G. Pedraza-Garcia, René Noël, S. Matalonga, H. Astudillo, E. Fernández
{"title":"使用策略和模式减轻安全威胁:一个受控实验","authors":"G. Pedraza-Garcia, René Noël, S. Matalonga, H. Astudillo, E. Fernández","doi":"10.1145/2993412.3007552","DOIUrl":null,"url":null,"abstract":"Security Patterns and Architectural Tactics are two well-known techniques for designing secure software systems. There is little or no empirical evidence on their relative effectiveness for security threats mitigation. This study presents MUA (Misuse activities + Patterns), an extension of misuse activities that incorporates patterns, and reports on a controlled comparison of this method that incorporate these techniques for threat mitigation with regard to MAST (Methodology for Applying Security Tactics) which already incorporates tactics. A simple Tsunami Alert System design was analyzed and modified by 40 undergraduate students, and significant difference was found for security threats mitigation (averaging 3.0 for Patterns versus 1.9 for Tactics, in a 1-to-5 scale). This result is contrary to previous results with professional subjects, leading us to believe that novices benefit more of detailed advice than of high-level concepts.","PeriodicalId":409631,"journal":{"name":"Proccedings of the 10th European Conference on Software Architecture Workshops","volume":"32 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-11-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Mitigating security threats using tactics and patterns: a controlled experiment\",\"authors\":\"G. Pedraza-Garcia, René Noël, S. Matalonga, H. Astudillo, E. Fernández\",\"doi\":\"10.1145/2993412.3007552\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Security Patterns and Architectural Tactics are two well-known techniques for designing secure software systems. There is little or no empirical evidence on their relative effectiveness for security threats mitigation. This study presents MUA (Misuse activities + Patterns), an extension of misuse activities that incorporates patterns, and reports on a controlled comparison of this method that incorporate these techniques for threat mitigation with regard to MAST (Methodology for Applying Security Tactics) which already incorporates tactics. A simple Tsunami Alert System design was analyzed and modified by 40 undergraduate students, and significant difference was found for security threats mitigation (averaging 3.0 for Patterns versus 1.9 for Tactics, in a 1-to-5 scale). This result is contrary to previous results with professional subjects, leading us to believe that novices benefit more of detailed advice than of high-level concepts.\",\"PeriodicalId\":409631,\"journal\":{\"name\":\"Proccedings of the 10th European Conference on Software Architecture Workshops\",\"volume\":\"32 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-11-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proccedings of the 10th European Conference on Software Architecture Workshops\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2993412.3007552\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proccedings of the 10th European Conference on Software Architecture Workshops","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2993412.3007552","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Mitigating security threats using tactics and patterns: a controlled experiment
Security Patterns and Architectural Tactics are two well-known techniques for designing secure software systems. There is little or no empirical evidence on their relative effectiveness for security threats mitigation. This study presents MUA (Misuse activities + Patterns), an extension of misuse activities that incorporates patterns, and reports on a controlled comparison of this method that incorporate these techniques for threat mitigation with regard to MAST (Methodology for Applying Security Tactics) which already incorporates tactics. A simple Tsunami Alert System design was analyzed and modified by 40 undergraduate students, and significant difference was found for security threats mitigation (averaging 3.0 for Patterns versus 1.9 for Tactics, in a 1-to-5 scale). This result is contrary to previous results with professional subjects, leading us to believe that novices benefit more of detailed advice than of high-level concepts.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
