Logo des Repositoriums

Auflistung nach Autor:in "Feth, Denis"

1 - 9 von 9
  • Workshop
    10. Usable Security und Privacy Workshop – Proposal
    (Mensch und Computer 2024 - Workshopband, 2024) Lo Iacono, Luigi; Schmitt, Hartmut; Feth, Denis; Heinemann, Andreas
    Ziel der zehnten Ausgabe des wissenschaftlichen Workshops "Usable Security und Privacy" auf der Mensch und Computer 2024 ist es, aktuelle Forschungs- und Praxisbeiträge auf diesem Gebiet zu präsentieren und mit den Teilnehmer:innen zu diskutieren. Getreu dem Konferenzmotto "Hybrid Worlds" soll mit dem Workshop ein etabliertes Forum fortgeführt und weiterentwickelt werden, in dem sich Expert:innen, Forscher:innen und Praktiker:innen aus unterschiedlichen Domänen transdisziplinär zum Thema Usable Security und Privacy austauschen können. Das Thema betrifft neben dem Usability- und Security-Engineering unterschiedliche Forschungsgebiete und Berufsfelder, z.~B. Informatik, Ingenieurwissenschaften, Mediengestaltung und Psychologie. Der Workshop richtet sich an interessierte Wissenschaftler:innen aus all diesen Bereichen, aber auch ausdrücklich an Vertreter:innen der Wirtschaft, Industrie und öffentlichen Verwaltung.
  • Workshopbeitrag
    9. Usable Security und Privacy Workshop
    (Mensch und Computer 2023 - Workshopband, 2023) Lo Iacono, Luigi; Schmitt, Hartmut; Feth, Denis; Heinemann, Andreas
    Ziel der neunten Ausgabe des wissenschaftlichen Workshops "Usable Security und Privacy" auf der Mensch und Computer 2023 ist es, aktuelle Forschungs- und Praxisbeiträge auf diesem Gebiet zu präsentieren und mit den Teilnehmer:innen zu diskutieren. Getreu dem Konferenzmotto "Building Bridges" soll mit dem Workshop ein etabliertes Forum fortgeführt und weiterentwickelt werden, in dem sich Expert:innen, Forscher:innen und Praktiker:innen aus unterschiedlichen Domänen transdisziplinär zum Thema Usable Security und Privacy austauschen können. Das Thema betrifft neben dem Usability- und Security-Engineering unterschiedliche Forschungsgebiete und Berufsfelder, z. B. Informatik, Ingenieurwissenschaften, Mediengestaltung und Psychologie. Der Workshop richtet sich an interessierte Wissenschaftler:innen aus all diesen Bereichen, aber auch ausdrücklich an Vertreter:innen der Wirtschaft, Industrie und öffentlichen Verwaltung.
  • Konferenzbeitrag
    Evaluation kontextueller Datenschutzerklärungen
    (Mensch und Computer 2018 - Workshopband, 2018) Ortloff, Anna-Marie; Güntner, Lydia; Windl, Maximiliane; Feth, Denis; Polst, Svenja
    Datenschutzerklärungen sind häufig schwer zu finden und zu verstehen. Daher lesen viele Nutzer sie nur teilweise oder gar nicht. Kontextuelle Datenschutzerklärungen verfolgen einen alternativen Ansatz. Hier werden Datenschutzinformationen für den Nutzungskontext maßgeschneidert und nur die jeweils relevanten Informationen angezeigt. In dieser Arbeit wurde in einer Nutzerstudie untersucht, ob Nutzer diesen Ansatz akzeptieren und ob sie ein besseres, gefühltes Verständnis bezüglich der Datenschutzinformationen haben. Es zeigte sich, dass kontextuelle Datenschutzerklärungen durchweg positiv aufgenommen werden und gegenüber der klassischen Darstellung im Fließtext präferiert werden.
  • Konferenzbeitrag
    Heuristics and Models for Evaluating the Usability of Security Measures
    (Mensch und Computer 2019 - Tagungsband, 2019) Feth, Denis; Polst, Svenja
    Security mechanisms are nowadays part of almost every software. At the same time, they are typically sociotechnical and require involvement of end users to be effective. The usability of security measures is thus an essential factor. Despite this importance, this aspect often does not receive the necessary attention, for example due to short resources like time, budget, or usability experts. In the worst-case, users reject or circumvent even strong security measures and technically secure systems become insecure. To tackle the problem of unusable security measures, we developed a heuristics-based usability evaluation and optimization approach for security measures. In order to make heuristics applicable also for non-usability experts, we enrich them with information from a joint model for usability and security. In particular, this approach allows developers and administrators to perform usability evaluations and thus enables an early tailoring to the user, complementary to expert or user reviews. In this paper, we present our approach, including an initial set of heuristics, a joint model for usability and security and a set of mapping rules that combine heuristics and model. We evaluated the applicability of our approach, which we present in this paper.
  • Workshopbeitrag
    Privacy ad Absurdum - How Workplace Privacy Dashboards Compromise Privacy
    (Mensch und Computer 2020 - Workshopband, 2020) Polst, Svenja; Feth, Denis
    In times of data-driven business, privacy and data protection are gaining importance. Users and legal bodies require the implementation of privacy-enhancing and transparencyenhancing technologies, such as privacy dashboards. Even though privacy dashboards contribute to privacy and data protection, they may also carry risks themselves. For example, privacy dashboards require access to and collection of quite a huge amount of personal data. This of course leads to a conflict with their primary goal—namely privacy, including data-minimization—and thus leads it ad absurdum. We particularly focus on privacy dashboards for employees as an example technology for transparency and self-determination at their workplace. Conflicts address among others transparency vs. data-minimization, and self-determination vs. social pressure. In this paper, we elaborate such conflicts and discuss corresponding solution strategies.
  • Konferenzbeitrag
    Transparency through Contextual Privacy Statements
    (Mensch und Computer 2017 - Workshopband, 2017) Feth, Denis
    Privacy policies are the state of the practice technique to achieve data transparency. However, they have a variety of issues in practice: They are presented in a non-prominent way, are typically quite lengthy, and not written in the users’ language. Additionally, they are quite abstract, as privacy policies are generic documents that do not relate to the current activity of the user but give a high level overview on the overall system. In this paper, we present our idea of "contextual privacy statements" that overcome the shortcomings of state of the practice privacy policies. Instead of having one generic privacy policy that has to fit every use case and every user group, contextual privacy statements provide concrete information about privacy and data protection in a specific use case or activity. We aim for better understandability of privacy policies, resulting in an increased transparency and user acceptance.
  • Konferenzbeitrag
    Usable Security Policy Specification
    (Mensch und Computer 2016 – Workshopband, 2016) Rudolph, Manuel; Feth, Denis
    Security policies determine which security requirements have to be met in a domain and how they are implemented organizationally and/or technically. However, their specification at run-time poses a challenge for policy authors (e.g., IT administrators or end users), especially if they are inexperienced in this task. Thus, specification interfaces have to guide the policy author during the specification process. However, matching appropriate specification processes to the policy authors’ individual needs is challenging due to a high variability in the authors’ skill levels and security perceptions. In this paper, we identify existing specification approaches, derive generic specification paradigms and show the feasibility of one of them in an industrial case study.
  • Workshopbeitrag
    Usable Specification of Security and Privacy Demands: Matching User Types to Specification Paradigms
    (Mensch und Computer 2019 - Workshopband, 2019) Rudolph, Manuel Polst; Feth, Denis
    However, formulating their own abstract data protection requirements is already a challenge for them. The mapping of these requirements to concrete setting options in an application is even more challenging—partially because the user interfaces for data protection settings are not tailored to the needs of different user types. This is one of the reasons why only few users make data protection settings regularly and purposefully. In this paper, we describe different specification paradigms for privacy settings and evaluate which paradigm best suits different user types. We investigate with which paradigm a certain user type achieves the best results in terms of objective and perceived correctness, efficiency and satisfaction.
  • Workshopbeitrag
    WDP vs. Nielsen’s Heuristics: A Comparison
    (Mensch und Computer 2018 - Tagungsband, 2018) Petter, Oliver; Polst, Svenja; Ebert, Achim; Feth, Denis
    Most usability evaluation methods (UEM) and heuristics, such as Nielsen’s heuristics, are tailored to usability professionals. However, these experts are rare and expensive. Thus, we empirically evaluated whether the web usability inspection technique based on design perspectives (WDP) can achieve equally valuable results while being less dependent on expert knowledge. The results indicate that WDP applied by developers can be a good alternative for usability evaluations by experts.