Founded in 1966

Ph.D. Proposal

IMPROVING END-USERS' SECURITY BEHAVIOR

Ricardo Villamarin-Salomon (CS Grad/Pitt)

Tuesday, December 16, 2008
9:00am - SENSQ 6106 - Eli Lilly Room

Abstract

End users frequently behave insecurely. For example, they often consider security warnings as obstacles for completing their work and either ignore or try to circumvent such warnings. Moreover, when a security warning is presented repeatedly and, among other reasons, the risk of the warned threat does not materialize (false positive) or its importance is perceived as low, users start to automatically dismiss warnings. With the generalized use of the Internet today, making a wrong security decision can have severe negative consequences such as financial losses, unintended release of private information or in-ability to operate normally in everyday activities. On the contrary, when users behave securely they usually do not receive tangible rewards that are common for completing production tasks. In order to correct this situation, it is paramount to devise effective measures that increase the likelihood of users' rejection of unjustified security risks and acceptance of those risks that are reasonably necessary to complete work tasks.

The purpose of this research is twofold. First, we aim to study users' behavior when con-fronted with dialogs that warn them of security risks. For this, we will conduct usability studies to observe such behaviors while users perform activities that involve security risks. Second, we plan to suggest measures for (1) increasing the effectiveness of security dialogs presented to the user, and (2) improving users' secure behaviors. We will perform further usability studies to evaluate the effects of implementing these measures and will assess whether significant improvements are observed.

Dissertation Adviser

Dr. José Brustoloni, Department of Computer Science

Committee Members

Dr. Rebecca Hwa, Department of Computer Science
Dr. Adam Lee, Department of Computer Science
Dr. Liz Marai, Department of Computer Science
Dr. James Joshi, School of Information Sciences

You are using an older browser that does not support current Web standards. Although this site is viewable in all browsers, it will look much better in a browser that supports Web standards.