Enabling Trustworthy Users

  • L. Jean Camp | Indiana University

It is often said that the user is the weakest link in any secure system. Such arguments overstate the level of communication provided to users. Coordinating the user response with the risk profile appropriate to current activities and context can enable superior digital self-defense. Such coordination requires neither full transparency (with complete technical details) nor opaque, vague, decontextualized warnings.

I propose, in contrast, translucent security which informs individuals of the risk state of their virtual context, and teams with the individual to create the appropriate security posture.

Translucent security approaches users as individuals making complex risk decisions. Instead of a plethora of add-ins, add-ons, and an ever expanding vocabulary of attacks and defense, translucent security offers a single narrative with a consistent metaphor about the risk context, and a path to risk mitigation. These narratives are embedded in messages that (1) leverage mental models to describe the risks; (2) describe particular risks to which a user may be exposed; and (3) contain risk-mitigating information close in time to the risk decision itself.

In this talk I provide both the theoretical underpinning and specific examples where informing the user about the likely context using appropriate warnings changes user behavior. I propose other communications, and critique the current state of the art.

Speaker Details

Professor L. Jean Camp’s core contributions are within the intersection of human behavior and computer security. Professor Camp is the author of “Trust and Risk in Internet Commerce” (MIT Press), “Economics of Identity Theft” (Springer) and the editor of “Economics of Information Security” (Kluwer Academic). She has authored one hundred thirty additional works, with scores of invited presentations on six continents.

    • Portrait of Jeff Running

      Jeff Running

Series: Microsoft Research Talks