Expert Knowledge for Contextualized Warnings
2014 (English)Report (Other academic)
Users are bothered by too many security warnings in a vari- ety of applications. To reduce the number of unnecessary warnings, de- velopers cannot continue to report technical security problems. Instead, they need to consider the actual risks of the context for the decision of whether and how to warn – contextualized warnings. For this risk assess- ment, developers need to encode expert knowledge. Given the number and complexity of the risks – for example, in Web browsing –, eliciting and encoding the expert knowledge is challenging. In this paper, we pro- pose a holistic methodology for an abstract risk assessment that builds upon prior concepts from risk management, such as decision trees. The result of the methodology is an abstract risk model – a model to as- sess the risk for the concrete context. In a case study, we show how this methodology can be applied to warnings in Web browsers.
Place, publisher, year, edition, pages
Technische Universität Darmstadt , 2014.
Research subject Computer Science
IdentifiersURN: urn:nbn:se:kau:diva-47231OAI: oai:DiVA.org:kau-47231DiVA: diva2:1051252