Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
public:papers:dtrap2020 [2020-09-02 14:06] – created xukroppublic:papers:dtrap2020 [2023-08-12 21:02] (current) – [Research artifacts (supplementary material)] xukrop
Line 19: Line 19:
 <TEXT align="right"> <TEXT align="right">
  
-<popover trigger="focus" title="Not yet available" content="Pre-print will be added in November 2020."> +/* <popover trigger="focus" title="Not yet available" content="Pre-print will be added in November 2020."> */ 
-<button type="warning" icon="fa fa-file-pdf-o">Pre-print PDF</button> +<button type="warning" icon="fa fa-fw fa-file-pdf-o">[[https://crocs.fi.muni.cz/_media/publications/pdf/2020-dtrap-ukrop.pdf|Pre-print PDF]]</button> 
-</popover>+/* </popover> */
 \_ \_
-<button type="primary" icon="fa fa-database">[[#research_artifacts_supplementary_material|Artifacts]]</button>+<button type="primary" icon="fa fa-fw fa-database">[[#research_artifacts_supplementary_material|Artifacts]]</button>
 \_ \_
-<button collapse="bibtex" icon="fa fa-file-code-o">BiBTeX</button>+<button collapse="bibtex" icon="fa fa-fw fa-file-code-o">BiBTeX</button>
 </TEXT> </TEXT>
 </col> </col>
Line 44: Line 44:
   }   }
 </collapse> </collapse>
 +
 +<callout type="info" icon="true" title="Extended version of preivously published paper">
 +This is an extended version of the [[https://crocs.fi.muni.cz/public/papers/acsac2019|paper previously published]] at the Annual Computer Security Applications Conference (ACSAC) 2019.
 +</callout>
  
 <panel type="default" title="Abstract"> <panel type="default" title="Abstract">
Line 67: Line 71:
   * As a follow-up work, we started gathering X.509 certificate validation errors and documentation from multiple libraries to consolidate the documentation on a single place.   * As a follow-up work, we started gathering X.509 certificate validation errors and documentation from multiple libraries to consolidate the documentation on a single place.
  
-<button type="primary" icon="fa fa-link">[[https://x509errors.org|Visit x509errors.org]]</button>+<button type="primary" icon="fa fa-fw fa-link">[[https://x509errors.org|Visit x509errors.org]]</button> 
   * **Methodological implications**     * **Methodological implications**  
   Based on our experience with usable security experiments on IT professionals, we summarize several study design suggestions. Firstly, IT conferences seem to be an excellent sampling opportunity for studies involving IT professionals. As such samples tend to be quite heterogeneous, controlling for previous experience is crucial. Secondly, the inclusion of educational debriefing after empirical experiments may be beneficial as IT professionals appear to be interested to learn. Thirdly, observed behaviors should be preferred to self-reported ones. As much data as possible should be collected automatically to ease the processing.   Based on our experience with usable security experiments on IT professionals, we summarize several study design suggestions. Firstly, IT conferences seem to be an excellent sampling opportunity for studies involving IT professionals. As such samples tend to be quite heterogeneous, controlling for previous experience is crucial. Secondly, the inclusion of educational debriefing after empirical experiments may be beneficial as IT professionals appear to be interested to learn. Thirdly, observed behaviors should be preferred to self-reported ones. As much data as possible should be collected automatically to ease the processing.
Line 73: Line 78:
 ===== Talk at DevConf 2019 ===== ===== Talk at DevConf 2019 =====
  
-The content of this research was partially covered at the DevConf 2019 talk that can be seen below. <button icon="fa fa-file-image-o">[[https://crocs.fi.muni.cz/_media/publications/pdf/2019-devconf-ukrop_presentation.pdf|Presentation]]</button>+The content of this research was partially covered at the DevConf 2019 talk that can be seen below. <button icon="fa fa-fw fa-file-image-o">[[https://crocs.fi.muni.cz/_media/publications/pdf/2019-devconf-ukrop_presentation.pdf|Presentation]]</button>
  
 {{ youtube>ezs99TiPDhs?900x520 |Martin Ukrop: Understanding TLS certificate validation errors}} {{ youtube>ezs99TiPDhs?900x520 |Martin Ukrop: Understanding TLS certificate validation errors}}
Line 85: Line 90:
 The collected data is presented in a single dataset (SPSS format; you can use PSPP as a free alternative). It includes the analysis syntax files to obtain the numerical results presented in the paper. For each participant, the dataset contains: 1) pre-task questionnaire answers, 2) reported trust ratings, 3) sub-task timing, 4) information on whether they browsed the Internet and 5) the interview codes assigned. Note that we do not publish the interview transcripts to preserve participant privacy. The collected data is presented in a single dataset (SPSS format; you can use PSPP as a free alternative). It includes the analysis syntax files to obtain the numerical results presented in the paper. For each participant, the dataset contains: 1) pre-task questionnaire answers, 2) reported trust ratings, 3) sub-task timing, 4) information on whether they browsed the Internet and 5) the interview codes assigned. Note that we do not publish the interview transcripts to preserve participant privacy.
  
-<button type="primary" icon="fa fa-database">[[https://drive.google.com/drive/folders/1zzGZ0h-tBrntBPvW5qek2wRehWnIwrx-?usp=sharing|Go to artifacts repository (gDrive)]]</button>+<button type="primary" icon="fa fa-fw fa-database">[[https://zenodo.org/record/8242000|Go to artifacts repository (Zenodo)]]</button>