On Users' Mental Models of Security Controls

Channel:
Microsoft Research
Subscribers:
344,000
Published on ● Video Link: https://www.youtube.com/watch?v=cGS8sYRE_3w


Duration: 1:11:34
92 views
1

A mental model is 'an abstraction of systemΓÇÖs architecture and software structures that is simple enough for non-technical users to grasp. . . It provides an integrated package of knowledge that allows the user to predict what the system will do if certain commands are executed, to predict the state of the system after the commands have been executed, to plan methods for novel tasks, and to deal with odd error situations' (Card and Moran, 1986). Adequate mental models of security controls are critical for computer users in order to avoid dangerous errors. Yet, security controls and their interfaces are hard to design in a way that could help users in developing and maintaining adequate mental models. I will describe resent research at the Laboratory for Education and Research in Secure Systems Engineering (http://lersse.ece.ubc.ca), University of British Columbia. I will focus on those projects in which we either intentionally study users' mental models of security controls or end-up stumbling upon them (or their parts) by accident. Specifically, I will focus on the studies of Vista personal firewall, UAC prompt, and web authentication with OpenID. I will discuss our findings about the corresponding mental models and ideas for improving them.



Other Videos By Microsoft Research


2016-08-16Cloud Enabled Mobile Computing - An Introduction. Lecture 3 Location and Context
2016-08-16Cloud Enabled Mobile Computing - An Introduction. Lecture 1 Definitions and Technology
2016-08-16On the Fourier Spectrum of Symmetric Boolean Functions
2016-08-16Randomized Broadcast and Possible Connection to other Models
2016-08-16The Reconstruction Problem on the Tree
2016-08-16Information and Interactive Communication
2016-08-16The Impact of Visualization on Search and Discovery; ScienceCinema; Speech Processing Quaero
2016-08-16Interactive Illustrations; Delivering Interactive 3D Moleculars; Interactive Multimedia Publishing
2016-08-16Semantics of Innovation in Visualization; PivotViewer; Visualization of Ecological Data
2016-08-16Telling Stories in the Cloud; Communications from the Particle Frontier; Video Analytics
2016-08-16On Users' Mental Models of Security Controls
2016-08-16Why Don't Software Developers Use their Tools?
2016-08-16The Mathematics of Side-Channel Attacks
2016-08-16PyPy's Approach to Implementing Dynamic Languages Using a Tracing JIT Compiler
2016-08-16Fine-Grained Power Modeling for Smartphones Using System Call Tracing
2016-08-16Reputational Bargaining Under Knowledge of Rationality
2016-08-16We Will be Right With You: Managing Customers Expectations with Vague Promises and Cheap Talk
2016-08-16Information That Matters: Investigating Relevance of Entities in Social Media Networks
2016-08-16Efficient Bayesian Algorithmic Mechanism Design
2016-08-16Extreme Learning Machine: Learning Without Iterative Tuning
2016-08-16Extracting Knowledge from Networks: Rumors, Superstars, and Communities


Tags:
microsoft research