7/29/2019 09 Prompts

1/10

DesigningSecPrompts

CS155,Spring2013

Slides,courtesyofRobReeder,MicrosoUsableSecurityTeam

7/29/2019 09 Prompts

2/10

Users are faced with a lot of challengingrelated decisions

7/29/2019 09 Prompts

3/10

An example problem: IE6 mixed con

How should the uthis decision? No

steps for user to

Yes, the possibly lesssafe option, is the default

7/29/2019 09 Prompts

4/10

Better

Even better: load the safe content, and use thgold bar to enable the rest

7/29/2019 09 Prompts

5/10

Guidelines Philosophy:

Doestheuserhaveuniqueknowledgethesystemdoesnt? Dontinvolveuserifyoudonthaveto Ifyouinvolvetheuser,enablethemtomaketherightdecision

MakesureyoursecuritydialogsareNEAT: Necessary:Canthesystemtakeaconwithouttheuser?

Iftheuserhasnouniqueknowledge,redesignsy Explained:seenextslides Ac0onable:CanusersmakegooddecisionswithyourUIinbo

maliciousandbenignsituaons?

Tested:Testyourdialogonafewpeoplewhohaventusedtsystembefore--bothmaliciousandbenignsituaon

7/29/2019 09 Prompts

6/10

Example1:badexplanao

Most users will not understand revocation inform

Choices are unclear, consequence is unclear.

IE6 CRL check failure notification

7/29/2019 09 Prompts

7/10

Better explanation

Source

Risk

Choices

Process

7/29/2019 09 Prompts

8/10

Example 2: bad explanation

Attacker can abuse explanation causing bad user

Used by Conficker spread through USB drives.

AutoPlay dialog in Vista

7/29/2019 09 Prompts

9/10

A better design

Windows 7 AutoPlay removed the auto-run option

7/29/2019 09 Prompts

10/10

THEEND