Abstract
In general, diagrams and text are both considered to have their advantages and disadvantages for the representation of use case models, but this is rarely investigated experimentally. This paper describes a controlled experiment where we compare safety hazard identification by means of misuse cases based on use case diagrams and textual use cases. The experiment participants found use case diagrams and textual use cases equally easy to use. In most cases those who used textual use cases were able to identify more failure modes or threats. The main reason for this seems to be that use cases encourage analysts to specifically focus on threats related to the functions mentioned in the use case, and textual use cases include more functional details than diagrams. The focus is decided by information in each use case which will thus decide the number of threats identified.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Firesmith, D.G.: Engineering Safety Requirements, Safety Constraints, and Safety-Critical Requirements. Journal of Object Technology, 3, 27–42 (2004)
McDermott, J., Fox, C.: Using Abuse Case Models for Security Requirements Analysis. In: 15th Annual Computer Security Applications Conference (ACSAC 1999). IEEE Computer Soceity Press, Los Alamitos (1999)
Leveson, N.G.: Safeware: System Safety and Computers. Addison-Wesley, Boston (1995)
Lutz, R.R.: Software Engineering for Safety: A Roadmap. In: Finkelstein, A. (ed.) The Future of Software Engineering, pp. 213–226. ACM Press, New York (2000)
Sindre, G., Opdahl, A.L.: Eliciting Security Requirements with Misuse Cases. Requirements Engineering 10, 34–44 (2005)
Alexander, I.F.: Initial Industrial Experience of Misuse Cases in Trade-Off Analysis. In: Pohl, K. (ed.) 10th Anniversary IEEE Joint International Requirements Engineering Conference (RE 2002), Essen, Germany, 9-13 September. IEEE, Los Alamitos (2002)
Alexander, I.F.: Misuse Cases, Use Cases with Hostile Intent. IEEE Software 20, 58–66 (2003)
Sindre, G.: A look at misuse cases for safety concerns. In: ME 2007, Geneva, Switzerland. IFIP. Springer, Heidelberg (2007)
Stålhane, T., Sindre, G.: A comparison of two approaches to safety analysis based on use cases. In: ER 2007, Auckland, New Zealand. LNCS. Springer, Heidelberg (2007)
Stamatis, D.H.: Failure Mode and Effect Analysis: FMEA from theory to execution. American Society fbor Quality (ASQ), Milwaukee, Wisconsin (1995)
Achour-Salinesi, C.B., Rolland, C., Maiden, N.A.M., Souveyet, C.: Guiding Use Case Authoring: Results from an Empirical Study. In: 4th International Symposium on Requirements Engineering (RE 1999), 7-11 June, pp. 36–43. IEEE, Los Alamitos (1999)
Cox, K., Phalp, K.: Replicating the CREWS Use Case Authoring Guidelines Experiment. Empirical Software Engineering 5, 245–267 (2000)
Anda, B., Sjøberg, D.I.K., Jørgensen, M.: Quality and Understandability of Use Case Models. In: Knudsen, J.L. (ed.) ECOOP 2001. LNCS, vol. 2072, pp. 402–428. Springer, Heidelberg (2001)
Anda, B., Sjøberg, D.I.K.: Investigating the Role of Use Cases in the Construction of Class Diagrams. Empirical Software Engineering 10, 285–309 (2005)
Thelin, T., Runeson, P., Regnell, B.: Usage-based reading: an experiment to guide reviewers with use cases. Information & Software Technology 43, 925–938 (2001)
Cox, K., Aurum, A., Jeffery, D.R.: An Experiment in Inspecting the Quality of Use Case Descriptions. Journal of Research and Practice in Information Technology 36, 211–229 (2004)
Bernardez, B., Genero, M., Duran, A., Toro, M.: A Controlled Experiment for Evaluating a Metric-Based Reading Technique for Requirements Inspection. In: 10th International Symposium on Software Metrics (METRICS 2004), 11-17 September, pp. 257–268. IEEE, Los Alamitos (2004)
Batra, D., Hoffer, J.A., Bostrom, R.P.: Comparing Representations with Relational and EER Models. Communications of the ACM 33, 126–139 (1990)
Cheng, P.C.-H.: Why Diagrams Are (Sometimes) Six Times Easier than Words: Benefits beyond Locational Indexing. In: Blackwell, A.F., Marriott, K., Shimojima, A. (eds.) Diagrams 2004. LNCS (LNAI), vol. 2980, pp. 242–254. Springer, Heidelberg (2004)
Larkin, J.H., Simon, H.A.: Why a Diagram is (Sometimes) Worth Ten Thousand Words. Cognitive Science 11 (1987)
Boekelder, A., Steehouder, M.: Selecting and Switching: Some Advantages of Diagrams over Tables and Lists for Presenting Instructions. IEEE Transactions on Professional Communication 41, 229–241 (1998)
Allmendinger, L.: Diagrams and Design Tools in Context. ACM SIGDOC Asterisk Journal of Computer Documentation 18, 25–41 (1994)
Coll, R.A., Coll, J.H., Thakur, G.: Graphs and tables: a four factor experiment. Communications of the ACM 37, 77–84 (1994)
Jacobson, I., Christerson, M., Jonsson, P., Overgaard, G.: Object-Oriented Software Engineering: A Use Case Driven Approach. Addison-Wesley, Boston (1992)
Cockburn, A.: Writing Effective Use Cases. Addison-Wesley, Boston (2001)
Wirfs-Brock, R.: Designing Scenarios: Making the Case for a Use Case Framework. The Smalltalk Report, vol. 3 (1993)
Bertin, J.: Semiology of Graphics: Diagrams, Networks, Maps. University of Wisconsin Press, Madison (1983)
Cheng, P.C.-H., Simon, H.A.: Scientific Discovery and Creative Reasoning with Diagrams. In: Smith, S., et al. (eds.) The Creative Cognition Approach, pp. 205–228. MIT Press, Cambridge (1995)
Davis, F.D., Bagozzi, R.P., Warshaw, P.R.: User Acceptance of Computer Technology: A Comparison of Two Theoretical Models. Management Science 35, 982–1003 (1989)
Tukey, J.W.: Data analysis and behavioral science or learning to bear the quantitative’s man burden by shunning badmandments. In: Jones, L.W. (ed.) The Collected Works of John W. Tukey, Wadsworth, Monterey, CA, vol. III, pp. 187–389 (1986)
Heldal, R.: Use cases are more than System Operations. In: 2nd International Workshop on Use Case Modelling (WUsCaM-2005), Montego Bay, Jamaica, October 2-7 (2005)
Wohlin, C., Runeson, P., Höst, M., Ohlsson, M.C., Regnell, B., Wesslén, A.: Experimentation in Software Engineering: An Introduction. Kluwer Academic, Norwell (2000)
Runeson, P.: Using Students as Experiment Subjects – An Analysis on Graduate and Freshmen Student Data. In: Linkman, S. (ed.) 7th International Conference on Empirical Assessment & Evaluation in Software Engineering (EASE 2003), Keele University, Staffordshire, UK, 8-10 April, pp. 95–102 (2003)
Arisholm, E., Sjøberg, D.I.K.: Evaluating the Effect of a Delegated versus Centralized Control Style on the Maintainability of Object-oriented Software. IEEE Transactions on Software Engineering 30, 521–534 (2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Stålhane, T., Sindre, G. (2008). Safety Hazard Identification by Misuse Cases: Experimental Comparison of Text and Diagrams. In: Czarnecki, K., Ober, I., Bruel, JM., Uhl, A., Völter, M. (eds) Model Driven Engineering Languages and Systems. MODELS 2008. Lecture Notes in Computer Science, vol 5301. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-87875-9_50
Download citation
DOI: https://doi.org/10.1007/978-3-540-87875-9_50
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-87874-2
Online ISBN: 978-3-540-87875-9
eBook Packages: Computer ScienceComputer Science (R0)