Jennifer Stoll
ABSTRACT
Non-expert users face a dilemma when making security decisions. Their security often cannot be fully automated for them, yet they generally lack both the motivation and technical knowledge to make informed security decisions on their own. To help users with this dilemma, we present a novel security user interface called Sesame. Sesame uses a concrete, spatial extension of the desktop metaphor to provide users with the security-related, visualized system-level information they need to make more informed decisions. It also provides users with actionable controls to affect a system's security state. Sesame graphically facilitates users' comprehension in making these decisions, and in doing so helps to lower the bar for motivating them to participate in the security of their system. In a controlled study, users with Sesame were found to make fewer errors than a control group which suggests that our novel security interface is a viable alternative approach to helping users with their dilemma.
Supplemental Material
Available for Download
Slides from the presentation
Supplemental material for Sesame: informing user security decisions with system visualization
- Conti, G., Abdullah, K., Grizzard, J., Stasko, J., Copeland, J., Ahamad, M., Owen, H., Lee, C. Countering Security Information Overload through Alert and Pack Visualization. IEEE Computer Graphics (2006). Google Scholar
Digital Library
- Dhamija, Rachna, Tygar, J.Doug. The Battle Against Phishing: Dynamic Security Skins. Symposium On Usable Privacy and Security, (2005). Google ScholarDigital Library
- DiGioia, P., Dourish P. Social Navigation as a Model for Usable Security. Symposium On Usable Privacy and Security (2005). Google ScholarDigital Library
- Downs, J. S., Holbrook, M. B., Cranor, L. F. Decision Strategies and Susceptibility to Phishing. Symposium On Usable Privacy and Security, (2005). Google ScholarDigital Library
- Edwards, W. K., Shehan, E., Stoll, J. Security Automation Considered Harmful? NSPW (2007) Google ScholarDigital Library
- Flinn, S.A., Flock of Birds, Safely Staged. DIMACS Workshop on Usable Privacy & Security Software (2005).Google Scholar
- Foresti, S., Agutter, J. Visual Correlation of Network Alerts. IEEE Computer Graphics (2006). Google ScholarDigital Library
- Hutchins, E., Hollan, J., Norman, D. Direct Manipulation Interfaces. Human Computer Interaction, 1985. 1: p. 311--338.Google Scholar
- Know Your Enemy: Tracking Botnets. Honeynet Project and Research Alliance. honeynet.org/papers/bots (2005).Google Scholar
- Nielsen, J., Landauer, T. K., A mathematical model of the finding of usability problems. Proceedings of the ACM INTERCHI'93 Conference (1993). Google ScholarDigital Library
- Shukla, S., Nah, F., Web Browsing and Spyware Intrusion. Communications of the ACM.Vol. 48, No. 8 (2005). Google ScholarDigital Library
- Smetters, D., Grinter, R. Moving from the Design of Usable Security Technologies to the Design of Useful Secure Applications. NSPW (2002). Google ScholarDigital Library
- Spyware. NISCC Technical Note. National Infrastructure Security Coordination Centre. (2006).Google Scholar
- Thorpe, S., Fize, D. & Marlot, C. (1996).Speed of processing in the human visual system. Nature, 381, 520--522.Google Scholar
- Walker, A. Absolute Beginner's Guide to Security, Spam, Spyware & Viruses. Que Publishing, ©© 2006. Google ScholarDigital Library
- Whalen, T., Inkpen, K. Techniques for Visual Feedback of Security State. DIMACS Workshop on Usable Privacy and Security Software (2004).Google Scholar
- Whitten, A., Tygar, J. Safe Security Staging. CHI 2003 Workshop on Human-Computer Interaction and Security Systems (2003).Google Scholar
- Whitten, A., Tygar, J., Why Johnny Can't Encrypt. Proc. of the 8th USENIX Security Symposium (1999).Google Scholar
- Wu, M., Miller, R. C., Little, G. Web Wallet: Preventing Phishing Attacks by Revealing User Intentions. Symposium On Usable Privacy and Security, (2006). Google ScholarDigital Library
- Wu, M., Miller, R. C., Garfinkel, S., Do Security Toolbars Actually Prevent Phishing Attacks? CHI (2006). Google ScholarDigital Library
- Yee, K., Sitaker, K. Passpet: Convenient Password Management and Phishing Protection. Symposium On Usable Privacy and Security, (2006). Google ScholarDigital Library
- www.sysinternals.com/Utilities/Google Scholar
Index Terms
- Sesame: informing user security decisions with system visualization
Recommendations
Security and usability: the case of the user authentication methods
IHM '06: Proceedings of the 18th Conference on l'Interaction Homme-MachineThe usability of security systems has become a major issue in research on the efficiency and user acceptance of security systems. The authentication process is essential for controlling the access to various resources and facilities. The design of ...
A novel three-tiered visualization approach for firewall rule validation
Firewall is one of the most critical elements of the current Internet, which can protect the entire network against attacks and threats. While configuring the firewalls, rule configuration has to conform to, or say be consistent with, the demands of the ...
A visualized internet firewall rule validation system
APNOMS'07: Proceedings of the 10th Asia-Pacific conference on Network Operations and Management Symposium: managing next generation networks and servicesFor the security consistency, firewall rule editing, ordering, and distribution must be done very carefully on each of the cooperative firewalls, especially in a large-scale and multi-firewall-equipped network. Nevertheless, a network operator is prone ...
Comments