research-article

OTO: online trust oracle for user-centric trust establishment

Authors:

Tiffany Hyun-Jin Kim,

Emmanuel Owusu,

Debin GaoAuthors Info & Claims

CCS '12: Proceedings of the 2012 ACM conference on Computer and communications security

Pages 391 - 403

https://doi.org/10.1145/2382196.2382239

Published: 16 October 2012 Publication History

Abstract

Malware continues to thrive on the Internet. Besides automated mechanisms for detecting malware, we provide users with trust evidence information to enable them to make informed trust decisions. To scope the problem, we study the challenge of assisting users with judging the trustworthiness of software downloaded from the Internet.

Through expert elicitation, we deduce indicators for trust evidence, then analyze these indicators with respect to scalability and robustness. We design OTO, a system for communicating these trust evidence indicators to users, and we demonstrate through a user study the effectiveness of OTO, even with respect to IE's SmartScreen Filter (SSF). The results from the between-subjects experiment with 58 participants confirm that the OTO interface helps people make correct trust decisions compared to the SSF interface regardless of their security knowledge, education level, occupation, age, or gender.

References

[1]

Microsoft Security Intelligence Report. http://download.microsoft.com/download/0/3/3/0331766E-3FC4-44E5-B1CA-2BDEB58211B8/Microsoft_Security_Intelligence_Report_volume_11_English.pdf, 2011.

[2]

Sophos Security Threat Report 2011. http://www.sophos.com/sophos/docs/eng/papers/sophos-security-threat-report-2011-wpna.pdf, 2011.

[3]

Sophos Security Threat Report 2012. http://www.sophos.com/medialibrary/PDFs/other/SophosSecurityThreatReport2012.pdf, 2012.

[4]

This Is Watson. phIBM Journals of Research and Development, May/Jul 2012.

[5]

P. Ayyavu and C. Jensen. Integrating User Feedback with Heuristic Security and Privacy Management Systems. In Proceedings of Proceedings of the annual SIGCHI conference on Human factors in computing systems, 2011.

Digital Library

[6]

C. Bravo-Lillo, L. F. Cranor, J. S. Downs, and S. Komanduri. Bridging the Gap in Computer Security Warnings. IEEE Security and Privacy, 2011.

Digital Library

[7]

J. C. Brustoloni and R. Villamarin-Salomon. Improving Security Decisions with Polymorphic and Audited Dialogs. In Proceedings of Symposium on Usable Privacy and Security (SOUPS), 2007.

Digital Library

[8]

R. Dhamija, J. Tygar, and M. Hearst. Why Phishing Works. In Proceedings of the annual SIGCHI conference on Human factors in computing systems, 2006.

Digital Library

[9]

J. S. Downs, M. B. Holbrook, and L. F. Cranor. Decision Strategies and Susceptibility to Phishing. In Proceedings of Symposium on Usable Privacy and Security (SOUPS), 2006.

Digital Library

[10]

S. Egelman. Trust Me: Design Patterns for Constructing Trustworthy Trust Indicators. PhD thesis, Carnegie Mellon University, 2009.

Digital Library

[11]

S. Egelman, L. F. Cranor, and J. Hong. You've been warned: an empirical study of the effectiveness of web browser phishing warnings. In Proceedings of the 26th annual SIGCHI conference on Human factors in computing systems, 2008.

Digital Library

[12]

B. Fogg, C. Soohoo, D. R. Danielson, L. Marable, J. Stanford, and E. R. Tauber. How Do Users Evaluate the Credibility of Web Sites? A Study with Over 2,500 Participants. In Proceedings of the Conference on Designing for User Experiences (DUX), 2003.

Digital Library

[13]

C. Kuo. Reduction of End User Errors in the Design of Scalable, Secure Communication. PhD thesis, Carnegie Mellon University, 2008.

Digital Library

[14]

S. Motiee. Towards Supporting Users in Assessing the Risk in Privilege Elevation. Master's thesis, The University of British Columbia, 2011.

[15]

P. O'Kane, S. Sezer, and K. McLaughlin. Obfuscation: The Hidden Malware. IEEE Security & Privacy Magazine, Sept. 2011.

Digital Library

[16]

J. Schwarz and M. R. Morris. Augmenting web pages and search results to help people find trustworthy information online. In Proceedings of the annual SIGCHI conference on Human factors in computing systems, 2011.

Digital Library

[17]

J. Sunshine, S. Egelman, H. Almuhimedi, N. Atri, and L. F. Cranor. Crying wolf: an empirical study of ssl warning effectiveness. In Proceedings of the 18th conference on USENIX security symposium, 2009.

Digital Library

[18]

A. Vishwanath, T. Herath, R. Chen, J. Wang, and H. R. Rao. Why do people get phished? Testing individual differences in phishing vulnerability within an integrated, information processing model. Decision Support Systems, 2011.

Digital Library

[19]

R. Wash. Folk Models of Home Computer Security. In Proceedings of the Symposium on Usable Privacy and Security (SOUPS), 2010.

Digital Library

[20]

M. S. Wogalter. Handbook of Warnings, chapter Communication-Human Information Processing (C-HIP) Model, pages 51--61. Lawrence Erlbaum Associates, 2006.

Cited By

Das SKim TDabbish LHong J(2014)The effect of social influence on security sensitivityProceedings of the Tenth USENIX Conference on Usable Privacy and Security10.5555/3235838.3235851(143-157)Online publication date: 9-Jul-2014
https://dl.acm.org/doi/10.5555/3235838.3235851
Almuhimedi HFelt AReeder RConsolvo S(2014)Your reputation precedes youProceedings of the Tenth USENIX Conference on Usable Privacy and Security10.5555/3235838.3235848(113-128)Online publication date: 9-Jul-2014
https://dl.acm.org/doi/10.5555/3235838.3235848
Gates CChen JLi NProctor R(2014)Effective Risk Communication for Android AppsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2013.5811:3(252-265)Online publication date: 1-May-2014
https://dl.acm.org/doi/10.1109/TDSC.2013.58
Show More Cited By

Index Terms

OTO: online trust oracle for user-centric trust establishment

Recommendations

A Social-Feedback Enriched Interface for Software Download

Software downloading over the Internet is a major solution for publishers to deliver their software products. In this context, user interfaces for software downloading must be designed carefully. They should provide usable interactions and support users ...
Perceptual antecedents of user attitude in electronic commerce

This paper examines three cognitive antecedents of Web user attitude toward a commercial website -- perceived informativeness, perceived entertainment, and perceived irritation. We tested the theoretical relationships between the three cognitive ...
Evaluating user interface design with belief constructs
HICSS '95: Proceedings of the 28th Hawaii International Conference on System Sciences

The perceived usefulness and perceived ease of use constructs have received widespread recent attention as predictors of the user acceptance of information technologies. In this study, the perceived usefulness and perceived ease of use of user ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '12: Proceedings of the 2012 ACM conference on Computer and communications security

October 2012

1088 pages

ISBN:9781450316514

DOI:10.1145/2382196

General Chair:
Ting Yu
North Carolina State University, USA
,
Program Chairs:
George Danezis
Microsoft Research Cambridge, UK
,
Virgil Gligor
Carnegie Mellon University, USA

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 16 October 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'12

Sponsor:

SIGSAC

CCS'12: the ACM Conference on Computer and Communications Security

October 16 - 18, 2012

North Carolina, Raleigh, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
572
Total Downloads

Downloads (Last 12 months)20
Downloads (Last 6 weeks)1

Reflects downloads up to 21 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Das SKim TDabbish LHong J(2014)The effect of social influence on security sensitivityProceedings of the Tenth USENIX Conference on Usable Privacy and Security10.5555/3235838.3235851(143-157)Online publication date: 9-Jul-2014
https://dl.acm.org/doi/10.5555/3235838.3235851
Almuhimedi HFelt AReeder RConsolvo S(2014)Your reputation precedes youProceedings of the Tenth USENIX Conference on Usable Privacy and Security10.5555/3235838.3235848(113-128)Online publication date: 9-Jul-2014
https://dl.acm.org/doi/10.5555/3235838.3235848
Gates CChen JLi NProctor R(2014)Effective Risk Communication for Android AppsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2013.5811:3(252-265)Online publication date: 1-May-2014
https://dl.acm.org/doi/10.1109/TDSC.2013.58
Liu GYang QWang HLin XWittie M(2014)Assessment of multi-hop interpersonal trust in social networks by Three-Valued Subjective LogicIEEE INFOCOM 2014 - IEEE Conference on Computer Communications10.1109/INFOCOM.2014.6848107(1698-1706)Online publication date: Apr-2014
https://doi.org/10.1109/INFOCOM.2014.6848107

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents