Error Analysis of a Security-Oriented User Interface

User interfaces form a critical juncture between humans and computers. When the interface fails, the user fails, and the mission is lost. For example, in computer security applications, human-made configuration errors can expose entire systems to various forms of attack. To avoid interaction failures, a dependable user interface must facilitate user-task completion as quickly and as accurately as possible. Defects in the interface cause user errors (e.g., goal, plan, action and perception errors), that impinge on accuracy goals, and can lead to mission failure. This paper explores the causes of goal errors, asking what aspects of a user interface contribute to or detract from a user’s propensity to commit goal errors. A design principle (anchor-based subgoaling) was formulated for avoiding goal errors. Implementing this principle requires presenting the user with a salient representation, or anchor, of the goal state, and providing a framework to facilitate a user’s creation and pursuit of subgoals to complete a task. Two interfaces for setting user file permissions were tested: Windows XP and an alternative. The alternative supported anchor-based subgoaling, and Windows did not. Experiments with 24 human subjects demonstrated the increased effectiveness of the alternative interface, obtaining as much as a four-fold increase in accuracy in a representative user task, and a 94% reduction in the number of goal-error occurrences.

[1]  John W. Senders,et al.  Human Error: Cause, Prediction, and Reduction , 1991 .

[2]  Roy H. Campbell,et al.  Access control for Active Spaces , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[3]  James A. Landay,et al.  Personal privacy through understanding and action: five pitfalls for designers , 2004, Personal and Ubiquitous Computing.

[4]  Lorrie Faith Cranor,et al.  User interfaces for privacy agents , 2006, TCHI.

[5]  Michael D. Harrison,et al.  THEA: A Technique for Human Error Assessment Early in Design , 2001, INTERACT.

[6]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[7]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[8]  Mary Ellen Zurko,et al.  A user-centered, modular authorization service built on an RBAC foundation , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[9]  Colin Potts,et al.  Design of Everyday Things , 1988 .

[10]  Scott A. Shappell,et al.  A HUMAN ERROR APPROACH TO AVIATION ACCIDENT ANALYSIS , 2003 .

[11]  Nathaniel Good,et al.  Usability and privacy: a study of Kazaa P2P file-sharing , 2003, CHI '03.

[12]  K. A. Ericsson,et al.  Protocol Analysis: Verbal Reports as Data , 1984 .

[13]  J. D. Tygar,et al.  Safe Staging for Computer Security , 2003 .

[14]  James Reason,et al.  Human Error , 1990 .

[15]  Prasun Dewan,et al.  Controlling access in multiuser interfaces , 1998, TCHI.

[16]  Budi Arief,et al.  Computer security impaired by legitimate users , 2004, Comput. Secur..

[17]  Mary Ellen Zurko,et al.  User-centered security , 1996, NSPW '96.

[18]  Dirk Balfanz Usable access control for the World Wide Web , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[19]  Steve Howard,et al.  Human-Computer Interaction INTERACT ’97 , 1997, IFIP — The International Federation for Information Processing.

[20]  Ka-Ping Yee,et al.  User Interaction Design for Secure Systems , 2002, ICICS.

[21]  Barry Kirwan,et al.  A Guide to Practical Human Reliability Assessment , 1994 .

[22]  Greg Ganger,et al.  A Prototype User Interface for Coarse-Grained Desktop Access Control (CMU-CS-03-200) , 2003 .

[23]  V. Rich Personal communication , 1989, Nature.