ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Sesame: informing user security decisions with system visualization
Full text FlvFlv (27:32),  PdfPdf (1.34 MB)
Source
Conference on Human Factors in Computing Systems archive
Proceeding of the twenty-sixth annual SIGCHI conference on Human factors in computing systems table of contents
Florence, Italy
SESSION: Am I Safe table of contents
Pages 1045-1054  
Year of Publication: 2008
ISBN:978-1-60558-011-1
Authors
Jennifer Stoll  Georgia Institute of Technology, Atlanta, GA, USA
Craig S. Tashman  Georgia Institute of Technology, Atlanta, GA, USA
W. Keith Edwards  Georgia Institute of Technology, Atlanta, GA, USA
Kyle Spafford  Georgia Institute of Technology, Atlanta, GA, USA
Sponsors
ACM: Association for Computing Machinery
SIGCHI: ACM Special Interest Group on Computer-Human Interaction
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 16,   Downloads (12 Months): 224,   Citation Count: 2
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1357054.1357217
What is a DOI?

ABSTRACT

Non-expert users face a dilemma when making security decisions. Their security often cannot be fully automated for them, yet they generally lack both the motivation and technical knowledge to make informed security decisions on their own. To help users with this dilemma, we present a novel security user interface called Sesame. Sesame uses a concrete, spatial extension of the desktop metaphor to provide users with the security-related, visualized system-level information they need to make more informed decisions. It also provides users with actionable controls to affect a system's security state. Sesame graphically facilitates users' comprehension in making these decisions, and in doing so helps to lower the bar for motivating them to participate in the security of their system. In a controlled study, users with Sesame were found to make fewer errors than a control group which suggests that our novel security interface is a viable alternative approach to helping users with their dilemma.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Gregory Conti , Kulsoom Abdullah , Julian Grizzard , John Stasko , John A. Copeland , Mustaque Ahamad , Henry L. Owen , Chris Lee, Countering Security Information Overload through Alert and Packet Visualization, IEEE Computer Graphics and Applications, v.26 n.2, p.60-70, March 2006  [doi>10.1109/MCG.2006.30]
2
Rachna Dhamija , J. D. Tygar, The battle against phishing: Dynamic Security Skins, Proceedings of the 2005 symposium on Usable privacy and security, p.77-88, July 06-08, 2005, Pittsburgh, Pennsylvania  [doi>10.1145/1073001.1073009]
3
Paul DiGioia , Paul Dourish, Social navigation as a model for usable security, Proceedings of the 2005 symposium on Usable privacy and security, p.101-108, July 06-08, 2005, Pittsburgh, Pennsylvania  [doi>10.1145/1073001.1073011]
4
Julie S. Downs , Mandy B. Holbrook , Lorrie Faith Cranor, Decision strategies and susceptibility to phishing, Proceedings of the second symposium on Usable privacy and security, July 12-14, 2006, Pittsburgh, Pennsylvania  [doi>10.1145/1143120.1143131]
 
5
Edwards, W. K., Shehan, E., Stoll, J. Security Automation Considered Harmful? NSPW (2007)
 
6
Flinn, S.A., Flock of Birds, Safely Staged. DIMACS Workshop on Usable Privacy & Security Software (2005).
 
7
Stefano Foresti , James Agutter , Yarden Livnat , Shaun Moon , Robert Erbacher, Visual Correlation of Network Alerts, IEEE Computer Graphics and Applications, v.26 n.2, p.48-59, March 2006  [doi>10.1109/MCG.2006.49]
 
8
Hutchins, E., Hollan, J., Norman, D. Direct Manipulation Interfaces. Human Computer Interaction, 1985. 1: p. 311--338.
 
9
Know Your Enemy: Tracking Botnets. Honeynet Project and Research Alliance. honeynet.org/papers/bots (2005).
 
10
Jakob Nielsen , Thomas K. Landauer, A mathematical model of the finding of usability problems, Proceedings of the INTERCHI '93 conference on Human factors in computing systems, p.206-213, May 1993, Amsterdam, The Netherlands
11
Sudhindra Shukla , Fiona Fui-Hoon Nah, Web browsing and spyware intrusion, Communications of the ACM, v.48 n.8, August 2005  [doi>10.1145/1076211.1076245]
12
D. K. Smetters , R. E. Grinter, Moving from the design of usable security technologies to the design of useful secure applications, Proceedings of the 2002 workshop on New security paradigms, September 23-26, 2002, Virginia Beach, Virginia  [doi>10.1145/844102.844117]
 
13
Spyware. NISCC Technical Note. National Infrastructure Security Coordination Centre. (2006).
 
14
Thorpe, S., Fize, D. & Marlot, C. (1996).Speed of processing in the human visual system. Nature, 381, 520--522.
 
15
Andy Walker, Absolute Beginner's Guide to Security, Spam, Spyware & Viruses (Absolute Beginner's Guide), Que Corp., Indianapolis, IN, 2005
 
16
Whalen, T., Inkpen, K. Techniques for Visual Feedback of Security State. DIMACS Workshop on Usable Privacy and Security Software (2004).
 
17
Whitten, A., Tygar, J. Safe Security Staging. CHI 2003 Workshop on Human-Computer Interaction and Security Systems (2003).
 
18
Whitten, A., Tygar, J., Why Johnny Can't Encrypt. Proc. of the 8th USENIX Security Symposium (1999).
19
Min Wu , Robert C. Miller , Greg Little, Web wallet: preventing phishing attacks by revealing user intentions, Proceedings of the second symposium on Usable privacy and security, July 12-14, 2006, Pittsburgh, Pennsylvania  [doi>10.1145/1143120.1143133]
20
Min Wu , Robert C. Miller , Simson L. Garfinkel, Do security toolbars actually prevent phishing attacks?, Proceedings of the SIGCHI conference on Human Factors in computing systems, April 22-27, 2006, Montréal, Québec, Canada  [doi>10.1145/1124772.1124863]
21
Ka-Ping Yee , Kragen Sitaker, Passpet: convenient password management and phishing protection, Proceedings of the second symposium on Usable privacy and security, July 12-14, 2006, Pittsburgh, Pennsylvania  [doi>10.1145/1143120.1143126]
 
22
www.sysinternals.com/Utilities/

CITED BY  2
Predrag Klasnja , Sunny Consolvo , Jaeyeon Jung , Benjamin M. Greenstein , Louis LeGrand , Pauline Powledge , David Wetherall, "When I am on Wi-Fi, I am fearless": privacy concerns & practices in eeryday Wi-Fi use, Proceedings of the 27th international conference on Human factors in computing systems, April 04-09, 2009, Boston, MA, USA
Fahimeh Raja , Kirstie Hawkey , Konstantin Beznosov, Revealing hidden context: improving mental models of personal firewall users, Proceedings of the 5th Symposium on Usable Privacy and Security, July 15-17, 2009, Mountain View, California

INDEX TERMS

Primary Classification:
  H. Information Systems
  H.5 INFORMATION INTERFACES AND PRESENTATION (I.7)
      H.5.2 User Interfaces (D.2.2, H.1.2, I.3.6)


General Terms:
Design, Security


Keywords:
security interface design, security usability, system visualization

Collaborative Colleagues:
Jennifer Stoll: colleagues
Craig S. Tashman: colleagues
W. Keith Edwards: colleagues
Kyle Spafford: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player