Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Assessing the Understandability and Acceptance of Attack-Defense Trees for Modelling Security Requirements

Giovanna Broccia, Maurice H. ter Beek, Alberto Lluch Lafuente, Paola Spoletini, Alessio Ferrari

TL;DR

This work empirically investigates the understandability and acceptance of Attack-Defense Trees (ADTs) as a graphical notation for security requirements. Using the Method Evaluation Model (MEM), the study separates performance-based measures (efficiency, effectiveness) from perception-based measures (PEOU, PU, ITU) and conducts an online study with $n=25$ participants, reporting that ADTs are largely understandable and perceived as easy to use and useful, with intention to adopt. Key findings include a strong link between perceived usefulness and intention to use, and a notable relationship between understandability in context and perceived ease of use, with overall understandability averaging around $0.76$ in effectiveness. The research provides empirical support for the practical viability of ADTs, contributes a replication package, and outlines future work to broaden participant diversity and compare ADTs against textual or alternative security-modelling approaches.

Abstract

Context and Motivation Attack-Defense Trees (ADTs) are a graphical notation used to model and assess security requirements. ADTs are widely popular, as they can facilitate communication between different stakeholders involved in system security evaluation, and they are formal enough to be verified, e.g., with model checkers. Question/Problem While the quality of this notation has been primarily assessed quantitatively, its understandability has never been evaluated despite being mentioned as a key factor for its success. Principal idea/Results In this paper, we conduct an experiment with 25 human subjects to assess the understandability and user acceptance of the ADT notation. The study focuses on performance-based variables and perception-based variables, with the aim of evaluating the relationship between these measures and how they might impact the practical use of the notation. The results confirm a good level of understandability of ADTs. Participants consider them useful, and they show intention to use them. Contribution This is the first study empirically supporting the understandability of ADTs, thereby contributing to the theory of security requirements engineering.

Assessing the Understandability and Acceptance of Attack-Defense Trees for Modelling Security Requirements

TL;DR

This work empirically investigates the understandability and acceptance of Attack-Defense Trees (ADTs) as a graphical notation for security requirements. Using the Method Evaluation Model (MEM), the study separates performance-based measures (efficiency, effectiveness) from perception-based measures (PEOU, PU, ITU) and conducts an online study with participants, reporting that ADTs are largely understandable and perceived as easy to use and useful, with intention to adopt. Key findings include a strong link between perceived usefulness and intention to use, and a notable relationship between understandability in context and perceived ease of use, with overall understandability averaging around in effectiveness. The research provides empirical support for the practical viability of ADTs, contributes a replication package, and outlines future work to broaden participant diversity and compare ADTs against textual or alternative security-modelling approaches.

Abstract

Context and Motivation Attack-Defense Trees (ADTs) are a graphical notation used to model and assess security requirements. ADTs are widely popular, as they can facilitate communication between different stakeholders involved in system security evaluation, and they are formal enough to be verified, e.g., with model checkers. Question/Problem While the quality of this notation has been primarily assessed quantitatively, its understandability has never been evaluated despite being mentioned as a key factor for its success. Principal idea/Results In this paper, we conduct an experiment with 25 human subjects to assess the understandability and user acceptance of the ADT notation. The study focuses on performance-based variables and perception-based variables, with the aim of evaluating the relationship between these measures and how they might impact the practical use of the notation. The results confirm a good level of understandability of ADTs. Participants consider them useful, and they show intention to use them. Contribution This is the first study empirically supporting the understandability of ADTs, thereby contributing to the theory of security requirements engineering.
Paper Structure (16 sections, 6 figures, 4 tables)

This paper contains 16 sections, 6 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Related Work.
  3. Attack-Defense Trees
  4. Method Evaluation and Technology Acceptance Model
  5. Study Design
  6. Variables, Research Questions, and Tests
  7. Acceptance and Understability Dimensions.
  8. Research Questions.
  9. Variables for Acceptance and Understandability.
  10. Hypothesis Testing.
  11. Study Phases
  12. Study Execution
  13. Participants.
  14. Results.
  15. Threats to Validity
  16. ...and 1 more sections

Figures (6)

  • Figure 1: ADT for theft of Mona Lisa.
  • Figure 2: Level of knowledge of ADTs.
  • Figure 3: Similar notations known.
  • Figure 4: Result for RQ2: boxplot of users' acceptance variables
  • Figure 5: Results for RQ3 and RQ4.
  • ...and 1 more figures