R.Go.Sec aims to empirically study psychological learning and problem solving processes in the IT security of digital technologies. The goal is to generate a psychological model which takes into account user behaviour, attacker strategies and security implementation of hardware and software designers.
One part of the project investigates the cognitive factors and processes underlying problem solving in IT security. The focus here is mainly on the influence of visual characteristics of problems on solution strategies and success. The problems employed in this research are supposed to mirror processes that are essential for the work of IT experts. On the one hand, the extent to which the availability of visual aids facilitates fault diagnosis and troubleshooting in simplified abstract networks is examined.
On the other hand, the effect of different visual representations of problems on problem-solving behavior and performance is studied. This plays a central role especially in the field of Boolean logic, because here multiple representations for the same concepts exist, whereas it remains largely unclear which of these have a beneficial influence on the cognitive processing of Boolean circuits. Since Boolean logic lies at the core of every digital system, its cognitive characteristics are crucial for research on psychological aspects of IT security.
R.Go.Sec regards software, too: We investigate predictors of successful software reverse engineering. At the same time, various strategies to protect software are regarded to assess their effectivity. One of these strategies is called software obfuscation and is the center of focus in these studies, as R.Go.Sec considers this strategy a creative problem solving process. Because digital systems consist of both hardware and software, R.Go.Sec aims at a holistic approach to further deepen an understanding of attacks and protections of these systems and to inform future research in this regard.
While the focus on human factors is common to all subprojects of R.Go.Sec, another specific main objective is concerned with the particularities characterizing the cognition of attackers in the IT domain. What makes a hacker's thinking special? Is there a way to train this skill of comprehending and attacking complex systems? And which cognitive processes should be targeted in the development of protection mechanisms to hamper future attacks?
Project Information
Funding: 821,048.55 €
Runtime: 01/2018 - 12/2023
Funded by: Ministry of Innovation, Science and Research of North Rhine-Westphalia
Project Administration: Projektträger Jülich (ptj)
