Models of software systems are used throughout the software development lifecycle. Dataflow diagrams (DFDs), in particular, are well-established resources for security analysis. Many techniques, such as threat modelling, are based on DFDs of the analysed application. However, their impact on the performance of analysts in a security analysis setting has not been explored before. In this paper, we present the findings of an empirical experiment conducted to investigate this effect. Following a within-groups design, participants were asked to solve security-relevant tasks for a given microservice application. In the control condition, the participants had to examine the source code manually. In the model-supported condition, they were additionally provided a DFD of the analysed application and traceability information linking model items to artefacts in source code. We found that the participants (n = 24) performed significantly better in answering the analysis tasks correctly in the model-supported condition (41% increase in analysis correctness). Further, participants who reported using the provided traceability information performed better in giving evidence for their answers (315% increase in correctness of evidence). Finally, we identified three open challenges of using DFDs for security analysis based on the insights gained in the experiment.

翻译：软件系统模型贯穿于软件开发全生命周期。数据流图（DFDs）作为安全分析中的成熟资源，是威胁建模等多种技术的基础。然而，在安全分析场景中，数据流图对分析人员表现的影响此前尚未被探索。本文报告了一项旨在探究该效应的实证实验结果。采用组内设计，参与者需针对给定微服务应用完成安全相关任务。在控制条件下，参与者需手动审查源代码；在模型支持下，他们额外获得所分析应用的数据流图及将模型元素关联至源代码工件的可追溯性信息。研究发现，参与者（n=24）在模型支持条件下正确解答分析任务的性能显著提升（分析正确率提升41%）。此外，报告使用可追溯性信息的参与者为答案提供证据的表现更优（证据正确率提升315%）。最终，基于实验启示，本文识别出将数据流图用于安全分析的三项未决挑战。