An Exploratory Study of Why UMLsec Is Not Adopted

Shouki Ebad

doi:10.5220/0010821400003120

An Exploratory Study of Why UMLsec Is Not Adopted

Shouki Ebad

2022

Abstract

UMLsec is an extended UML-based secure modelling profile. It has been applied at the phase of the software design and architecture. Although it appeared over two decades ago and been integrated into some tools, how extensively it has been adopted or used by the software security community is questionable. This paper employs social science methodologies to fill this gap. The contribution of this study is to find the reasons affecting the UMLsec adoption by software practitioners and researchers and their proposals to increase this adoption. As a result, only 13% of the sample uses UMLsec. In addition, four problems preventing the use of UMLsec, (1) using a pattern-driven security methodology rather than UMLsec (2) agile supportability; agile process reduces the design and architecture documentation including UML diagram (3) UMLsec standardization and tooling is still questionable (4) the awareness and training on use UMLsec are weak. The study also presented proposals for UMLsec improvement, in particular (1) simplifying the notations to apply UMLsec in many fields (2) raising awareness (e.g., demonstrating practical examples to the interested people). The paper discussed the threats to the validity of the study and suggested open issues for future research.

Download

Paper Citation

in Harvard Style

Ebad S. (2022). An Exploratory Study of Why UMLsec Is Not Adopted. In Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-553-1, pages 357-364. DOI: 10.5220/0010821400003120

in Bibtex Style

@conference{icissp22,
author={Shouki Ebad},
title={An Exploratory Study of Why UMLsec Is Not Adopted},
booktitle={Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2022},
pages={357-364},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010821400003120},
isbn={978-989-758-553-1},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - An Exploratory Study of Why UMLsec Is Not Adopted
SN - 978-989-758-553-1
AU - Ebad S.
PY - 2022
SP - 357
EP - 364
DO - 10.5220/0010821400003120