Abstract
Cybercrime is a global problem and the economic damages are enormous (Center for Strategic and International Studies. http://csis.org/ [1]). Identifying reasons for software vulnerabilities is an important issue with some researchers assuming software developers to be part of the problem. As most developers aren’t security experts they create insecure and thus vulnerable software. To avoid this, a tool that supports software developers in dealing with security issues should be developed. This work uses the structure formation technique (Scheele et al. in Dialog-Konsens-Methoden zur Rekonstruktion Subjektiver Theorien: die Heidelberger Struktur-Lege-Technik (SLT) (1988) [2]) as a first step to develop the mental models of software developers when dealing with security measures. A core definition of mental models is compiled and the results of a pilot study deliver valuable information for the supporting tool. In further research the developed mental models of novices’ (software developers) should be compared with the mental models of security experts. On this basis the reliability of the novices’ mental models can be reviewed and occurring problems identified.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Center for Strategic and International Studies. http://csis.org/
Scheele, B., Groeben, N.: Dialog-Konsens-Methoden zur Rekonstruktion Subjektiver Theorien: die Heidelberger Struktur-Lege-Technik (SLT), konsuale Ziel-Mittel-Argumentation und kommunikative Flußdiagramm-Beschreibung von Handlungen (1988)
Bravo-Lillo, C., Cranor, L., Downs, J., Komanduri, S.: Bridging the gap in computer security warnings: a mental model approach. Secur. Priv. IEEE. 1–1 (2011)
Egelman, S., Cranor, L.F., Hong, J.: You’ve been warned: an empirical study of the effectiveness of web browser phishing warnings. In: Proceeding of the Twenty-Sixth Annual SIGCHI Conference on Human Factors In Computing Systems, pp. 1065–1074 (2008)
De Win, B., Piessens, F., Joosen, W., Verhanneman, T.: On the importance of the separation-of-concerns principle in secure software engineering. In: Workshop on the Application of Engineering Principles to System Security Design, pp. 1–10 (2002)
Viega, J., McGraw, G.: Building Secure Software: How to Avoid Security Problems the Right Way. Pearson Education (2001)
Die Lage der IT-Sicherheit in Deutschland - Lagebericht2015.pdf. https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Lageberichte/Lagebericht2015.pdf?__blob=publicationFile
Kriha, W., Schmitz, R.: Internet-Security aus Software-Sicht: Grundlagen der Software-Erstellung für sicherheitskritische Bereiche. Springer (2008)
Nandico, O.: Effizientere Software-Entwicklung durch Industrialisierung der Prozesse. In: SEUH, pp. 3–8 (2011)
Prasad, A.V.K.: Architecture for improving security in web environment. In: Sreedhar, G. (ed.) Design Solutions for Improving Website Quality and Effectiveness, p. 316. IGI Global (2016)
Besnard, D., Arief, B.: Computer security impaired by legitimate users. Comput. Secur. 23, 253–264 (2004)
Butz, A., Krüger, A.: Mensch-Maschine-Interaktion. Oldenbourg Wissenschaftsverlag, München (2014)
Kujala, S.: User involvement: a review of the benefits and challenges. Behav. Inf. Technol. 22, 1–16 (2003)
Bekker, M., Long, J.: User involvement in the design of human—computer interactions: Some similarities and differences between design approaches. In: People and Computers XIV—Usability or Else! pp. 135–147. Springer (2000)
Noyes, J.M., Starr, A.F., Frankish, C.R.: User involvement in the early stages of the development of an aircraft warning system. Behav. Inf. Technol. 15, 67–75 (1996)
Van Boven, L., Thompson, L.: A look into the mind of the negotiator: mental models in negotiation. Group Process. Intergroup Relat. 6, 387–404 (2003)
Craik, K.J.W.: The nature of explanation. Cambridge University Press, Cambridge (1943)
Doyle, J.K., Ford, D.N., Radzicki, M.J., Trees, W.S.: Mental models of dynamic systems. In: Barlas, Y. (ed.) System Dynamics and Integrated Modeling. EOLSS Publishers, Oxford (2012)
Gottschling, V.: Visual imagery, mental models, and reasoning. Adv. Psychol. 138, 211–235 (2006)
Hemforth, B., Konieczny, L.: Language processing: construction of mental models or more? Adv. Psychol. 138, 189–204 (2006)
van Deurzen, K., Horváth, I., Vroom, R.: Defining the phenomenon of mental models for critical events. In: Proceedings of CIE. American Society of Mechanical Engineers, Portland, Oregon (2013)
Jones, N.A., Ross, H., Lynam, T., Perez, P., Leitch, A.: Mental models: an interdisciplinary synthesis of theory and methods. Ecol. Soc. 16, 46 (2011)
Young, I.: Mental models: aligning design strategy with human behavior. Rosenfeld Media, Brooklyn (2008)
Held, C., Knauff, M., Vosgerau, G.: General introduction: current developments in cognitive psychology, neuroscience, and the philosophy of mind. Adv. Psychol. 138, 5–22 (2006)
Rouse, W.B., Morris, N.M.: On looking into the black box: prospects and limits in the search for mental models. Psychol. Bull. 100, 349 (1986)
Norman, D.A.: Some observations on mental models. Ment. Models. 7, 7–14 (1983)
Schilling, T.: Mentale Modelle der Benutzer von Fahrerinformationssysteme. http://edoc.hu-berlin.de/docserv/docviews/abstract.php?id=29520 (2008)
Dutke, S.: Mentale modelle: Konstrukte des Wissens und Verstehens. VAP Gött (1994)
Schütze, S., Streule, R., Läge, D.: Warum klassische Evaluation oftmals nicht ausreicht-eine Studie zur Ermittlung der Bedeutsamkeit Mentaler Modelle als Evaluationsmethode. Waxmann Verlag (2011)
Bach, N.: Mentale Modelle als Basis von Implementierungsstrategien. Konzepte Für Ein Erfolgreiches Change Manag, Wiesb (2000)
Langan-Fox, J., Code, S., Langfield-Smith, K.: Team mental models: Techniques, methods, and analytic approaches. Hum. Factors J. Hum. Factors Ergon. Soc. 42, 242–271 (2000)
Dresing, T., Pehl, T.: Praxisbuch Interview & Transkription. Regelsysteme und Anleitungen für qualitative ForscherInnen. dr dresing & pehl GmbH, Marburg (2012)
Software für Qualitative Datenanalyse | MAXQDA (Win & Mac OS X). http://www.maxqda.de/
Meboldt, M.: Mentale und formale Modellbildung in der Produktentstehung: als Beitrag zum integrierten Produktentstehungs-Modell (iPeM) (2008)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Märki, H., Maas, M., Kauer-Franz, M., Oberle, M. (2016). Increasing Software Security by Using Mental Models. In: Nicholson, D. (eds) Advances in Human Factors in Cybersecurity. Advances in Intelligent Systems and Computing, vol 501. Springer, Cham. https://doi.org/10.1007/978-3-319-41932-9_29
Download citation
DOI: https://doi.org/10.1007/978-3-319-41932-9_29
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-41931-2
Online ISBN: 978-3-319-41932-9
eBook Packages: EngineeringEngineering (R0)