Security Modeling and Tool Support Advantages

Abstract

Security modeling is an important part of software security, especially when it comes to making security knowledge more easily accessible. The purpose of this paper is to give an overview of some of the current approaches to graphical security modeling and present an initial study related to benefits of tool support.Our working hypothesis is that specialized security modeling tools will substantially outperform more general, prevailing tools, and we have sought indications of evidence for this claim. The study consisted of the following steps; (1) Investigate state-of-the-art security modeling formalisms and tools, (2) Select a security modeling formalism for further analysis and implement dedicated tool support for it, (3) Perform testing related to usability and performance aspects, comparing the tool to a general purpose drawing/modeling tool, and (4) Compare and analyze the results. The study included ten test subjects with a similar background and education, and we got clear indications that our hypothesis is valid.