• Corpus ID: 10612865

The Challenges of Understanding Users' Security-related Knowledge, Behaviour, and Motivations

  title={The Challenges of Understanding Users' Security-related Knowledge, Behaviour, and Motivations},
  author={Sara Motiee and Kirstie Hawkey and Konstantin Beznosov},
In order to improve current security solutions or devise novel ones, it is important to understand users’ knowledge, behaviour, motivations and challenges in using a security solution. However, achieving this understanding is challenging because of the limitations of current research methodologies. We have been investigating the experiences of users with two practical implementations of the principle of least privilege (PLP) Windows Vista and Windows 7. PLP requires that users be granted the… 
3 Citations

The usability of truecrypt, or how i learned to stop whining and fix an interface

This experience shows that even simple, intuitive, and logically consistent modifications to complex interfaces have dramatic positive usability effects, and can be easily applied to different pieces of security software in order to reduce the impediment to uptake by novice users.

College Students, Network Security's Ignored End User

The research results indicate that just as organizations are increasingly requiring their members to undergo annual or semi-annual PC-base ethical and security awareness training, educational institutions may wish to consider emulating this for their staff, faculty and students.

User-friendly establishment of trust in distributed home automation networks

A security system for Home Automation called Trusted Domain is outlined that can establish and maintain cryptographically secure relationships between devices connected via IP-based networks and the Internet.



Do windows users follow the principle of least privilege?: investigating user account control practices

The motives, understanding, behaviour, and challenges users face when working with user accounts and the UAC are investigated and recommendations to improve the LUA and UAC approaches are offered.

Security user studies: methodologies and best practices

This workshop will bring together researchers and practitioners from the HCI and information security communities to explore methodological challenges and best practices for conducting security-related user studies.

A Framework for Reasoning About the Human in the Loop

This work proposes a framework for reasoning about the human in the loop that provides a systematic approach to identifying potential causes for human failure and can be used by system designers to identify problem areas before a system is built and proactively address deficiencies.

Do security toolbars actually prevent phishing attacks?

It is found that many subjects do not understand phishing attacks or realize how sophisticated such attacks can be, and security toolbars are found to be ineffective at preventingPhishing attacks.

"I did it because I trusted you" : Challenges with the Study Environment Biasing Participant Behaviours

We recently replicated and extended a 2009 study that investigated the effectiveness of SSL warnings. Our experimental design aimed to mitigate some of the limitations of that prior study, including

Gathering evidence: use of visual security cues in web browsers

It is demonstrated that while the lock icon is commonly viewed, its interactive capability is essentially ignored, and that people stop looking for security information after they have signed into a site.

The protection of information in computer systems

This tutorial paper explores the mechanics of protecting computer-stored information from unauthorized use or modification by examining in depth the principles of modern protection architectures and the relation between capability systems and access control list systems.

Power strips, prophylactics, and privacy, oh my!

Investigating whether the availability of comparison information about the privacy practices of online merchants affects users' behavior suggests that when privacy policy comparison information is readily available, individuals may be willing to seek out more privacy friendly web sites and perhaps even pay a premium for privacy depending on the nature of the items to be purchased.

Applying the principle of least privilege to user accounts on Windows XP

  • Microsoft TechNet Library,
  • 2006