07-21-11
A Brick Wall, a Locked Door, and a Bandit: Promoting A Physical Security Metaphor For Firewall Warnings (Paper 1)
“A Brick Wall” aims to design firewall warnings that will accurately communicate risk to users.
The authors designed graphical warnings using a physical security mental-model of a person trying to gain access to a secured door in a brick wall surrounding the users computer room. The user is presented with a security dialog with a color-coded title bar, a short text description of the reason for the warning, the graphical security cartoon illustrating the risk, and a series of actions (allow, deny, etc.) to take depicted by padlocks being opened or remaining secure.
The security cartoon varies based on the severity of the warning:
- The most severe warning for known-malicious access features a red title bar and depicts a robber approaching the door carrying a knife and a bag labeled “data.”
- The modest warning for unknown access features a yellow title bar and depicts a grey human-silhouette approaching the door.
- The safe warning for identified-safe access features a green title bar and depicts a friendly figure approaching the door.
A study was conducted to compare the effectiveness of graphical warnings with text warnings from the Comodo Personal Firewall in conveying risk associated with a given warning. Graphical warnings increased subjects understanding of the protection offered by the firewall over the text-only warnings and increased subjects assessment of risk. Two-thirds of subjects preferred the graphical warnings. The remaining third of the subjects that preferred textual warnings correlated strongly with increased technical capability and held that opinion for interesting reasons (more professional, graphical looks childish).
Read the full paper at http://cups.cs.cmu.edu/soups/2011/proceedings/a1_Raja.pdf
PHOTOGRAPHY
RECENT
- Two new CUPS studies on online behavioral advertising
- Why Johnny Can’t Opt Out: A Usability Evaluation of Tools to Limit Online Behavioral Advertising
- I Know Where You Live: Analyzing Privacy Protection in Public Databases
- Indirect Content Privacy Surveys: Measuring Privacy Without Asking About It (paper 15)
- Home is safer than the cloud! Privacy concerns for consumer cloud storage (Paper 13)
- Privacy: Is There An App For That? (Paper 12)
- ROAuth: Recommendation Based Open Authorization (Paper 11)