Skip to main content
SpringerLink
Log in

Increasing Software Security by Using Mental Models

  • Conference paper
  • First Online:
Advances in Human Factors in Cybersecurity

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 501))

Abstract

Cybercrime is a global problem and the economic damages are enormous (Center for Strategic and International Studies. http://csis.org/ [1]). Identifying reasons for software vulnerabilities is an important issue with some researchers assuming software developers to be part of the problem. As most developers aren’t security experts they create insecure and thus vulnerable software. To avoid this, a tool that supports software developers in dealing with security issues should be developed. This work uses the structure formation technique (Scheele et al. in Dialog-Konsens-Methoden zur Rekonstruktion Subjektiver Theorien: die Heidelberger Struktur-Lege-Technik (SLT) (1988) [2]) as a first step to develop the mental models of software developers when dealing with security measures. A core definition of mental models is compiled and the results of a pilot study deliver valuable information for the supporting tool. In further research the developed mental models of novices’ (software developers) should be compared with the mental models of security experts. On this basis the reliability of the novices’ mental models can be reviewed and occurring problems identified.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Center for Strategic and International Studies. http://csis.org/

  2. Scheele, B., Groeben, N.: Dialog-Konsens-Methoden zur Rekonstruktion Subjektiver Theorien: die Heidelberger Struktur-Lege-Technik (SLT), konsuale Ziel-Mittel-Argumentation und kommunikative Flußdiagramm-Beschreibung von Handlungen (1988)

    Google Scholar 

  3. Bravo-Lillo, C., Cranor, L., Downs, J., Komanduri, S.: Bridging the gap in computer security warnings: a mental model approach. Secur. Priv. IEEE. 1–1 (2011)

    Google Scholar 

  4. Egelman, S., Cranor, L.F., Hong, J.: You’ve been warned: an empirical study of the effectiveness of web browser phishing warnings. In: Proceeding of the Twenty-Sixth Annual SIGCHI Conference on Human Factors In Computing Systems, pp. 1065–1074 (2008)

    Google Scholar 

  5. De Win, B., Piessens, F., Joosen, W., Verhanneman, T.: On the importance of the separation-of-concerns principle in secure software engineering. In: Workshop on the Application of Engineering Principles to System Security Design, pp. 1–10 (2002)

    Google Scholar 

  6. Viega, J., McGraw, G.: Building Secure Software: How to Avoid Security Problems the Right Way. Pearson Education (2001)

    Google Scholar 

  7. Die Lage der IT-Sicherheit in Deutschland - Lagebericht2015.pdf. https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Lageberichte/Lagebericht2015.pdf?__blob=publicationFile

  8. Kriha, W., Schmitz, R.: Internet-Security aus Software-Sicht: Grundlagen der Software-Erstellung für sicherheitskritische Bereiche. Springer (2008)

    Google Scholar 

  9. Nandico, O.: Effizientere Software-Entwicklung durch Industrialisierung der Prozesse. In: SEUH, pp. 3–8 (2011)

    Google Scholar 

  10. Prasad, A.V.K.: Architecture for improving security in web environment. In: Sreedhar, G. (ed.) Design Solutions for Improving Website Quality and Effectiveness, p. 316. IGI Global (2016)

    Google Scholar 

  11. Besnard, D., Arief, B.: Computer security impaired by legitimate users. Comput. Secur. 23, 253–264 (2004)

    Article  Google Scholar 

  12. Butz, A., Krüger, A.: Mensch-Maschine-Interaktion. Oldenbourg Wissenschaftsverlag, München (2014)

    Book  Google Scholar 

  13. Kujala, S.: User involvement: a review of the benefits and challenges. Behav. Inf. Technol. 22, 1–16 (2003)

    Article  Google Scholar 

  14. Bekker, M., Long, J.: User involvement in the design of human—computer interactions: Some similarities and differences between design approaches. In: People and Computers XIV—Usability or Else! pp. 135–147. Springer (2000)

    Google Scholar 

  15. Noyes, J.M., Starr, A.F., Frankish, C.R.: User involvement in the early stages of the development of an aircraft warning system. Behav. Inf. Technol. 15, 67–75 (1996)

    Article  Google Scholar 

  16. Van Boven, L., Thompson, L.: A look into the mind of the negotiator: mental models in negotiation. Group Process. Intergroup Relat. 6, 387–404 (2003)

    Article  Google Scholar 

  17. Craik, K.J.W.: The nature of explanation. Cambridge University Press, Cambridge (1943)

    Google Scholar 

  18. Doyle, J.K., Ford, D.N., Radzicki, M.J., Trees, W.S.: Mental models of dynamic systems. In: Barlas, Y. (ed.) System Dynamics and Integrated Modeling. EOLSS Publishers, Oxford (2012)

    Google Scholar 

  19. Gottschling, V.: Visual imagery, mental models, and reasoning. Adv. Psychol. 138, 211–235 (2006)

    Article  Google Scholar 

  20. Hemforth, B., Konieczny, L.: Language processing: construction of mental models or more? Adv. Psychol. 138, 189–204 (2006)

    Article  Google Scholar 

  21. van Deurzen, K., Horváth, I., Vroom, R.: Defining the phenomenon of mental models for critical events. In: Proceedings of CIE. American Society of Mechanical Engineers, Portland, Oregon (2013)

    Google Scholar 

  22. Jones, N.A., Ross, H., Lynam, T., Perez, P., Leitch, A.: Mental models: an interdisciplinary synthesis of theory and methods. Ecol. Soc. 16, 46 (2011)

    Google Scholar 

  23. Young, I.: Mental models: aligning design strategy with human behavior. Rosenfeld Media, Brooklyn (2008)

    Google Scholar 

  24. Held, C., Knauff, M., Vosgerau, G.: General introduction: current developments in cognitive psychology, neuroscience, and the philosophy of mind. Adv. Psychol. 138, 5–22 (2006)

    Article  Google Scholar 

  25. Rouse, W.B., Morris, N.M.: On looking into the black box: prospects and limits in the search for mental models. Psychol. Bull. 100, 349 (1986)

    Article  Google Scholar 

  26. Norman, D.A.: Some observations on mental models. Ment. Models. 7, 7–14 (1983)

    Google Scholar 

  27. Schilling, T.: Mentale Modelle der Benutzer von Fahrerinformationssysteme. http://edoc.hu-berlin.de/docserv/docviews/abstract.php?id=29520 (2008)

  28. Dutke, S.: Mentale modelle: Konstrukte des Wissens und Verstehens. VAP Gött (1994)

    Google Scholar 

  29. Schütze, S., Streule, R., Läge, D.: Warum klassische Evaluation oftmals nicht ausreicht-eine Studie zur Ermittlung der Bedeutsamkeit Mentaler Modelle als Evaluationsmethode. Waxmann Verlag (2011)

    Google Scholar 

  30. Bach, N.: Mentale Modelle als Basis von Implementierungsstrategien. Konzepte Für Ein Erfolgreiches Change Manag, Wiesb (2000)

    Book  Google Scholar 

  31. Langan-Fox, J., Code, S., Langfield-Smith, K.: Team mental models: Techniques, methods, and analytic approaches. Hum. Factors J. Hum. Factors Ergon. Soc. 42, 242–271 (2000)

    Google Scholar 

  32. Dresing, T., Pehl, T.: Praxisbuch Interview & Transkription. Regelsysteme und Anleitungen für qualitative ForscherInnen. dr dresing & pehl GmbH, Marburg (2012)

    Google Scholar 

  33. Software für Qualitative Datenanalyse | MAXQDA (Win & Mac OS X). http://www.maxqda.de/

  34. Meboldt, M.: Mentale und formale Modellbildung in der Produktentstehung: als Beitrag zum integrierten Produktentstehungs-Modell (iPeM) (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institut für Arbeitswissenschaft, Technische Universität Darmstadt, Otto-Berndt-Str. 2, 64287, Darmstadt, Germany

    Heike Märki, Miriam Maas, Michaela Kauer-Franz & Marius Oberle

Authors
  1. Heike Märki
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Miriam Maas
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Michaela Kauer-Franz
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Marius Oberle
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Heike Märki .

Editor information

Editors and Affiliations

  1. Soar Technology, Inc. , Orlando, USA

    Denise Nicholson

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Märki, H., Maas, M., Kauer-Franz, M., Oberle, M. (2016). Increasing Software Security by Using Mental Models. In: Nicholson, D. (eds) Advances in Human Factors in Cybersecurity. Advances in Intelligent Systems and Computing, vol 501. Springer, Cham. https://doi.org/10.1007/978-3-319-41932-9_29

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-41932-9_29

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-41931-2

  • Online ISBN: 978-3-319-41932-9

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation