A brick wall, a locked door, and a bandit: A physical security metaphor for firewall warnings

SOUPS 2011 - Proceedings of the 7th Symposium on Usable Privacy and Security

Volumn , Issue , 2011, Pages

  Raja, Fahimeh ^a   Hawkey, Kirstie ^b   Hsu, Steven ^a   Wang, Kai Le Clement ^a   Beznosov, Konstantin ^a  

^a UNIVERSITY OF BRITISH COLUMBIA   (Canada)

^b DALHOUSIE UNIVERSITY   (Canada)

Author keywords

mental model; personal firewall; physical security metaphor; usable security; warning

Indexed keywords

MENTAL MODEL; PERSONAL FIREWALLS; PHYSICAL SECURITY; USABLE SECURITY; WARNING;

EID: 84862937206     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2078827.2078829     Document Type: Conference Paper

References (49)

1. B. Anderson, M. Smyth, R. Knott, M. Bergan, J. Bergan, and J. Alty. Minimising conceptual baggage: Making choices about metaphor. In People and Computers IX - Proceedings of HCI'94, pages 179-194, 1994.
2. F. Asgharpour, D. Liu, and L. J. Camp. Mental models of security risks. In FC'07/USEC'07: Proceedings of the 11th International Conference on Financial Cryptography and 1st International Conference on Usable Security, pages 367-377, Berlin, Heidelberg, 2007. Springer-Verlag.
3. C. J. Atman, A. Bostrom, B. Fischhoff, and M. G. Morgan. Designing risk communications: Completing and correcting mental models of hazardous processes, part i. Risk Analysis, 14(5):779-788, 1994. (Pubitemid 24362988)
4. J. Berson. ZoneAlarm: Creating usable security products for consumers. In L. F. Cranor and S. Garfinkel, editors, Security and Usability: Designing Secure Systems that People Can Use, chapter 27, pages 563-575. O'Reilly Media, Inc., 2005.
5. A. Besmer, J. Watson, and H. R. Lipford. The impact of social navigation on privacy policy configuration. In SOUPS '10: Proceedings of the Sixth Symposium on Usable Privacy and Security, pages 1-10, New York, NY, USA, 2010. ACM.
6. A. Bostrom, C. J. Atman, B. Fischhoff, and M. G. Morgan. Evaluating risk communications: Completing and correcting mental models of hazardous processes, part ii. Risk Analysis, 14(5):789-798, 1994. (Pubitemid 24362989)
7. C. Bravo-Lillo, L. Cranor, J. Downs, and S. Komanduri. Poster: What is still wrong with security warnings: a mental models approach. In SOUPS '10: Proceedings of the 6th Symposium on Usable Privacy and Security, New York, NY, USA, 2010. ACM.
8. L. Camp, F. Asgharpour, D. Liu, and I. Bloomington. Experimental Evaluations of Expert and Non-expert Computer Users? Mental Models of Security Risks. Proceedings of WEIS 2007, 2007.
9. L. Clark and M. A. Sasse. Conceptual design reconsidered: The case of the internet session directory tool. In Proceedings of HCI on People and Computers XII, HCI 97, pages 67-84, London, UK, 1997. Springer-Verlag.
10. Personal firewall software review. http://www.consumersearch.com/ firewalls, 2010.
11. L. F. Cranor. A framework for reasoning about the human in the loop. In UPSEC'08: Proceedings of the 1st Conference on Usability, Psychology, and Security, pages 1-15, Berkeley, CA, USA, 2008. USENIX Association.
12. P. DiGioia and P. Dourish. Social navigation as a model for usable security. In SOUPS '05, pages 101-108, Pittsburgh, Pennsylvania, 2005. ACM.
13. J. S. Downs, M. B. Holbrook, and L. F. Cranor. Decision strategies and susceptibility to phishing. In SOUPS '06: Proceedings of the Second Symposium on Usable Privacy and Security, pages 79-90, New York, NY, USA, 2006. ACM.
14. S. Egelman, L. F. Cranor, and J. Hong. You've been warned: an empirical study of the effectiveness of web browser phishing warnings. In CHI '08: Proceedings of the SIGCHI Conference on Human factors in Computing Systems, pages 1065-1074, New York, NY, USA, 2008. ACM.
15. S. Egelman, J. King, R. C. Miller, N. Ragouzis, and E. Shehan. Security user studies: methodologies and best practices. In CHI Extended Abstracts, pages 2833-2836. ACM, 2007. (Pubitemid 47581962)
16. Best software firewalls for maximum protection and greater user involvement. http://www.techsupportalert.com/best-free-firewall.htm, 2010.
17. S. Hazari. Perceptions of end-users on the requirements in personal firewall software: An exploratory study. The Journal of Supercomputing, 17(3):47-56, 2005.
18. A. Herzog and N. Shahmehri. Usability and security of personal firewalls. New Approaches for Security, Privacy and Trust in Complex Environments, pages 37-48, 2007.
19. K. Ingham and S. Forrest. A history and survey of network firewalls. Technical report, University of New Mexico, 2002.
20. J. Johnston, J. H. P. Eloffa, and L. Labuschagneb. Security and human computer interfaces. Computers and Security, 22:675-684, 2003.
21. H. Jungermann, H. Schutz, and M. Thuring. Mental models in risk assessment: Informing people about drugs. Risk Analysis, 8(1):147-155, 1988.
22. S. Leonard, H. Otani, and M. Wogalter. Comprehension and memory. Warnings and risk communication, pages 149-187, 1999.
23. D. Liu, F. Asgharpour, and L. Camp. Risk Communication in Security Using Mental Models. Usable Security, 7, 2008.
24. J. McKechnie. Webster's new universal unabridged dictionary. Dorset & Baber, 1983.
25. M. Morgan. Risk communication: A mental models approach. Cambridge University Press, 2002.
26. S. Motiee, K. Hawkey, and K. Beznosov. Do windows users follow the principle of least privilege? investigating user account control practices. In Proceedings of the 5th Symposium on Usable Privacy and Security (SOUPS), pages 1-13, New York, NY, USA, July 14-16 2010. ACM.
27. J. Nielsen. Card sorting to discover the users' model of the information space. http://www.useit.com/papers/sun/cardsort.html, 1995.
28. C. Nodder. Users and trust: A microsoft case study. Security and Usability, pages 589-606, 2005.
29. D. A. Norman. Cognitive Engineering. Lawrence Erlbaum Associates, Hillsdale, NJ, 1986.
30. Up-to-date coverage and product reviews of firewall software. http://www.pcmag.com/, 2010.
31. Comodo firewall is a superb security program. http://www.pcworld.com/ article/188008l, 2010.
32. Popular in firewalls. http://www.pcworld.com/downloads/file/fid,63762- order,4/description.html, 2010.
33. F. Raja, K. Hawkey, and K. Beznosov. Revealing hidden context: improving mental models of personal firewall users. In SOUPS '09: Proceedings of the 5th Symposium on Usable Privacy and Security, pages 1-12, New York, NY, USA, 2009. ACM.
34. F. Raja, K. Hawkey, P. Jaferian, K. Beznosov, and K. S. Booth. It's Too Complicated, So I Turned It Off! Expectations, Perceptions, and Misconceptions of Personal Firewalls. In Proceedings of the 3rd ACM Workshop on Assurable & Usable Security Configuration (SafeConfig), October 4 2010.
35. C. Ronnfeldt. Three generations of environment and security research. Journal of Peace Research, 34(4):473-482, 1997. (Pubitemid 127345296)
36. S. E. Schechter, R. Dhamija, A. Ozment, and I. Fischer. The emperor's new security indicators. In Proceedings of the 2007 IEEE Symposium on Security and Privacy, pages 51-65, Washington, DC, USA, 2007. IEEE Computer Society.
37. A. Sotirakopoulos, K. Hawkey, and K. Beznosov. "I did it because I trusted you": Challenges with the Study Environment Biasing Participant Behaviours. In SOUPS Usable Security Experiment Reports (USER) Workshop, 2010.
38. W. Stephenson. The study of behavior: Q-technique and its methodology. University of Chicago Press, 1953.
39. D. W. Stewart and I. M. Martin. Intended and unintended consequences of warning messages: A review and synthesis of empirical research. Journal of Public Policy and Marketing, 13(1):1-19, 1994.
40. J. Stoll, C. S. Tashman, W. K. Edwards, and K. Spafford. Sesame: informing user security decisions with system visualization. In CHI '08: Proceeding of the Twenty-Sixth Annual SIGCHI Conference on Human factors in Computing Systems, pages 1045-1054, New York, NY, USA, 2008. ACM.
41. J. Sunshine, S. Egelman, H. Almuhimedi, N. Atri, and L. F. Cranor. Crying Wolf: An empirical study of SSL warning effectiveness. In Proceedings of 18th USENIX Security Symposium, pages 399-432, 2009.
42. TopTenReviews: 2010 personal firewall software review product comparisons. http://personal-firewall-software-review.toptenreviews.com/, 2010.
43. R. Wash. Folk models of home computer security. In Proceedings of the Sixth Symposium on Usable Privacy and Security, SOUPS '10, pages 11:1-11:16, New York, NY, USA, 2010. ACM.
44. Explore the features: Windows security center. http://www.microsoft.com/ windows/windows-vista/features/security-center.aspx, 2010.
45. M. Wogalter, V. Conzola, and T. Smith-Jackson. Research-based guidelines for warning design and evaluation. Applied Ergonomics, 33(3):219-230, 2002. (Pubitemid 34626543)
46. J. S. Wolff and M. S. Wogalter. Comprehension of pictorial symbols: Effects of context and test method. Human Factors: The Journal of the Human Factors and Ergonomics Society, 40:173-186(14), 1998.
47. M. Wu, R. C. Miller, and S. L. Garfinkel. Do security toolbars actually prevent phishing attacks? In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems(CHI '06), pages 601-610, New York, NY, USA, 2006. ACM.
48. S. Young and D. Lovvoll. Intermediate processing stages: Methodological considerations for research on warnings. Warnings and risk communication, pages 27-52, 1999.
49. M. E. Zurko, C. Kaufman, K. Spanbauer, and C. Bassett. Did you ever have to make up your mind? what notes users do when faced with a security decision. In ACSAC '02: Proceedings of the 18th Annual Computer Security Applications Conference, pages 371-381, Washington, DC, USA, 2002. IEEE Computer Society.