Mitigating security threats using tactics and patterns

a controlled experiment

Gilberto Pedraza-García, René Noël, Santiago Matalonga, Hernán Astudillo, Eduardo B. Fernandez

Research output: Chapter in Book/Report/Conference proceedingConference contribution

7 Downloads (Pure)

Abstract

Security Patterns and Architectural Tactics are two well-known techniques for designing secure software systems. There is little or no empirical evidence on their relative effectiveness for security threats mitigation. This study presents MUA (Misuse activities + Patterns), an extension of misuse activities that incorporates patterns, and reports on a controlled comparison of this method that incorporate these techniques for threat mitigation with regard to MAST (Methodology for Applying Security Tactics) which already incorporates tactics. A simple Tsunami Alert System design was analyzed and modified by 40 undergraduate students, and significant difference was found for security threats mitigation (averaging 3.0 for Patterns versus 1.9 for Tactics, in a 1-to-5 scale). This result is contrary to previous results with professional subjects, leading us to believe that novices benefit more of detailed advice than of high-level concepts.

Original languageEnglish
Title of host publicationProccedings of the 10th European Conference on Software Architecture Workshops - ECSAW '16
Place of PublicationNew York
PublisherACM Press
Pages1-7
Number of pages7
ISBN (Print)9781450347815
DOIs
Publication statusPublished - 28 Nov 2016
Externally publishedYes

Fingerprint

Tsunamis
Systems analysis
Students
Experiments

Keywords

  • Fondecyt

Cite this

Pedraza-García, G., Noël, R., Matalonga, S., Astudillo, H., & Fernandez, E. B. (2016). Mitigating security threats using tactics and patterns: a controlled experiment. In Proccedings of the 10th European Conference on Software Architecture Workshops - ECSAW '16 (pp. 1-7). [37] New York: ACM Press. https://doi.org/10.1145/2993412.3007552
Pedraza-García, Gilberto ; Noël, René ; Matalonga, Santiago ; Astudillo, Hernán ; Fernandez, Eduardo B. / Mitigating security threats using tactics and patterns : a controlled experiment. Proccedings of the 10th European Conference on Software Architecture Workshops - ECSAW '16. New York : ACM Press, 2016. pp. 1-7
@inproceedings{6d9424d9d8fb4f7f870088670fc0e8cf,
title = "Mitigating security threats using tactics and patterns: a controlled experiment",
abstract = "Security Patterns and Architectural Tactics are two well-known techniques for designing secure software systems. There is little or no empirical evidence on their relative effectiveness for security threats mitigation. This study presents MUA (Misuse activities + Patterns), an extension of misuse activities that incorporates patterns, and reports on a controlled comparison of this method that incorporate these techniques for threat mitigation with regard to MAST (Methodology for Applying Security Tactics) which already incorporates tactics. A simple Tsunami Alert System design was analyzed and modified by 40 undergraduate students, and significant difference was found for security threats mitigation (averaging 3.0 for Patterns versus 1.9 for Tactics, in a 1-to-5 scale). This result is contrary to previous results with professional subjects, leading us to believe that novices benefit more of detailed advice than of high-level concepts.",
keywords = "Fondecyt",
author = "Gilberto Pedraza-Garc{\'i}a and Ren{\'e} No{\"e}l and Santiago Matalonga and Hern{\'a}n Astudillo and Fernandez, {Eduardo B.}",
year = "2016",
month = "11",
day = "28",
doi = "10.1145/2993412.3007552",
language = "English",
isbn = "9781450347815",
pages = "1--7",
booktitle = "Proccedings of the 10th European Conference on Software Architecture Workshops - ECSAW '16",
publisher = "ACM Press",
address = "United States",

}

Pedraza-García, G, Noël, R, Matalonga, S, Astudillo, H & Fernandez, EB 2016, Mitigating security threats using tactics and patterns: a controlled experiment. in Proccedings of the 10th European Conference on Software Architecture Workshops - ECSAW '16., 37, ACM Press, New York, pp. 1-7. https://doi.org/10.1145/2993412.3007552

Mitigating security threats using tactics and patterns : a controlled experiment. / Pedraza-García, Gilberto; Noël, René; Matalonga, Santiago; Astudillo, Hernán; Fernandez, Eduardo B.

Proccedings of the 10th European Conference on Software Architecture Workshops - ECSAW '16. New York : ACM Press, 2016. p. 1-7 37.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Mitigating security threats using tactics and patterns

T2 - a controlled experiment

AU - Pedraza-García, Gilberto

AU - Noël, René

AU - Matalonga, Santiago

AU - Astudillo, Hernán

AU - Fernandez, Eduardo B.

PY - 2016/11/28

Y1 - 2016/11/28

N2 - Security Patterns and Architectural Tactics are two well-known techniques for designing secure software systems. There is little or no empirical evidence on their relative effectiveness for security threats mitigation. This study presents MUA (Misuse activities + Patterns), an extension of misuse activities that incorporates patterns, and reports on a controlled comparison of this method that incorporate these techniques for threat mitigation with regard to MAST (Methodology for Applying Security Tactics) which already incorporates tactics. A simple Tsunami Alert System design was analyzed and modified by 40 undergraduate students, and significant difference was found for security threats mitigation (averaging 3.0 for Patterns versus 1.9 for Tactics, in a 1-to-5 scale). This result is contrary to previous results with professional subjects, leading us to believe that novices benefit more of detailed advice than of high-level concepts.

AB - Security Patterns and Architectural Tactics are two well-known techniques for designing secure software systems. There is little or no empirical evidence on their relative effectiveness for security threats mitigation. This study presents MUA (Misuse activities + Patterns), an extension of misuse activities that incorporates patterns, and reports on a controlled comparison of this method that incorporate these techniques for threat mitigation with regard to MAST (Methodology for Applying Security Tactics) which already incorporates tactics. A simple Tsunami Alert System design was analyzed and modified by 40 undergraduate students, and significant difference was found for security threats mitigation (averaging 3.0 for Patterns versus 1.9 for Tactics, in a 1-to-5 scale). This result is contrary to previous results with professional subjects, leading us to believe that novices benefit more of detailed advice than of high-level concepts.

KW - Fondecyt

U2 - 10.1145/2993412.3007552

DO - 10.1145/2993412.3007552

M3 - Conference contribution

SN - 9781450347815

SP - 1

EP - 7

BT - Proccedings of the 10th European Conference on Software Architecture Workshops - ECSAW '16

PB - ACM Press

CY - New York

ER -

Pedraza-García G, Noël R, Matalonga S, Astudillo H, Fernandez EB. Mitigating security threats using tactics and patterns: a controlled experiment. In Proccedings of the 10th European Conference on Software Architecture Workshops - ECSAW '16. New York: ACM Press. 2016. p. 1-7. 37 https://doi.org/10.1145/2993412.3007552