Building Website Certificate Mental Models

  • Milica StojmenovićEmail author
  • Temitayo Oyelowo
  • Alisa Tkaczyk
  • Robert Biddle
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10809)


Expert security users make safer online decisions. However, average users do not have mental models for browser security and web certificates. Thus, they may make unsafe decisions online, putting their sensitive information at risk. Users can learn about browser security and their mental models can be developed using information visualization. We introduce an interactive interface designed for building mental models of web certificates for the average user, through visualization and interaction. This model was implemented to facilitate learning with a Mental Model Builder (MMB). The interface underwent a cognitive walkthrough usability inspection to evaluate the learnability and efficacy of the program. We found that there were unique and useful elements to our visualization of browser certificates. Thus, a 2nd generation interface was created and user-tested. Results show that it was successful in building mental models, and users made safer decisions about trusting websites.


Online security Website identity Mental model builder Persuasive interaction Usable security 


  1. 1.
    Asgharpour, F., Liu, D., Camp, L.J.: Mental models of security risks. In: Dietrich, S., Dhamija, R. (eds.) FC 2007. LNCS, vol. 4886, pp. 367–377. Springer, Heidelberg (2007). Scholar
  2. 2.
    Bravo-Lillo, C., Cranor, L.F., Downs, J., Komanduri, S.: Bridging the gap in computer security warnings: a mental model approach. IEEE Secur. Privacy Mag. 9(2), 18–26 (2011)CrossRefGoogle Scholar
  3. 3.
    Biddle, R., Sobey, J., Whalen, T., Oorschot P.V., Patrick, A.: Browser interfaces and extended validation SSL certificates: an empirical study. In: Proceedings of ACM Workshop on Cloud Computing Security (2009)Google Scholar
  4. 4.
    Fogg, B.J.: Persuasive Technology: Using Computers to Change What We Think and Do. Morgan Kaufmann, Burlington (2002)Google Scholar
  5. 5.
    Forget, A., Chiasson, S., van Oorschot, P.C., Biddle, R.: Persuasion for stronger passwords: motivation and pilot study. In: Oinas-Kukkonen, H., Hasle, P., Harjumaa, M., Segerståhl, K., Øhrstrøm, P. (eds.) PERSUASIVE 2008. LNCS, vol. 5033, pp. 140–150. Springer, Heidelberg (2008). Scholar
  6. 6.
    Jaspers, M.W.: A comparison of usability methods for testing interactive health technologies: methodological aspects and empirical evidence. Int. J. Med. Inf. 78(5), 340–353 (2009)CrossRefGoogle Scholar
  7. 7.
    Liu, Z., Stasko, J.T.: Mental models, visual reasoning and interaction in information visualization: a top-down perspective. IEEE Trans. Vis. Comput. Graph. 16(6), 999–1008 (2010)CrossRefGoogle Scholar
  8. 8.
    Felt, A.P., Reeder, R.W., Ainslie, A., Harris, H., Walker, M., et al.: Rethinking connection security indicators. In: SOUPS, pp. 1–14 (2016)Google Scholar
  9. 9.
    Schechter, S.E., Dhamija, R., Ozment, A., Fischer, I.: The emperor’s new security indicators. In: Proceedings of IEEE Symposium on Security and Privacy, pp. 51–65. IEEE Computer Society, Washington, D.C. (2007)Google Scholar
  10. 10.
    Sheng, S., Magnien, B., Kumaraguru, P., Acquisti, A., Cranor, L.F., et al.: Anti-phishing phil: the design and evaluation of a game that teaches people not to fall for phish. In: Proceedings of SOUPS, NY, USA, pp. 88–99 (2007)Google Scholar
  11. 11.
    Sinreich, D., Gopher, D., Ben-Barak, S., Marmor, Y., Lahat, R.: Mental models as a practical tool in the engineer’s toolbox. Int. J. Prod. Res. 43(14), 2977–2996 (2005)CrossRefGoogle Scholar
  12. 12.
    Sobey, J., Biddle, R., van Oorschot, P.C., Patrick, A.S.: Exploring user reactions to new browser cues for extended validation certificates. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 411–427. Springer, Heidelberg (2008). Scholar
  13. 13.
    Wharton, C., Rieman, J., Lewis, C., Polson, P.: The cognitive walkthrough method: a practitioner’s guide. In: Usability Inspection Methods, pp. 105–140. Wiley, Hoboken (1994)Google Scholar
  14. 14.
    Zhang-Kennedy, L., Chiasson, S., Biddle, R.: Stop clicking on “update later”: persuading users they need up-to-date antivirus protection. In: Spagnolli, A., Chittaro, L., Gamberini, L. (eds.) PERSUASIVE 2014. LNCS, vol. 8462, pp. 302–322. Springer, Cham (2014). Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Carleton UniversityOttawaCanada

Personalised recommendations