Sesame: informing user security decisions with system visualization

Authors:
Jennifer Stoll;Craig S. Tashman;W. Keith Edwards;Kyle Spafford
Affiliations:
Georgia Institute of Technology, Atlanta, GA, USA;Georgia Institute of Technology, Atlanta, GA, USA;Georgia Institute of Technology, Atlanta, GA, USA;Georgia Institute of Technology, Atlanta, GA, USA
Venue:
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Year:
2008

Citing 13
Cited 12

A mathematical model of the finding of usability problems

INTERCHI '93 Proceedings of the INTERCHI '93 conference on Human factors in computing systems
Moving from the design of usable security technologies to the design of useful secure applications

Proceedings of the 2002 workshop on New security paradigms
The battle against phishing: Dynamic Security Skins

SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Social navigation as a model for usable security

SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Web browsing and spyware intrusion

Communications of the ACM - Spyware
Absolute Beginner's Guide to Security, Spam, Spyware & Viruses (Absolute Beginner's Guide)

Absolute Beginner's Guide to Security, Spam, Spyware & Viruses (Absolute Beginner's Guide)
Do security toolbars actually prevent phishing attacks?

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Countering Security Information Overload through Alert and Packet Visualization

IEEE Computer Graphics and Applications
Visual Correlation of Network Alerts

IEEE Computer Graphics and Applications
Passpet: convenient password management and phishing protection

SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Decision strategies and susceptibility to phishing

SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Web wallet: preventing phishing attacks by revealing user intentions

SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Security automation considered harmful?

NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms

"When I am on Wi-Fi, I am fearless": privacy concerns & practices in eeryday Wi-Fi use

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Revealing hidden context: improving mental models of personal firewall users

Proceedings of the 5th Symposium on Usable Privacy and Security
Investigating an appropriate design for personal firewalls

CHI '10 Extended Abstracts on Human Factors in Computing Systems
Improving users' security choices on home wireless networks

Proceedings of the Sixth Symposium on Usable Privacy and Security
The Wi-Fi privacy ticker: improving awareness & control of personal information exposure on Wi-Fi

Proceedings of the 12th ACM international conference on Ubiquitous computing
Eden: supporting home network management through interactive visual tools

UIST '10 Proceedings of the 23nd annual ACM symposium on User interface software and technology
It's too complicated, so i turned it off!: expectations, perceptions, and misconceptions of personal firewalls

Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
How and why pop-ups don't work: Pop-up prompted eye movements, user affect and decision making

Computers in Human Behavior
A brick wall, a locked door, and a bandit: a physical security metaphor for firewall warnings

Proceedings of the Seventh Symposium on Usable Privacy and Security
Visualizing semantics in passwords: the role of dates

Proceedings of the Ninth International Symposium on Visualization for Cyber Security
Rational interfaces for effective security software: polite interaction guidelines for secondary tasks

UAHCI'13 Proceedings of the 7th international conference on Universal Access in Human-Computer Interaction: design methods, tools, and interaction techniques for eInclusion - Volume Part I
Visualizations and Switching Mechanisms for Security Zones

Proceedings of International Conference on Advances in Mobile Computing & Multimedia

Quantified Score

Hi-index	0.01

Visualization

Abstract

Non-expert users face a dilemma when making security decisions. Their security often cannot be fully automated for them, yet they generally lack both the motivation and technical knowledge to make informed security decisions on their own. To help users with this dilemma, we present a novel security user interface called Sesame. Sesame uses a concrete, spatial extension of the desktop metaphor to provide users with the security-related, visualized system-level information they need to make more informed decisions. It also provides users with actionable controls to affect a system's security state. Sesame graphically facilitates users' comprehension in making these decisions, and in doing so helps to lower the bar for motivating them to participate in the security of their system. In a controlled study, users with Sesame were found to make fewer errors than a control group which suggests that our novel security interface is a viable alternative approach to helping users with their dilemma.