Rational Interfaces for Effective Security Software: Polite Interaction Guidelines for Secondary Tasks

  • Gisela Susanne Bahr
  • William H. Allen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8009)


States of the science and practice agree on the failure of security application to engage end users in the assurance of security and privacy in everyday personal computing. We propose as the cause an underlying irrational interface model of security related applications. Irrational Interfaces are counterproductive because they minimize the intended software utility and pay-off. In the case of security interactions, utility is minimized by the assumption of security primacy and the alienation of end user from the decision making process through disruptive messaging and disengaging content. Therefore effective security dialogues must be based on a rational interaction model. We present a small set of simple guidelines based on cognitive psychological research for polite interactions that appropriately optimize user engagement during tasks that users perceive as secondary. The guidelines for secure applications that politely interact with the end user are supported by a pay-off matrix that can be used to predict and evaluate rational secure interface performance. The rational, polite interface is a radical paradigm shift for security applications’ design because it integrates end users as active stakeholders and resources in the assurance of security and privacy.


Secondary Task Security Application Security Messaging Rational Interface Polite Interaction 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Norman, D.: When security gets in the way. ACM Interactions (11/12), 60–63 (2009)Google Scholar
  2. 2.
    Lampson, B.: Usable security: how to get it. Communications of the ACM 52(11), 25–27 (2009)CrossRefGoogle Scholar
  3. 3.
    Bahr, G.S., Ford, R.A.: How and why pop-ups don’t work: Pop-up prompted eye movements, user affect and decision making. Computers in Human Behavior 27, 776–783 (2011)CrossRefGoogle Scholar
  4. 4.
    Conti, G., Sobiesk, E.: Malicious Interface Design: Exploiting the User. In: Proceedings of the International World Wide Web Conference, WWW (April 2010)Google Scholar
  5. 5.
    Gross, J.B., Rosson, M.B.: Looking for Trouble: Understanding End-User Security Management. In: Proceedings of the Symposium on Computer-Human Interaction for Management of Information Technology, CHIMIT (March 2007)Google Scholar
  6. 6.
    Gross, J.B., Rosson, M.B.: End User Concern about Security and Privacy Threats. In: Proceedings of the Symposium On Usable Privacy and Security, SOUPS (July 2007)Google Scholar
  7. 7.
    Stoll, J., Tashman, C.S., Edwards, W.K., Spafford, K.: Sesame: informing user security decisions with system visualization. In: Proceedings of the Conference on Human Factors in Computing Systems, SIGCHI (April 2008)Google Scholar
  8. 8.
    Brustoloni, J.C., Villamarín-Salomón, R.: Improving Security Decisions with Polymorphic and Audited Dialogs. In: Proceedings of the Symposium On Usable Privacy and Security, SOUPS (July 2007)Google Scholar
  9. 9.
    de Keukelaere, F., Yoshihama, S., Trent, S., Zhang, Y., Luo, L., Zurko, M.E.: Adaptive Security Dialogs for Improved Security Behavior of Users. In: Proceedings of the 12th IFIP TC 13 International Conference on Human-Computer Interaction: Part I, INTERACT (August 2009)Google Scholar
  10. 10.
    Dell Anti-Malware & Virus Management, How it works (link was active November 2012),
  11. 11.
    Shi, P., Xu, H., Zhang, X.: Informing Security Indicator Design in Web Browsers. In: Proceedings of the iConference (February 2011)Google Scholar
  12. 12.
    Sobey, J., Biddle, R., van Oorschot, P.C., Patrick, A.S.: Exploring user reactions to new browser cues for extended validation certificates. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 411–427. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  13. 13.
    Stebila, D.: Reinforcing bad behaviour the misuse of security indicators on popular websites. In: Proceedings of the Conference of the Computer-Human Interaction Special Interest Group of Australia on Computer-Human Interaction, OZCHI (2010)Google Scholar
  14. 14.
    Damasio, A.: Descartes’ Error: Emotion, Reason, and the Human Brain. Putnam Publishing (1994)Google Scholar
  15. 15.
    Stroop, R.: Studies of Interference in Serial Verbal Reactions. Journal of Experimental Psychology 18, 643–662 (1935)CrossRefGoogle Scholar
  16. 16.
    Whitworth, B.: Polite Computing: Software that respects the user. Presented at: Etiquette for Human Computer Work, North Falmouth, Ma, November 15-17. AAAI Fall Symposia Series (2002)Google Scholar
  17. 17.
    Arrington, C.M., Logan, G.D.: The cost of a voluntary task switch. Psychological Science 15, 610–615 (2004)CrossRefGoogle Scholar
  18. 18.
    Monsell, S.: Task switching. Trends in Cognitive Sciences 7, 134–140 (2003)CrossRefGoogle Scholar
  19. 19.
    Salvucci, D.D., Bogunovich, P.: Multitasking and monotasking: the effects of mental workload on deferred task interruptions. In: Proceedings of the 28th International Conference on Human Factors in Computing Systems (CHI 2010), pp. 85–88. ACM, New York (2010)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Gisela Susanne Bahr
    • 1
  • William H. Allen
    • 2
  1. 1.PsychologyFlorida Institute of TechnologyMelbourneUSA
  2. 2.Computer SciencesFlorida Institute of TechnologyMelbourneUSA

Personalised recommendations