Security Requirements for Serious apps
Funded by: NWO (grant number: 628.001.011)
Period: Sep, 2015 - Dec, 2020
Partners/Participants: TNO, Centric and WODC
The SERIOUS project aims to research the security and privacy requirements of serious apps.
A serious application is used for serious business, such as tele-treatment or local government issues. In this respect, the processed data must only be shared with authorized parties. However, recent research has shown that end-users encounter difficulties to manage their security and privacy risks and are often unable to make well-informed decisions about what to share with whom. Most permission systems are predominantly system-oriented and difficult to understand for end-users.
The aim of this project is to support and empower end-users in managing security and privacy risks of serious apps by means of a software. Currently, several frameworks exist that evaluate and solve security and privacy risks of (malicious) applications. However, these frameworks only solve a limited amount of risks and most do not aid the user in making security and privacy decisions. The framework that we develop will emerge from consumers’ needs and preferences and has to match with obligations, law and legislation from the government. Furthermore, the framework has to be developed under consideration of ethical consequences of the technology and the design, while communicating threats to security and privacy to the end-user.
The project is a collaboration between the EEMCS faculty, Services and CyberSecurity group and the BMS faculty, Communication Science group. Susanne Barth (PhD candidate) works for both departments. Dr. Dan Ionita holds a post-doc position at the SCS group.