Empirical assessment of security requirements and architecture: lessons learned

First published in
Lecture notes in computer science  
Number in series
8431 LNSC
Start Page
35
End Page
64
Citation
Lecture Notes in Computer Science 8431: 35-64 (2014)
Publisher DOI
10.1007/978-3-319-07452-8_2
Scopus ID
2-s2.0-84924939676
Publisher
Springer
ISBN
978-3-319-07452-8
978-3-319-07451-1
Over the past three years, our groups at the University of Leuven and the University of Trento have been conducting a number of experimental studies. In particular, two common themes can be easily identified within our work. First, we have investigated the value of several threat modeling and risk assessment techniques. The second theme relates to the problem of preserving security over time, i.e., security evolution. Although the empirical results obtained in our studies are interesting on their own, the main goal of this chapter is to share our experience. The objective is to provide useful, hands-on insight on this type of research work so that the work of other researchers in the community would be facilitated. The contribution of this chapter is the discussion of the challenges we faced during our experimental work. Contextually, we also outline those solutions that worked out in our studies and could be reused in the field by other studies.
Subjects
Empirical research
Requirements
Security
Software architecture
DDC Class
004: Informatik