POSTER: On the Usability of Secure GUIs

Atanas Filyanov, Aysegül Nas, Melanie Volkamer, Marcel Winandy

9th Symposium on Usable Privacy and Security (SOUPS 2013), Newcastle, UK, July 24-26, 2013.


Abstract

We use commodity computing platforms for many tasks, including entering or editing sensitive data on them. Unfortunately, the graphical user interfaces (GUI) running on these devices are not designed to provide a secure means of ensuring users that they are interacting with the authentic application and not with some fake one. Secure GUIs have been proposed as a solution to this problem. Most of the secure GUI proposals include a reserved area on the screen that is used to display information about which application is currently having the input/output focus of the user and what type of security or trustworthiness this application has. While existing Secure GUI proposals provide strong security guarantees from a technical point of view, none of them has been evaluated with respect to the effective protection for the average users. With our research we try to shed light in this situation. We study two different approaches to display the reserved area as trusted status bar. We ran a lab test with 26 participants, separated them into two groups (one having the trusted status bar on top of the screen, and one having the bar on bottom). They were asked to perform a number of tasks which included to enter sensitive information only into a dedicated application. Our results show that the status bar, independent from being displayed at the top or the bottom of the screen, enables participants to select the proper application in two of three cases. However, our results also show that further research is necessary.

[Extended Abstract] [Poster]

tags: Poster, Secure GUI, Usability, Usable Security, User Study