We study learning & problem processes of hackers. Specifically, we are interested in challenges (obfuscation or other protective measures) and strategies (e.g. reverse engineering) of attacks on hardware circuits through a psychological lens: How do hackers overcome countermeasures? Which types of measures are easy, which are hard to crack? Which individual and task characteristics predict successful hacking of computer hardware.
We study behavior change with and through media. How do individuals acquire behaviors or behavioral responses from media use, both voluntarily (e.g., through educational software in a learning environment) and involuntarily (e.g., undesirable side effects through entertainment media, e.g. the link between displays of violence and aggressiveness).
We study science (and scientists). We conduct empirical research on the principles and mechanics of the production of scientific knowledge, such as the effects of academic peer review, statistical reporting practices, and standardization of behavioral measurement and operationalizations. We are interested in the effectiveness of nascent research practices, e.g. preregistration and sharing of data/materials.
Global, open standards, like the fixed width of the soccer goal, reduce conflict when players from around the world come together. In psychology, such standards are few—and unsurprisingly “moving the goal posts” is a typical metaphor chosen for the controversy that often erupts after a failed replication attempt. At the same time, difficulties with replicating empirical works –reproducing analyses based on the same data, repeating previously made observations in new data – have been documented across the social and behavioral sciences. As psychology grapples with this crisis, many ask what constitutes a direct replication—when are materials and methods sufficiently similar to be considered the same? If we find an effect when using one measure but not when using an altered version, we may gain insight into boundary conditions and generalizability. However, we may also chase false leads: differences in results may not be replicable if researchers exploited degrees of freedom in measurement to obtain the desired results. Global, open standards remove these degrees of freedom and transparently crystallize agreement on basic aspects of research: units, norms, and measurement procedures. Without standards, efforts to build a cumulative evidence base through replication and evidence synthesis will often end in screaming matches about the goal posts (but without the benefit of a referee). With them, planning new research, assessing replicability of previous research, and synthesizing evidence all become easier.
We propose a comprehensive work programme to study the role standards (and their absence) play in the reproducibility, robustness, replicability, and generalizability of psychological research. We examine how open standards can help the transition of psychology to a mature, cumulative science. We develop SOBER, a rubric to describe and quantify measurement standardization in a machine-readable metadata standard. We demonstrate SOBER’s utility for the prediction of replicability in existing meta-analyses and large-scale replication projects and show how global standards ease evidence synthesis by reducing hypothesis-irrelevant variation. With SOBER, we lay the foundation to reduce redundancy, error, and flexibility in measurement. We catalogue flexible measurement practices, simulate their cost for psychometric quality and robustness of evidence, and test these costs empirically in a series of methodological experiments in which common psychological measures are modified. We integrate our findings into a framework to account for ad-hoc measurement modification effects in psychological research synthesis. Taken together, our plans to engineer a change towards a more standardized culture in psychology take the shape of tools, debates, and educational resources.
Partner: University of Leipzig
Funding: 496k €, RUB 262.931 €
Runtime: 04/2022 - 03/2025
Funded by: Deutsche Forschungsgemeinschaft (DFG) as part of the DFG Priority Program META-REP
R.Go.Sec aims to empirically study psychological learning and problem solving processes in the IT security of digital technologies. The goal is to generate a psychological model which takes into account user behaviour, attacker strategies and security implementation of hardware and software designers.
One part of the project investigates the cognitive factors and processes underlying problem solving in IT security. The focus here is mainly on the influence of visual characteristics of problems on solution strategies and success. The problems employed in this research are supposed to mirror processes that are essential for the work of IT experts. On the one hand, the extent to which the availability of visual aids facilitates fault diagnosis and troubleshooting in simplified abstract networks is examined.
On the other hand, the effect of different visual representations of problems on problem-solving behavior and performance is studied. This plays a central role especially in the field of Boolean logic, because here multiple representations for the same concepts exist, whereas it remains largely unclear which of these have a beneficial influence on the cognitive processing of Boolean circuits. Since Boolean logic lies at the core of every digital system, its cognitive characteristics are crucial for research on psychological aspects of IT security.
R.Go.Sec regards software, too: We investigate predictors of successful software reverse engineering. At the same time, various strategies to protect software are regarded to assess their effectivity. One of these strategies is called software obfuscation and is the center of focus in these studies, as R.Go.Sec considers this strategy a creative problem solving process. Because digital systems consist of both hardware and software, R.Go.Sec aims at a holistic approach to further deepen an understanding of attacks and protections of these systems and to inform future research in this regard.
While the focus on human factors is common to all subprojects of R.Go.Sec, another specific main objective is concerned with the particularities characterizing the cognition of attackers in the IT domain. What makes a hacker's thinking special? Is there a way to train this skill of comprehending and attacking complex systems? And which cognitive processes should be targeted in the development of protection mechanisms to hamper future attacks?
Funding: 821,048.55 €
Runtime: 01/2018 - 12/2023
Funded by: Ministry of Innovation, Science and Research of North Rhine-Westphalia
Project Administration: Projektträger Jülich (ptj)
HTI is conducting the project "UsableSec@Home: Experiential Data Protection and IT Security in Smart Home Applications" led by the University of Bremen and realized in cooperation with the other project partners, Neusta Mobile Solutions and Certavo.
This project develops and tests new approaches to solve security problems in smart home systems. By gaining empirical insights into fundamental motivational, cognitive and learning psychological processes in the use of such systems, Ruhr University Bochum supports the overall project. A key element of our research is the evaluation of the fit and effectiveness of specific visualization techniques of system and security functions.
In this context, the project examines the extent to which users of smart home devices could make better and, above all, more confident decisions regarding IT security in order to enable an effective protection of their data.
Multi-modal methodological approaches will be pursued throughout the projects’ stages, such as laboratory experiments of the applications, user surveys, vignette studies as well as online experiments. In line with the Open Science Initiative, studies will be pre-registered, and their data made available in appropriate repositories.
Partners: University of Bremen (Coordinator), neusta mobile solutions GmbH, certavo GmbH
Funding: Total 1.72 Mio. € (86% funded by BMBF), RUB 283,965.70 €
Runtime: 05/2020 - 04/2023
Funded by: Bundesministerium für Bildung und Forschung (BMBF)
Project Administration: VDI/VDE Innovation + Technik GmbH