Motivation & Project Description

• Avoiding exposure to security threat means that users must take precautions, which require additional user actions and complicate the use of the system. Consequently, users may end up not taking the preventive actions, and may expose themselves to security threats.
• The project aims to develop a quantitative, predictive model of users’ tendency to take precautionary actions as a function of the severity of the threat, the difficulty of implementing preventive actions, and the efficiency of these actions.
• Thus, the project is related to the trade-off between security concerns and intuitive usability.

Expected Outcome:

• Literature review on risk-related decision making, risk taking, precautionary actions in computer systems, and user behavior modeling approaches
• Validated Model of precautionary actions as a function of required effort, properties of the system, the threat and the user, to be integrated into the MeMo user modeling approach (workbench)
• Report on recommendations for system design to increase the likelihood of users taking precautionary actions

Time Frame: 01-12/2008

T-labs Team Members:Sebastian Möller, Roman Englert, Joachim Meyer

Partners: Ben Gurion University, Beer Sheva, Israel

Funding by: Deutsche Telekom Labs