Studying access-control usability in the lab: lessons learned from four studies

Authors:
Kami Vaniea;Lujo Bauer;Lorrie Faith Cranor;Michael K. Reiter
Affiliations:
Carnegie Mellon University, Pittsburgh, PA;Carnegie Mellon University, Pittsburgh, PA;Carnegie Mellon University, Pittsburgh, PA;University of North Carolina, Chapel Hill, NC
Venue:
Proceedings of the 2012 Workshop on Learning from Authoritative Security Experiment Results
Year:
2012

Citing 14
Cited 0

End-user controlled group formation and access rights management in a shared workspace system

CSCW '04 Proceedings of the 2004 ACM conference on Computer supported cooperative work
Location disclosure to social relations: why, when, & what people want to share

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
User experiences with sharing and access control

CHI '06 Extended Abstracts on Human Factors in Computing Systems
Why Johnny can't encrypt: a usability evaluation of PGP 5.0

SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
The psychology of security

Communications of the ACM - The psychology of security: why do good users make bad decisions?
Expandable grids for visualizing and authoring computer security policies

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Crying wolf: an empirical study of SSL warning effectiveness

SSYM'09 Proceedings of the 18th conference on USENIX security symposium
A framework for privacy-enhanced personalization

A framework for privacy-enhanced personalization
More than skin deep: measuring effects of the underlying model on access-control system usability

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Exploring reactive access control

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Oops, I did it again: mitigating repeated access control errors on facebook

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
On the challenges in usable security lab studies: lessons learned from replicating a study on SSL warnings

Proceedings of the Seventh Symposium on Usable Privacy and Security
Out of sight, out of mind: Effects of displaying access-control information near the item it controls

PST '12 Proceedings of the 2012 Tenth Annual International Conference on Privacy, Security and Trust (PST)

Quantified Score

Hi-index	0.00

Visualization

Abstract

In a series of studies, we investigated a user interface intended to help users stay aware of their access-control policy even when they are engaged in another activity as their primary task. Methodological issues arose in each study, which impacted the results. We describe the difficulties encountered during each study, and changes to the methodology designed to overcome those difficulties. Through this process, we shed light on the challenges intrinsic to many studies that examine security as a secondary task, and convey a series of lessons that we hope will help other researchers avoid some of the difficulties that we encountered.