Abstract
The IT industry’s need to distinguish new products with new looks, new experiences, and new user interface designs is bad for cybersecurity. It robs users of the chance to transfer previously acquired security-relevant knowledge to new products and leaves them with a poor mental model of security.
Starting from a comparison with physical safety, we explore and sketch a method to help users develop a useful mental model of security in cybersystems. A beneficial side-effect of our methodology is that it makes precise what security requirements the user expects the system to fulfill. This can be used to formally verify the system’s compliance with the user’s expectation.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
A new symbol is introduced in iOS 11 for the state in which the Bluetooth or Wi-Fi service is off. Unless the respective service is off to begin with, this state cannot be reached from within Control Center in iOS 11.
- 2.
Signs indicating the location of fire equipment are depicted on red rectangles.
References
Aonzo, S., Merlo, A., Tavella, G., Fratantonio, Y.: Phishing attacks on modern android. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, Toronto, ON, Canada, 15–19 October 2018, pp. 1788–1801. ACM (2018)
Apple Inc. iPhone User Guide, 2017. https://help.apple.com/iphone/10. Accessed 30 Dec 2019
Apple Inc. iPhone User Guide 2018. https://help.apple.com/iphone/11. Accessed 30 Dec 2019
Combéfis, S., Pecheur, C.: A bisimulation-based approach to the analysis of human-computer interaction. In: ACM SIGCHI Symposium on Engineering Interactive Computing Systems, pp. 101–110 (2009)
Houser, A.M.: Mental models for cybersecurity: a formal methods approach. PhD thesis, Department of Industrial and Systems Engineering, University at Buffalo, State University of New York (2018)
Jensen, C.: 50 Years ago, ‘Unsafe at Any Speed’ shook the auto world. The New York Times, 27 November 2015. Section B, p. 3. https://www.nytimes.com/2015/11/27/automobiles/50-years-ago-unsafe-at-any-speed-shook-the-auto-world.html. Accessed 30 Dec 2019
Jones, N.A., Ross, H., Lynam, T., Perez, P., Leitch, A.: Mental models: an interdisciplinary synthesis of theory and methods. Ecol. Soc. 16(1), 46 (2011)
Mashaw, J.L., Harfst, D.L.: The Struggle for Auto Safety. Harvard University Press (1990)
Wash, R., Rader, E.J.: Influencing mental models of security: a research agenda. In: 2011 New Security Paradigms Workshop, NSPW 2011, Marin County, CA, USA, 12–15 September 2011, pp. 57–66 (2011)
Yan, Y., et al.: Understanding and detecting overlay-based android malware at market scales. In: Proceedings of the 17th Annual International Conference on Mobile Systems, Applications, and Services, MobiSys 2019, Seoul, Republic of Korea, 17–21 June 2019, pp. 168–179. ACM (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Radomirović, S. (2020). Shaping Our Mental Model of Security. In: Anderson, J., Stajano, F., Christianson, B., Matyáš, V. (eds) Security Protocols XXVII. Security Protocols 2019. Lecture Notes in Computer Science(), vol 12287. Springer, Cham. https://doi.org/10.1007/978-3-030-57043-9_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-57043-9_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-57042-2
Online ISBN: 978-3-030-57043-9
eBook Packages: Computer ScienceComputer Science (R0)