Bartsch, Steffen ; Volkamer, Melanie (2014)
Expert Knowledge for Contextualized Warnings.
Report, Bibliographie
Kurzbeschreibung (Abstract)
Users are bothered by too many security warnings in a vari- ety of applications. To reduce the number of unnecessary warnings, de- velopers cannot continue to report technical security problems. Instead, they need to consider the actual risks of the context for the decision of whether and how to warn – contextualized warnings. For this risk assess- ment, developers need to encode expert knowledge. Given the number and complexity of the risks – for example, in Web browsing –, eliciting and encoding the expert knowledge is challenging. In this paper, we pro- pose a holistic methodology for an abstract risk assessment that builds upon prior concepts from risk management, such as decision trees. The result of the methodology is an abstract risk model – a model to as- sess the risk for the concrete context. In a case study, we show how this methodology can be applied to warnings in Web browsers.
| Typ des Eintrags: | Report |
|---|---|
| Erschienen: | 2014 |
| Autor(en): | Bartsch, Steffen ; Volkamer, Melanie |
| Art des Eintrags: | Bibliographie |
| Titel: | Expert Knowledge for Contextualized Warnings |
| Sprache: | Englisch |
| Publikationsjahr: | Mai 2014 |
| Zugehörige Links: | |
| Kurzbeschreibung (Abstract): | Users are bothered by too many security warnings in a vari- ety of applications. To reduce the number of unnecessary warnings, de- velopers cannot continue to report technical security problems. Instead, they need to consider the actual risks of the context for the decision of whether and how to warn – contextualized warnings. For this risk assess- ment, developers need to encode expert knowledge. Given the number and complexity of the risks – for example, in Web browsing –, eliciting and encoding the expert knowledge is challenging. In this paper, we pro- pose a holistic methodology for an abstract risk assessment that builds upon prior concepts from risk management, such as decision trees. The result of the methodology is an abstract risk model – a model to as- sess the risk for the concrete context. In a case study, we show how this methodology can be applied to warnings in Web browsers. |
| Freie Schlagworte: | Security, Usability and Society;Secure Data |
| ID-Nummer: | TUD-CS-2014-0099 |
| Fachbereich(e)/-gebiet(e): | LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt 20 Fachbereich Informatik > SECUSO - Security, Usability and Society 20 Fachbereich Informatik > Theoretische Informatik - Kryptographie und Computeralgebra Profilbereiche > Cybersicherheit (CYSEC) LOEWE > LOEWE-Zentren 20 Fachbereich Informatik Profilbereiche LOEWE |
| Hinterlegungsdatum: | 28 Jul 2016 18:35 |
| Letzte Änderung: | 30 Mai 2018 12:53 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum