We report on an empirical study in which we evaluate the comprehensibility of graphical versus textual risk annotations in threat models based on sequence diagrams. The experiment was carried out on two separate groups where each group solved tasks related to either graphical or textual annotations. We also examined the efficiency of using these two annotations in terms of the average time each group spent per task. Our study reports that threat models with textual risk annotations are equally comprehensible to corresponding threat models with graphical risk annotations. With respect to efficiency, however, we found out that participants solving tasks related to the graphical annotations spent on average $$23\%$$ less time per task.
CITATION STYLE
Volden-Freberg, V., & Erdogan, G. (2019). An Empirical Study on the Comprehensibility of Graphical Security Risk Models Based on Sequence Diagrams. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 11391 LNCS, pp. 1–17). Springer Verlag. https://doi.org/10.1007/978-3-030-12143-3_1
Mendeley helps you to discover research relevant for your work.