Abstract
Security and Privacy Requirements Methodologies are considered an important part of the development process of systems, especially for the ones that contain and process a large amount of critical information and inevitably needs to remain secure and thus, ensuring privacy. These methodologies provide techniques, methods, and norms for tackling security and privacy issues in Information Systems. In this process, the utilisation of effective, clear and understandable modelling languages with sufficient notation is of utmost importance, since the produced models are used not only among IT experts or among security specialists, but also for communication among various stakeholders, in business environments or among novices in an academic environment. This paper evaluates the effectiveness of a Security and Privacy Requirements Engineering methodology, namely Secure Tropos on the nine principles of the Theory of Notation. Our qualitative analysis revealed a partial satisfaction of these principles.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alexander, C.: Notes on the Synthesis of Form, vol. 5. Harvard University Press, Cambridge (1964)
Avison, D., Fitzgerald, G.: Information Systems Development: Methodologies, Techniques and Tools. McGraw Hill, Maidenhead (2003)
Bar, M., Neta, M.: Humans prefer curved visual objects. Psychol. Sci. 17(8), 645–648 (2006)
Bertin, J.: Semiology of Graphics: Diagrams, Networks, Maps (1983)
Blackwell, A., Green, T.: Cognitive dimensions of notations resource site (2009). http://www.cl.cam.ac.uk/afb21/CognitiveDimensions
Butler, J., Holden, K., Lidwell, W.: Universal Principles of Design: A Cross-Disciplinary Reference (2003)
Caire, P., Genon, N., Heymans, P., Moody, D.L.: Visual notation design 2.0: towards user comprehensible requirements engineering notations. In: 2013 21st IEEE International Requirements Engineering Conference (RE), pp. 115–124. IEEE (2013)
DeMarco, T.: Structured Analysis and System Specification. Yourdon Press, Upper Saddle River (1979)
Gehlert, A., Esswein, W.: Toward a formal research framework for ontological analyses. Adv. Eng. Inform. 21(2), 119–131 (2007)
Goolkasian, P.: Pictures, words, and sounds: from which format are we best able to reason? J. Gen. Psychol. 127(4), 439–459 (2000)
Grady, B.: Object-Oriented Analysis and Design with Applications (1994)
Green, T.R.G., Petre, M.: Usability analysis of visual programming environments: a ‘cognitive dimensions’ framework. J. Vis.Lang. Comput. 7(2), 131–174 (1996)
Green, T.R.: Cognitive dimensions of notations. In: People and Computers V, pp. 443–460 (1989)
Gurr, C.A.: Effective diagrammatic communication: syntactic, semantic and pragmatic issues. J. Vis. Lang. Comput. 10(4), 317–342 (1999)
Harel, D.: On visual formalisms. Commun. ACM 31(5), 514–530 (1988)
Harel, D., Rumpe, B.: Meaningful modeling: what’s the semantics of “semantics”? Computer 37(10), 64–72 (2004)
Hitchman, S.: The details of conceptual modelling notations are important-a comparison of relationship normative language. Commun. Assoc. Inf. Syst. 9(1), 10 (2002)
Irani, P., Ware, C.: Diagramming information structures using 3d perceptual primitives. ACM Transactions on Computer-Human Interaction (TOCHI) 10(1), 1–19 (2003)
Kalyuga, S., Ayres, P., Chandler, P., Sweller, J.: The expertise reversal effect. Educ. Psychol. 38(1), 23–31 (2003)
Kim, J., Kim, M., Park, S.: Goal and scenario based domain requirements analysis environment. J. Syst. Softw. 79(7), 926–938 (2006)
von Klopp Lemon, A., von Klopp Lemon, O.: Constraint matching for diagram design: qualitative visual languages. In: Anderson, M., Cheng, P., Haarslev, V. (eds.) Diagrams 2000. LNCS (LNAI), vol. 1889, pp. 74–88. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44590-0_11
Lankhorst, M.: Enterprise Architecture at Work: Modelling, Communication and Analysis. The Enterprise Engineering Series. Springer, Heidelberg (2009)
Larkin, J.H., Simon, H.A.: Why a diagram is (sometimes) worth ten thousand words. Cogn. Sci. 11(1), 65–100 (1987)
Mellado, D., Blanco, C., Sánchez, L.E., Fernández-Medina, E.: A systematic review of security requirements engineering. Comput. Stand. Interfaces 32(4), 153–165 (2010)
Moody, D.: The “physics” of notations: toward a scientific basis for constructing visual notations in software engineering. IEEE Trans. Softw. Eng. 35(6), 756–779 (2009)
Moody, D.L.: Complexity effects on end user understanding of data models: An experimental comparison of large data model representation methods. In: ECIS 2002 Proceedings, p. 10 (2002)
Mouratidis, H.: A natural extension of tropos methodology for modelling security (2002)
Mouratidis, H., Argyropoulos, N., Shei, S.: Security Requirements Engineering for Cloud Computing: The Secure Tropos Approach. Domain-Specific Conceptual Modeling: Concepts, Methods and Tools, pp. 357–380. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-39417-6_16
Nordbotten, J.C., Crosby, M.E.: The effect of graphic style on data model interpretation. Inf. Syst. J. 9(2), 139–155 (1999)
Opdahl, A.L., Henderson-Sellers, B.: Ontological evaluation of the uml using the Bunge-Wand-Weber model. Softw. Syst. Model. 1(1), 43–67 (2002)
Pavlidis, M., Islam, S.: Sectro: a case tool for modelling security in requirements engineering using secure tropos. In: CAiSE Forum, pp. 89–96 (2011)
Purchase, H.C., Carrington, D., Allder, J.A.: Empirical evaluation of aesthetics-based graph layout. Empirical Softw. Eng. 7(3), 233–255 (2002)
Shanks, G., Darke, P.: Understanding corporate data models. Inf. Manage. 35(1), 19–30 (1999)
Shanks, G., Tansley, E., Weber, R.: Using ontology to validate conceptual models. Commun. ACM 46(10), 85–89 (2003)
Siau, K., Cao, Q.: Unified modeling language: a complexity analysis. J. Database Manage. (JDM) 12(1), 26–34 (2001)
Wiegmann, D.A., Dansereau, D.F., McCagg, E.C., Rewey, K.L., Pitre, U.: Effects of knowledge map characteristics on information processing. Contemp. Educ. Psychol. 17(2), 136–155 (1992)
Winn, W.: Encoding and retrieval of information in maps and diagrams. IEEE Trans. Prof. Commun. 33(3), 103–107 (1990)
Yu, E., Liu, L., Mylopoulos, J.: A social ontology for integrating security and software engineering. In: Integrating Security and Software Engineering: Advances and Future Actions, pp. 70–105 (2006)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this paper
Cite this paper
Diamantopoulou, V., Pavlidis, M., Mouratidis, H. (2018). Evaluation of a Security and Privacy Requirements Methodology Using the Physics of Notation. In: Katsikas, S., et al. Computer Security. SECPRE CyberICPS 2017 2017. Lecture Notes in Computer Science(), vol 10683. Springer, Cham. https://doi.org/10.1007/978-3-319-72817-9_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-72817-9_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-72816-2
Online ISBN: 978-3-319-72817-9
eBook Packages: Computer ScienceComputer Science (R0)