|
 ABSTRACT
The Windows Vista personal firewall provides its diverse users with a basic interface that hides many operational details. However, concealing the impact of network context on the security state of the firewall may result in users developing an incorrect mental model of the protection provided by the firewall. We present a study of participants' mental models of Vista Firewall (VF). We investigated changes to those mental models and their understanding of the firewall's settings after working with both the VF basic interface and our prototype. Our prototype was designed to support development of a more contextually complete mental model through inclusion of network location and connection information. We found that participants produced richer mental models after using the prototype than when working with the VF basic interface; they were also significantly more accurate in their understanding of the configuration of the firewall. Based on our results, we discuss methods of improving user understanding of underlying system states by revealing hidden context, while considering the tension between complexity of the interface and security of the system.
REFERENCES
Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.
| |
1
|
P. Arjmandi, R. Boeck, F. Raja, and G. Viswanathan. Usability of Vista firewall: A labratory user study. EECE412 course project at the University of British Columbia, 2007.
|
| |
2
|
A. Chebium, P. Jaferian, N. Kaviani, and F. Raja. Usability analysis of Vista firewall. CSCP544 course project at the University of British Columbia, 2008.
|
| |
3
|
|
| |
4
|
S. Chiasson, P. C. van Oorschot, and R. Biddle. Even experts deserve usable security: Design guidelines for security management systems. In SOUPS Workshop on Usable IT Security Management (USM), pages 1--4, Pittsburgh, PA, July 2007.
|
 |
5
|
|
| |
6
|
L. F. Cranor. Designing a privacy preference specification interface: A case study. In Proceedings of the Workshop on Human-Computer Interaction and Security Systems, page 4 pages, 2003.
|
| |
7
|
|
| |
8
|
Rogério de Paula , Xianghua Ding , Paul Dourish , Kari Nies , Ben Pillet , David Redmiles , Jie Ren , Jennifer Rode , Roberto Silva Filho, Two experiences designing for effective security, Proceedings of the 2005 symposium on Usable privacy and security, p.25-34, July 06-08, 2005, Pittsburgh, Pennsylvania
[doi> 10.1145/1073001.1073004]
|
| |
9
|
|
| |
10
|
|
| |
11
|
W. Geng, S. Flinn, and J. DeDourek. Usable firewall configuration. In PST '05: Proceedings of the 3rd Annual Conference on Privacy, Security and Trust, page 11 pages, 2005.
|
| |
12
|
A. Herzog and N. Shahmehri. Usability and security of personal firewalls. New Approaches for Security, Privacy and Trust in Complex Environments, pages 37--48, 2007.
|
| |
13
|
|
| |
14
|
S. Hohn. Bringing the user back into control: A new paradigm for usability in highly dynamic systems. Lecture notes in computer science, pages 114--122, 2006.
|
| |
15
|
P. Jaferian. Usability study of Windows Vista's firewall. EECE512 course project at the University of British Columbia, 2008.
|
| |
16
|
J. Johnston, J. H. P. Eloffa, and L. Labuschagneb. Security and human computer interfaces. Computers and Security, 22:675--684, 2003.
|
| |
17
|
D. Jonassen and Y. H. Cho. Understanding Models for Learning and Instruction, chapter Externalizing Mental Models with Mindtools, pages 145--159. Springer US, 2008.
|
| |
18
|
|
| |
19
|
Predrag Klasnja , Sunny Consolvo , Jaeyeon Jung , Benjamin M. Greenstein , Louis LeGrand , Pauline Powledge , David Wetherall, "When I am on Wi-Fi, I am fearless": privacy concerns & practices in eeryday Wi-Fi use, Proceedings of the 27th international conference on Human factors in computing systems, April 04-09, 2009, Boston, MA, USA
[doi> 10.1145/1518701.1519004]
|
| |
20
|
|
| |
21
|
Joanna McGrenere , Ronald M. Baecker , Kellogg S. Booth, An evaluation of a multiple interface design solution for bloated software, Proceedings of the SIGCHI conference on Human factors in computing systems: Changing our world, changing ourselves, April 20-25, 2002, Minneapolis, Minnesota, USA
[doi> 10.1145/503376.503406]
|
| |
22
|
Microsoft. Windows Vista Help: Choosing a network location.
|
| |
23
|
Microsoft. Windows Vista Help: What is a firewall.
|
| |
24
|
Microsoft. Microsoft's annual revenue reaches $60 billion. http://www.microsoft.com, 2008.
|
| |
25
|
Microsoft. Windows firewall with advanced security - content roadmap. http://technet.microsoft.com, 2008.
|
| |
26
|
Robert W. Reeder , Lujo Bauer , Lorrie Faith Cranor , Michael K. Reiter , Kelli Bacon , Keisha How , Heather Strong, Expandable grids for visualizing and authoring computer security policies, Proceeding of the twenty-sixth annual SIGCHI conference on Human factors in computing systems, April 05-10, 2008, Florence, Italy
[doi> 10.1145/1357054.1357285]
|
| |
27
|
Jennifer Rode , Carolina Johansson , Paul DiGioia , Roberto Silva Filho , Kari Nies , David H. Nguyen , Jie Ren , Paul Dourish , David Redmiles, Seeing further: extending visualization as a basis for usable security, Proceedings of the second symposium on Usable privacy and security, July 12-14, 2006, Pittsburgh, Pennsylvania
[doi> 10.1145/1143120.1143138]
|
| |
28
|
|
| |
29
|
|
| |
30
|
M. Tungare and M. Pérez-Quinones. Thinking outside the (beige) box: Personal information management beyond the desktop. In Proceedings of the 3rd Invitational Workshop on Personal Information Management, page 8 pages, 2008.
|
| |
31
|
|
| |
32
|
A. Whitten and J. Tygar. Safe staging for computer security. In the Workshop on Human-Computer Interaction and security Systems, page 4 pages, Ft. Lauderdale, FL, 2003.
|
| |
33
|
A. Wool. The use and usability of direction based filtering in firewalls. Computers and Security, 37:459--468, 2004.
|
| |
34
|
|
| |
35
|
|
|
Adobe Acrobat
QuickTime
Windows Media Player
Real Player
Pdf
H.5