Adaptive Security Dialogs for Improved Security Behavior of Users

Authors:
Frederik Keukelaere;Sachiko Yoshihama;Scott Trent;Yu Zhang;Lin Luo;Mary Ellen Zurko
Affiliations:
IBM Tokyo Research Laboratory, Kanagawa, Japan;IBM Tokyo Research Laboratory, Kanagawa, Japan;IBM Tokyo Research Laboratory, Kanagawa, Japan;IBM China Research Laboratory, Beijing, China;IBM China Research Laboratory, Beijing, China;IBM Lotus, Massachusetts, USA
Venue:
INTERACT '09 Proceedings of the 12th IFIP TC 13 International Conference on Human-Computer Interaction: Part I
Year:
2009

Citing 10
Cited 4

Did You Ever Have To Make Up Your Mind? What Notes Users Do When Faced With A Security Decision

ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
The battle against phishing: Dynamic Security Skins

SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Why phishing works

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Protecting people from phishing: the design and evaluation of an embedded training email system

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Network-in-a-box: how to set up a secure wireless network in under a minute

SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Why Johnny can't encrypt: a usability evaluation of PGP 5.0

SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
The Emperor's New Security Indicators

SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Improving security decisions with polymorphic and audited dialogs

Proceedings of the 3rd symposium on Usable privacy and security
The psychology of security

Communications of the ACM - The psychology of security: why do good users make bad decisions?
You've been warned: an empirical study of the effectiveness of web browser phishing warnings

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems

Tensions in developing a secure collective information practice - the case of agile ridesharing

INTERACT'11 Proceedings of the 13th IFIP TC 13 international conference on Human-computer interaction - Volume Part II
The security cost of cheap user interaction

Proceedings of the 2011 workshop on New security paradigms workshop
Rational interfaces for effective security software: polite interaction guidelines for secondary tasks

UAHCI'13 Proceedings of the 7th international conference on Universal Access in Human-Computer Interaction: design methods, tools, and interaction techniques for eInclusion - Volume Part I
Digital Identity based VoIP Authentication Mechanism

Proceedings of International Conference on Advances in Mobile Computing & Multimedia

Quantified Score

Hi-index	0.00

Visualization

Abstract

Despite the increasing awareness of the importance of security for daily computer users, we see that many users still fail to behave securely when confronted with a security-related decision. In this paper, we introduce a new approach to security-related dialogs called Adaptive Security Dialogs (ASD). This approach is a combination of a new architecture and a new way of interacting with users to provide them with appropriate and effective security dialogs. ASD realizes this goal by matching the complexity and intrusiveness of security-related dialogs to the risk associated with the decision the user is making. This results in an architecture in which users can focus on their tasks, get (immediate) feedback on their decisions, and interact with dialogs with an appropriate complexity and appearance for the decision's associated risk. This paper makes the following three contributions. First, we introduce a general architecture for handling security-related decisions. Second, through an empirical user study using a web-based e-mail client, we show significant improvement in the care exercised by our participants without sacrificing usability. Third, we describe how the different pieces of existing research fit into the bigger picture of improving users' behavior.