, but as a consequence of the ever-increasing coupling between the cyber and physical world, security has become an additional concern. Through a controlled experiment, we provide evidence that the expressiveness of the bow-tie notation is suitable for this purpose as well. Our results show that a sample population of graduate students, inexperienced in security modelling, perform similarly as security experts when we have a well-defined scope and familiar target system/situation. We also demonstrate that misuse case diagrams should be regarded as more of a complementary than competing modelling technique.nb_NO
dc.language.isoengnb_NO
dc.publisherSpringernb_NO
dc.subjectBow-tie analysisnb_NO
dc.subjectRequirements elicitationnb_NO
dc.subjectControlled experimentnb_NO
dc.subjectDigital examsnb_NO
dc.titleAn experimental evaluation of bow-tie analysis for cybersecurity requirementsnb_NO
dc.typeJournal articlenb_NO
dc.typePeer reviewednb_NO
dc.description.versionacceptedVersionnb_NO
dc.source.pagenumber173-191nb_NO
dc.source.volume11387nb_NO
dc.source.journalLecture Notes in Computer Sciencenb_NO
dc.identifier.doi10.1007/978-3-030-12786-2_11
dc.identifier.cristin1705500
cristin.unitcode7401,90,13,0
cristin.unitnameSoftware Engineering, Safety and Security
cristin.ispublishedtrue
cristin.qualitycode1


Tilhørende fil(er)

Thumbnail

Denne innførselen finnes i følgende samling(er)

Vis enkel innførsel