Founded in 1966

Improving Security Decisions with Polymorphic and Audited Dialogs

Dr. JosÉ Brustoloni (CS/Pitt)

Tuesday, September 18th, 2007
12 pm - SENSQ 5317

Free pizza and refreshments will be provided to attendees starting at 11:45 am

Abstract

User studies show that users will often provide false answers to security dialogs if necessary to get an application to perform actions users want. Why users would behave in such a counter-productive manner is a puzzling and poorly understood problem in usable security.

I model this behavior according to operant conditioning theory. The user learns behaviors (user answers) that cause rewarding consequences (system actions the user wants). The user also associates antecedents (fixed security dialog prompts) to the behaviors that bring about those rewarding consequences. Reinforced by the latter, the user's behavior becomes habitual. Dialog prompts automatically trigger rewarding but possibly false user answers.

This talk discusses two novel user interface techniques, polymorphic dialogs and audited dialogs, inspired by this operant conditioning model. The new interfaces attempt to improve user behavior by manipulating the behavior's antecedents and consequences, respectively.
Polymorphic dialogs deliberately vary the form of user input, so as to avoid triggering users' habitual answers. On the other hand, audited dialogs send user answers and their context to auditors, who may impose various penalties, such as suspension, fines, or required training, if they find a user's answers unjustified.

We applied these new techniques to the problem of whether to allow a user to open a potentially infected email attachment. Email attachments are a primary transmission vector for computer viruses and other malware. Anti-virus software is ineffective against recent or targeted viruses; consequently, users should open an attachment only when it is a justifiable risk (e.g., user knows sender and was expecting the attachment from her).

In user studies, we found that most users open attachments with unjustified risks, and we verified that polymorphic and audited dialogs significantly reduce user acceptance of these risks. This improvement is not due to indiscriminate risk aversion: in the user studies, there was negligible impact on acceptance of justified risks.

(Joint work with Ricardo Villamarin-Salomon.)

Biography of Speaker

José Carlos Brustoloni obtained his Ph.D. degree in Computer Science from Carnegie Mellon University, after getting an M.S. degree in Electrical Engineering from University of São Paulo, Brazil, and a B.E.
degree in Electronics Engineering from Instituto Tecnológico de Aeronáutica, Brazil. José joined the University of Pittsburgh's faculty in August of 2002. Previously, he was a researcher at Bell Laboratories, Lucent Technologies. His research interests include usable security, trusted computing, network security, computer networks, and operating systems.

 

You are using an older browser that does not support current Web standards. Although this site is viewable in all browsers, it will look much better in a browser that supports Web standards.