Extending the UML Statecharts Notation to Model Security Aspects

Mohamed El-Attar, Hamza Luqman, Peter Karpati, Guttorm Sindre, Andreas L. Opdahl

Research output: Contribution to journalArticlepeer-review

24 Scopus citations

Abstract

Model driven security has become an active area of research during the past decade. While many research works have contributed significantly to this objective by extending popular modeling notations to model security aspects, there has been little modeling support for state-based views of security issues. This paper undertakes a scientific approach to propose a new notational set that extends the UML (Unified Modeling Language) statecharts notation. An online industrial survey was conducted to measure the perceptions of the new notation with respect to its semantic transparency as well as its coverage of modeling state based security aspects. The survey results indicate that the new notation encompasses the set of semantics required in a state based security modeling language and was largely intuitive to use and understand provided very little training. A subject-based empirical evaluation using software engineering professionals was also conducted to evaluate the cognitive effectiveness of the proposed notation. The main finding was that the new notation is cognitively more effective than the original notational set of UML statecharts as it allowed the subjects to read models created using the new notation much quicker.

Original languageEnglish
Article number7042284
Pages (from-to)661-690
Number of pages30
JournalIEEE Transactions on Software Engineering
Volume41
Issue number7
DOIs
StatePublished - 1 Jul 2015

Bibliographical note

Publisher Copyright:
© 1976-2012 IEEE.

Keywords

  • Extended Notation
  • Industrial Survey
  • Security Modeling
  • Statecharts
  • Subject-Based Experiment

ASJC Scopus subject areas

  • Software

Fingerprint

Dive into the research topics of 'Extending the UML Statecharts Notation to Model Security Aspects'. Together they form a unique fingerprint.

Cite this