TU Darmstadt / ULB / TUbiblio

Expert Knowledge for Contextualized Warnings

Bartsch, Steffen and Volkamer, Melanie (2014):
Expert Knowledge for Contextualized Warnings.
[Report]

Abstract

Users are bothered by too many security warnings in a vari- ety of applications. To reduce the number of unnecessary warnings, de- velopers cannot continue to report technical security problems. Instead, they need to consider the actual risks of the context for the decision of whether and how to warn – contextualized warnings. For this risk assess- ment, developers need to encode expert knowledge. Given the number and complexity of the risks – for example, in Web browsing –, eliciting and encoding the expert knowledge is challenging. In this paper, we pro- pose a holistic methodology for an abstract risk assessment that builds upon prior concepts from risk management, such as decision trees. The result of the methodology is an abstract risk model – a model to as- sess the risk for the concrete context. In a case study, we show how this methodology can be applied to warnings in Web browsers.

Item Type: Report
Erschienen: 2014
Creators: Bartsch, Steffen and Volkamer, Melanie
Title: Expert Knowledge for Contextualized Warnings
Language: English
Abstract:

Users are bothered by too many security warnings in a vari- ety of applications. To reduce the number of unnecessary warnings, de- velopers cannot continue to report technical security problems. Instead, they need to consider the actual risks of the context for the decision of whether and how to warn – contextualized warnings. For this risk assess- ment, developers need to encode expert knowledge. Given the number and complexity of the risks – for example, in Web browsing –, eliciting and encoding the expert knowledge is challenging. In this paper, we pro- pose a holistic methodology for an abstract risk assessment that builds upon prior concepts from risk management, such as decision trees. The result of the methodology is an abstract risk model – a model to as- sess the risk for the concrete context. In a case study, we show how this methodology can be applied to warnings in Web browsers.

Uncontrolled Keywords: Security, Usability and Society;Secure Data
Divisions: LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
20 Department of Computer Science > SECUSO - Security, Usability and Society
20 Department of Computer Science > Theoretical Computer Science - Cryptography and Computer Algebra
Profile Areas > Cybersecurity (CYSEC)
LOEWE > LOEWE-Zentren
20 Department of Computer Science
Profile Areas
LOEWE
Date Deposited: 28 Jul 2016 18:35
Identification Number: TUD-CS-2014-0099
Related URLs:
Export:
Suche nach Titel in: TUfind oder in Google

Optionen (nur für Redakteure)

View Item View Item