| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | September 5, 2012 |
| Latest Amendment Date: | September 5, 2012 |
| Award Number: | 1251432 |
| Award Instrument: | Standard Grant |
| Program Manager: |
Ralph Wachter
rwachter@nsf.gov (703)292-8950 CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | September 1, 2012 |
| End Date: | February 29, 2016 (Estimated) |
| Total Intended Award Amount: | $148,825.00 |
| Total Awarded Amount to Date: | $148,825.00 |
| Funds Obligated to Date: |
|
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
1601 VATTIER STREET MANHATTAN KS US 66506-2504 (785)532-6804 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
2 Fairchild Hall Manhattan KS US 66506-1103 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | Special Projects - CNS |
| Primary Program Source: |
|
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
Security is very difficult to use, and staying safe online is a growing challenge for everyone. It is especially devastating to inexperienced computer users, who may not spot risk indicators and may misinterpret currently implemented textual explanations and visual feedback of risk. This work explores, evaluates, and compares the effectiveness of several online safety education modules for users of various skill levels and the importance and effectiveness of visual feedback when encountering security threats. This interdisciplinary work, with psychologists and computer scientists playing crucial roles, is developing and testing specific user feedback strategies to determine their relative effectiveness in keeping users from making security-critical mistakes, and unambiguously informing users when security failures have occurred. This research is a vital step to determine what works, what does not work, and to get users to pay attention to important risk signals that may otherwise go unnoticed.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
Security is very difficult to use, and staying safe online is a growing challenge for everyone. It is especially devastating to inexperienced computer users, who may not spot risk indicators and may misinterpret currently implemented textual explanations and visual feedback of risk. In this interdisciplinary work involving psychologists and computer scientists, we explored, evaluated, and compared the effectiveness of several methods to make SSL/TLS browser warning pages more usable, informative, and effective in keeping users safe. We focused on users of low computer literacy levels and attempted to minimize information presented in a textual way, maximizing visual feedback.
We found that users consistently made security-critical mistakes, and discovered several general strategies to prevent them, but more interestingly, discovered the ineffectiveness of some other methods of visual risk cueing, suggesting the need to rethink the way we present cybersecurity risk information to users. By using a calibrated visual data set of attention-grabbing and anxiety-provoking images, we found that users are paying attention to browser warnings, that users' risk awareness is heightened, and yet these things do not contribute to significant behavioral changes -- users still make unsafe choices. This suggests that previous hypotheses that warnings need to be more attention-grabbing or informative are not correct or at least incomplete, and a different approach is needed -- neither browser makers nor researchers have a sufficient understanding of abstract, online risk communication to produce effective warnings -- yet.
Nevertheless, we did discover some strategies which are more effective than others in preventing unsafe behavior, including safe-by-default choices made by the browser on the user's behalf (but which can be overridden by the user) as well as multi-modal feedback, utilizing text, graphics, video, and even audio simultaneously. More study is needed to determine which portions of the multi-modal warnings are most effective, and more importantly why.
Last Modified: 05/30/2016
Modified by: Eugene Y Vasserman
Please report errors in award information by writing to: awardsearch@nsf.gov.
