OTO: online trust oracle for user-centric trust establishment

Authors:
Tiffany Hyun-Jin Kim;Payas Gupta;Jun Han;Emmanuel Owusu;Jason Hong;Adrian Perrig;Debin Gao
Affiliations:
Carnegie Mellon University, Pittsburgh, PA, USA;Singapore Management University, Singapore, Singapore;Carnegie Mellon University, Pittsburgh, PA, USA;Carnegie Mellon University, Pittsburgh, PA, USA;Carnegie Mellon University, Pittsburgh, PA, USA;Carnegie Mellon University, Pittsburgh, PA, USA;Singapore Management University, Singapore, Singapore
Venue:
Proceedings of the 2012 ACM conference on Computer and communications security
Year:
2012

Citing 14
Cited 0

How do users evaluate the credibility of Web sites?: a study with over 2,500 participants

Proceedings of the 2003 conference on Designing for user experiences
Why phishing works

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Decision strategies and susceptibility to phishing

SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Improving security decisions with polymorphic and audited dialogs

Proceedings of the 3rd symposium on Usable privacy and security
You've been warned: an empirical study of the effectiveness of web browser phishing warnings

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Reduction of end user errors in the design of scalable, secure communication

Reduction of end user errors in the design of scalable, secure communication
Trust me: design patterns for constructing trustworthy trust indicators

Trust me: design patterns for constructing trustworthy trust indicators
Folk models of home computer security

Proceedings of the Sixth Symposium on Usable Privacy and Security
Crying wolf: an empirical study of SSL warning effectiveness

SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Bridging the Gap in Computer Security Warnings: A Mental Model Approach

IEEE Security and Privacy
Augmenting web pages and search results to support credibility assessment

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Integrating user feedback with heuristic security and privacy management systems

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Why do people get phished? Testing individual differences in phishing vulnerability within an integrated, information processing model

Decision Support Systems
Obfuscation: The Hidden Malware

IEEE Security and Privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

Malware continues to thrive on the Internet. Besides automated mechanisms for detecting malware, we provide users with trust evidence information to enable them to make informed trust decisions. To scope the problem, we study the challenge of assisting users with judging the trustworthiness of software downloaded from the Internet. Through expert elicitation, we deduce indicators for trust evidence, then analyze these indicators with respect to scalability and robustness. We design OTO, a system for communicating these trust evidence indicators to users, and we demonstrate through a user study the effectiveness of OTO, even with respect to IE's SmartScreen Filter (SSF). The results from the between-subjects experiment with 58 participants confirm that the OTO interface helps people make correct trust decisions compared to the SSF interface regardless of their security knowledge, education level, occupation, age, or gender.