Eighth International Conference on Information and Communications Security (ICICS '06)

Keynote Talk by Lorrie Faith Cranor (December 5, 2006)

Inexplicable Indicators and Puzzling Pop-ups: Security Software From an End User Perspective

Lorrie Faith Cranor
Carnegie Mellon University


Security-related software often features graphical indicators to warn or inform users, or to remind them to take security-related actions. The lock icon in popular web browsers and symbols provided by anti-phishing toolbars are familiar examples of security indicators. But a growing body of literature has found the effectiveness of many of these indicators to be disappointing. Users don't notice indicators, misinterpret their meaning, or willfully ignore them. An alternative approach, pop-ups that require user action, is also problematic. Users find pop-ups annoying, and they often don't understand what they mean or what they are supposed to do when they see them. Questions asked in pop-ups and security software configuration interfaces often pose dilemmas to users who don't understand them. Usability problems not only frustrate users, but they also reduce the effectiveness of security software and add to the vulnerabilities that can be exploited by attackers. In this talk I will discuss common usability problems associated with security software and some approaches to building more usable security software.


Lorrie Faith Cranor (http://lorrie.cranor.org/) is an associate research professor in the School of Computer Science at Carnegie Mellon University in Pittsburgh, Pennsylvania. She is a faculty member in the Institute for Software Research, the Engineering and Public Policy department, and the Human Computer Interaction Institute. She is director of the CMU Usable Privacy and Security Laboratory (CUPS). She came to CMU in 2003 after seven years at AT&T Labs-Research. Dr. Cranor has played a key role in building the usable privacy and security research community. She co-edited the seminal book Security and Usability (O'Reilly 2005), and founded the Symposium On Usable Privacy and Security (SOUPS). Dr. Cranor's research has focused on a variety of areas where technology and policy issues interact. She has developed privacy enhancing technologies and studied privacy regulation and self-regulation. She lead the development of the Platform for Privacy Preferences Project (P3P) Specification at the World Wide Web Consortium and wrote the book Web Privacy with P3P (O'Reilly 2002). She currently directs a project that is studying the human aspects of phishing attacks and other semantic attacks. In 2003 she was named one of the top 100 innovators 35 or younger by Technology Review magazine. She enjoys spending time with her three adorable children and creating award-winning quilts.

©2006 Peng Ning . All rights reserved.