Sesame: Informing user security decisions with system visualization

Abstract

Non-expert users face a dilemma when making security decisions. Their security often cannot be fully automated for them, yet they generally lack both the motivation and technical knowledge to make informed security decisions on their own. To help users with this dilemma, we present a novel security user interface called Sesame. Sesame uses a concrete, spatial extension of the desktop metaphor to provide users with the security-related, visualized systemlevel information they need to make more informed decisions. It also provides users with actionable controls to affect a system's security state. Sesame graphically facilitates users' comprehension in making these decisions, and in doing so helps to lower the bar for motivating them to participate in the security of their system. In a controlled study, users with Sesame were found to make fewer errors than a control group which suggests that our novel security interface is a viable alternative approach to helping users with their dilemma. Copyright 2008 ACM.