Skip to main content
SpringerLink
Log in

Evaluation of a Security and Privacy Requirements Methodology Using the Physics of Notation

  • Conference paper
  • First Online:
Computer Security (SECPRE 2017, CyberICPS 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10683))

Abstract

Security and Privacy Requirements Methodologies are considered an important part of the development process of systems, especially for the ones that contain and process a large amount of critical information and inevitably needs to remain secure and thus, ensuring privacy. These methodologies provide techniques, methods, and norms for tackling security and privacy issues in Information Systems. In this process, the utilisation of effective, clear and understandable modelling languages with sufficient notation is of utmost importance, since the produced models are used not only among IT experts or among security specialists, but also for communication among various stakeholders, in business environments or among novices in an academic environment. This paper evaluates the effectiveness of a Security and Privacy Requirements Engineering methodology, namely Secure Tropos on the nine principles of the Theory of Notation. Our qualitative analysis revealed a partial satisfaction of these principles.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Alexander, C.: Notes on the Synthesis of Form, vol. 5. Harvard University Press, Cambridge (1964)

    Google Scholar 

  2. Avison, D., Fitzgerald, G.: Information Systems Development: Methodologies, Techniques and Tools. McGraw Hill, Maidenhead (2003)

    Google Scholar 

  3. Bar, M., Neta, M.: Humans prefer curved visual objects. Psychol. Sci. 17(8), 645–648 (2006)

    Article  Google Scholar 

  4. Bertin, J.: Semiology of Graphics: Diagrams, Networks, Maps (1983)

    Google Scholar 

  5. Blackwell, A., Green, T.: Cognitive dimensions of notations resource site (2009). http://www.cl.cam.ac.uk/afb21/CognitiveDimensions

  6. Butler, J., Holden, K., Lidwell, W.: Universal Principles of Design: A Cross-Disciplinary Reference (2003)

    Google Scholar 

  7. Caire, P., Genon, N., Heymans, P., Moody, D.L.: Visual notation design 2.0: towards user comprehensible requirements engineering notations. In: 2013 21st IEEE International Requirements Engineering Conference (RE), pp. 115–124. IEEE (2013)

    Google Scholar 

  8. DeMarco, T.: Structured Analysis and System Specification. Yourdon Press, Upper Saddle River (1979)

    Google Scholar 

  9. Gehlert, A., Esswein, W.: Toward a formal research framework for ontological analyses. Adv. Eng. Inform. 21(2), 119–131 (2007)

    Article  Google Scholar 

  10. Goolkasian, P.: Pictures, words, and sounds: from which format are we best able to reason? J. Gen. Psychol. 127(4), 439–459 (2000)

    Article  Google Scholar 

  11. Grady, B.: Object-Oriented Analysis and Design with Applications (1994)

    Google Scholar 

  12. Green, T.R.G., Petre, M.: Usability analysis of visual programming environments: a ‘cognitive dimensions’ framework. J. Vis.Lang. Comput. 7(2), 131–174 (1996)

    Article  Google Scholar 

  13. Green, T.R.: Cognitive dimensions of notations. In: People and Computers V, pp. 443–460 (1989)

    Google Scholar 

  14. Gurr, C.A.: Effective diagrammatic communication: syntactic, semantic and pragmatic issues. J. Vis. Lang. Comput. 10(4), 317–342 (1999)

    Article  Google Scholar 

  15. Harel, D.: On visual formalisms. Commun. ACM 31(5), 514–530 (1988)

    Article  MathSciNet  Google Scholar 

  16. Harel, D., Rumpe, B.: Meaningful modeling: what’s the semantics of “semantics”? Computer 37(10), 64–72 (2004)

    Article  Google Scholar 

  17. Hitchman, S.: The details of conceptual modelling notations are important-a comparison of relationship normative language. Commun. Assoc. Inf. Syst. 9(1), 10 (2002)

    Google Scholar 

  18. Irani, P., Ware, C.: Diagramming information structures using 3d perceptual primitives. ACM Transactions on Computer-Human Interaction (TOCHI) 10(1), 1–19 (2003)

    Article  Google Scholar 

  19. Kalyuga, S., Ayres, P., Chandler, P., Sweller, J.: The expertise reversal effect. Educ. Psychol. 38(1), 23–31 (2003)

    Article  Google Scholar 

  20. Kim, J., Kim, M., Park, S.: Goal and scenario based domain requirements analysis environment. J. Syst. Softw. 79(7), 926–938 (2006)

    Article  Google Scholar 

  21. von Klopp Lemon, A., von Klopp Lemon, O.: Constraint matching for diagram design: qualitative visual languages. In: Anderson, M., Cheng, P., Haarslev, V. (eds.) Diagrams 2000. LNCS (LNAI), vol. 1889, pp. 74–88. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44590-0_11

    Chapter  Google Scholar 

  22. Lankhorst, M.: Enterprise Architecture at Work: Modelling, Communication and Analysis. The Enterprise Engineering Series. Springer, Heidelberg (2009)

    Book  Google Scholar 

  23. Larkin, J.H., Simon, H.A.: Why a diagram is (sometimes) worth ten thousand words. Cogn. Sci. 11(1), 65–100 (1987)

    Article  Google Scholar 

  24. Mellado, D., Blanco, C., Sánchez, L.E., Fernández-Medina, E.: A systematic review of security requirements engineering. Comput. Stand. Interfaces 32(4), 153–165 (2010)

    Article  Google Scholar 

  25. Moody, D.: The “physics” of notations: toward a scientific basis for constructing visual notations in software engineering. IEEE Trans. Softw. Eng. 35(6), 756–779 (2009)

    Article  Google Scholar 

  26. Moody, D.L.: Complexity effects on end user understanding of data models: An experimental comparison of large data model representation methods. In: ECIS 2002 Proceedings, p. 10 (2002)

    Google Scholar 

  27. Mouratidis, H.: A natural extension of tropos methodology for modelling security (2002)

    Google Scholar 

  28. Mouratidis, H., Argyropoulos, N., Shei, S.: Security Requirements Engineering for Cloud Computing: The Secure Tropos Approach. Domain-Specific Conceptual Modeling: Concepts, Methods and Tools, pp. 357–380. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-39417-6_16

    Chapter  Google Scholar 

  29. Nordbotten, J.C., Crosby, M.E.: The effect of graphic style on data model interpretation. Inf. Syst. J. 9(2), 139–155 (1999)

    Article  Google Scholar 

  30. Opdahl, A.L., Henderson-Sellers, B.: Ontological evaluation of the uml using the Bunge-Wand-Weber model. Softw. Syst. Model. 1(1), 43–67 (2002)

    Google Scholar 

  31. Pavlidis, M., Islam, S.: Sectro: a case tool for modelling security in requirements engineering using secure tropos. In: CAiSE Forum, pp. 89–96 (2011)

    Google Scholar 

  32. Purchase, H.C., Carrington, D., Allder, J.A.: Empirical evaluation of aesthetics-based graph layout. Empirical Softw. Eng. 7(3), 233–255 (2002)

    Article  MATH  Google Scholar 

  33. Shanks, G., Darke, P.: Understanding corporate data models. Inf. Manage. 35(1), 19–30 (1999)

    Article  Google Scholar 

  34. Shanks, G., Tansley, E., Weber, R.: Using ontology to validate conceptual models. Commun. ACM 46(10), 85–89 (2003)

    Article  Google Scholar 

  35. Siau, K., Cao, Q.: Unified modeling language: a complexity analysis. J. Database Manage. (JDM) 12(1), 26–34 (2001)

    Article  Google Scholar 

  36. Wiegmann, D.A., Dansereau, D.F., McCagg, E.C., Rewey, K.L., Pitre, U.: Effects of knowledge map characteristics on information processing. Contemp. Educ. Psychol. 17(2), 136–155 (1992)

    Article  Google Scholar 

  37. Winn, W.: Encoding and retrieval of information in maps and diagrams. IEEE Trans. Prof. Commun. 33(3), 103–107 (1990)

    Article  Google Scholar 

  38. Yu, E., Liu, L., Mylopoulos, J.: A social ontology for integrating security and software engineering. In: Integrating Security and Software Engineering: Advances and Future Actions, pp. 70–105 (2006)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computing, Engineering and Mathematics, University of Brighton, Brighton, UK

    Vasiliki Diamantopoulou, Michalis Pavlidis & Haralambos Mouratidis

Authors
  1. Vasiliki Diamantopoulou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michalis Pavlidis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Haralambos Mouratidis
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vasiliki Diamantopoulou .

Editor information

Editors and Affiliations

  1. Norwegian University of Science and Technology, Gjøvik, Norway

    Sokratis K. Katsikas

  2. IMT Atlantique, Brest, France

    Frédéric Cuppens

  3. IMT Atlantique, Brest, France

    Nora Cuppens

  4. University of Piraeus, Piraeus, Greece

    Costas Lambrinoudakis

  5. University of the Aegean, Mytilene, Greece

    Christos Kalloniatis

  6. University of Toronto, Toronto, Ontario, Canada

    John Mylopoulos

  7. Georgia Institute of Technology, Atlanta, Georgia, USA

    Annie Antón

  8. University of the Aegean, Karlovassi, Greece

    Stefanos Gritzalis

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Diamantopoulou, V., Pavlidis, M., Mouratidis, H. (2018). Evaluation of a Security and Privacy Requirements Methodology Using the Physics of Notation. In: Katsikas, S., et al. Computer Security. SECPRE CyberICPS 2017 2017. Lecture Notes in Computer Science(), vol 10683. Springer, Cham. https://doi.org/10.1007/978-3-319-72817-9_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-72817-9_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-72816-2

  • Online ISBN: 978-3-319-72817-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation