Mental Models – General Introduction and Review of Their Application to Human-Centred Security

  • Melanie Volkamer
  • Karen Renaud
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8260)


The human-centred security research area came into being about fifteen years ago, as more and more people started owning their own computers, and it became clear that there was a need for more focus on the non-specialist computer user. The primary attitude fifteen years ago, in terms of how these new users were concerned, was one of exasperation and paternalism. The term “stupid user” was often heard, often muttered sotto voce by an IT specialist dealing with the aftermath of a security incident. A great deal of research has been published in this area, and after pursuing some unfruitful avenues a number of eminent researchers have started to focus on the end-user’s perceptions and understandings. This has come from a realisation that end users are not the opponents, but rather allies in the battle against those carrying out nefarious activities. The most promising research direction currently appears to be to focus on mental models, a concept borrowed from the respected and long-standing field of Psychology and, in particular, cognitive science. The hope is that if we understand the end-user and his/her comprehension of security better, we will be able to design security solutions and interactions more effectively. In this paper we review the research undertaken in this area so far, highlight the limitations thereof, and suggest directions for future research.


Mental Model Risk Communication General Introduction Security Mechanism Secure Connection 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Adams, A., Sasse, M.A.: Users are not the enemy. Communications of the ACM 42(12), 40–46 (1999)CrossRefGoogle Scholar
  2. 2.
    Anderson, L., Krathwohl, D., Airasian, P., Cruikshank, K., Mayer, R., Pintrich, P., Raths, J., Wittrock, M.: A taxonomy for learning, teaching, and assessing. In: Anderson, L., Krathwohl, D. (eds.) A Revision of Bloom’s Taxonomy of Educational Objectives, Complete Edition, pp. 212–218. Longman (2001)Google Scholar
  3. 3.
    Appelt, W., Hinrichs, E., Woetzel, G.: Effectiveness and efficiency: the need for tailorable user interfaces on the web. Computer Networks and ISDN Systems 30(1), 499–508 (1998)CrossRefGoogle Scholar
  4. 4.
    Asgharpour, F., Liu, D., Camp, L.J.: Mental models of security risks. In: Dietrich, S., Dhamija, R. (eds.) FC 2007 and USEC 2007. LNCS, vol. 4886, pp. 367–377. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  5. 5.
    Asgharpour, F., Liu, D., Camp, L.J.: Mental models of computer security risks. In: WEIS: Workshop on the Economics of Information Security, Carnegie Mellon University, June 7-8 (2007)Google Scholar
  6. 6.
    Aytes, K., Connolly, T.: Computer security and risky computing practices: A rational choice perspective. Journal of Organizational and End User Computing (JOEUC) 16(3), 22–40 (2004)CrossRefGoogle Scholar
  7. 7.
    Bain, K.: What the best college teachers do. Harvard University Press (2011)Google Scholar
  8. 8.
    Bang, M., Medin, D.L., Atran, S.: Cultural mosaics and mental models of nature. Proceedings of the National Academy of Sciences 104(35), 13868–13874 (2007)CrossRefGoogle Scholar
  9. 9.
    Bartsch, S., Model, M.: Effectively communicate risks for diverse users: A mental-models approach for individualized security interventions. In: Informatik Jahrestagung (to appear)Google Scholar
  10. 10.
    Bartsch, S., Volkamer, M., Theuerling, H., Karayumak, F.: Contextualized web warnings, and how they cause distrust. In: 6th International Conference on Trust & Trustworthy Computing, London, United Kingdom, June 17-19, pp. 205–222 (2013)Google Scholar
  11. 11.
    Bates, M.J.: The design of browsing and berrypicking techniques for the online search interface. Online Information Review 13(5), 407–424 (1989)CrossRefGoogle Scholar
  12. 12.
    Benenson, Z., Gassmann, F., Reinfelder, L.: Android and iOS users’ differences concerning security and privacy. In: CHI 2013 Extended Abstracts on Human Factors in Computing Systems, CHI EA 2013, pp. 817–822. ACM, New York (2013)CrossRefGoogle Scholar
  13. 13.
    Blythe, J., Camp, L.J.: Implementing mental models. In: IEEE Symposium on Security and Privacy Workshops, pp. 86–90. IEEE Computer Society (2012)Google Scholar
  14. 14.
    Borgatti, S.P., Everett, M.G., Freeman, L.C.: UCINET for Windows: Software for social network analysis. Analytic Technologies, Harvard (2002)Google Scholar
  15. 15.
    Bostrom, A., Fischhoff, B., Morgan, M.G.: Characterizing mental models of hazardous processes: A methodology and an application to radon. Journal of Social Issues 48(4), 85–100 (1992)CrossRefGoogle Scholar
  16. 16.
    Bravo-Lillo, C., Cranor, L.F., Downs, J.S., Komanduri, S.: Bridging the gap in computer security warnings: A mental model approach. Security & Privacy 9(2), 18–26 (2011)CrossRefGoogle Scholar
  17. 17.
    Buchmann, M.: Teaching knowledge: The lights that teachers live by. Oxford Review of Education 13(2), 151–164 (1987)CrossRefGoogle Scholar
  18. 18.
    Burgess, D.C., Burgess, M.A., Leask, J.: The mmr vaccination and autism controversy in united kingdom 1998–2005: Inevitable community outrage or a failure of risk communication? Vaccine 24(18), 3921–3928 (2006)CrossRefGoogle Scholar
  19. 19.
    Camp, L.J.: Mental models of privacy and security. IEEE Technology and Society Magazine 28(3), 37–46 (2006)CrossRefGoogle Scholar
  20. 20.
    Carley, K., Palmquist, M.: Extracting, representing, and analyzing mental models. Social Forces 70(3), 601–636 (1992)Google Scholar
  21. 21.
    Castelfranchi, C., Falcone, R.: Trust is much more than subjective probability: Mental components and sources of trust. In: Proceedings of the 33rd Annual Hawaii International Conference on System Sciences 2000, p. 10. IEEE (2000)Google Scholar
  22. 22.
    Cegarra-Navarro, J.-G., Eldridge, S., Gamo Sánchez, A.L.: How an unlearning context can help managers overcome the negative effects of counter-knowledge. Journal of Management & Organization 18(2), 231–246 (2012)CrossRefGoogle Scholar
  23. 23.
    Chapman, J.A., Ferfolja, T.: Fatal flaws: the acquisition of imperfect mental models and their use in hazardous situations. Journal of Intellectual Capital 2(4), 398–409 (2001)CrossRefGoogle Scholar
  24. 24.
    Chiasson, S., van Oorschot, P.C., Biddle, R.: A usability study and critique of two password managers. In: Proceedings of the 15th Conference on USENIX Security Symposium, USENIX-SS 2006, vol. 15. USENIX Association, Berkeley (2006)Google Scholar
  25. 25.
    Clegg, S.R.: Ten propositions concerning security, terrorism and business. Global Business and Economics Review 10(2), 184–196 (2008)CrossRefGoogle Scholar
  26. 26.
    Conrad, D.: Building knowledge through portfolio learning in prior learning assessment and recognition. Quarterly Review of Distance Education 9(2), 139–150 (2008)MathSciNetGoogle Scholar
  27. 27.
    Converse, S.A., Cannon-Bowers, J.A., Salas, E.: Team member shared mental models: A theory and some methodological issues. In: Proceedings of the Human Factors and Ergonomics Society Annual Meeting, vol. 35, pp. 1417–1421. SAGE Publications (1991)Google Scholar
  28. 28.
    Craik, K.J.W.: The nature of explanation. Cambridge University Press (1967)Google Scholar
  29. 29.
    Dagher, Z.R.: Review of studies on the effectiveness of instructional analogies in science education. Science Education 79(3), 295–312 (1995)CrossRefGoogle Scholar
  30. 30.
    d’Andrade, R.G.: The development of cognitive anthropology. Cambridge University Press (1995)Google Scholar
  31. 31.
    Dekker, S., Hollnagel, E.: Human factors and folk models. Cognition, Technology & Work 6(2), 79–86 (2004)CrossRefGoogle Scholar
  32. 32.
    Diesner, J., Carley, K.M.: Automap1.2 - extract, analyze, represent, and compare mental models from texts. Technical report, CMU (2004)Google Scholar
  33. 33.
    Diesner, J., Kumaraguru, P., Carley, K.M.: Mental models of data privacy and security extracted from interviews with Indians. In: 55th Annual Conference of the International Communication Association (ICA), New York, May 26-30 (2005)Google Scholar
  34. 34.
    Donker, H., Klante, P., Gorny, P.: The design of auditory user interfaces for blind users. In: Proceedings of the Second Nordic Conference on Human-Computer Interaction, pp. 149–156. ACM (2002)Google Scholar
  35. 35.
    Dörner, D.: On the difficulties people have in dealing with complexity. Simulation & Gaming 11(1), 87–106 (1980)CrossRefGoogle Scholar
  36. 36.
    Dourish, P., Delgado De La Flor, J., Joseph, M.: Security as a practical problem: Some preliminary observations of everyday mental models. In: Proceedings of CHI 2003 Workshop on HCI and Security Systems, Fort Lauderdale, Florida, April 5-10 (2003)Google Scholar
  37. 37.
    Dourish, P., Grinter, R.E., De La Flor, J.D., Joseph, M.: Security in the wild: user strategies for managing security as an everyday, practical problem. Personal and Ubiquitous Computing 8(6), 391–401 (2004)CrossRefGoogle Scholar
  38. 38.
    Dunning, D., Johnson, K., Ehrlinger, J., Kruger, J.: Why people fail to recognize their own incompetence. Current Directions in Psychological Science 12(3), 83–87 (2003)CrossRefGoogle Scholar
  39. 39.
    Easterbrook, J.A.: The effect of emotion on cue utilization and the organization of behavior. Psychological Review 66(3), 183 (1959)CrossRefGoogle Scholar
  40. 40.
    Edwards, W.K., Poole, E.S., Stoll, J.: Security automation considered harmful? In: Proceedings of the 2007 Workshop on New Security Paradigms, pp. 33–42. ACM (2008)Google Scholar
  41. 41.
    Felt, A.P., Ha, E., Egelman, S., Haney, A., Chin, E., Wagner, D.: Android permissions: user attention, comprehension, and behavior. In: Proceedings of the Eighth Symposium on Usable Privacy and Security, SOUPS 2012, pp. 3:1–3:14. ACM, New York (2012)Google Scholar
  42. 42.
    Fikes, R.E., Nilsson, N.J.: Strips: a new approach to the application of theorem proving to problem solving. In: Proceedings of the 2nd International Joint Conference on Artificial Intelligence, IJCAI 1971, pp. 608–620. Morgan Kaufmann Publishers Inc., San Francisco (1971)Google Scholar
  43. 43.
    Fischhoff, B.: Risk perception and communication unplugged: Twenty years of process1. Risk Analysis 15(2), 137–145 (1995)CrossRefGoogle Scholar
  44. 44.
    Fischhoff, B., Bostrom, A., Quadrel, M.J.: Risk perception and communication. Annual Review of Public Health 14(1), 183–203 (1993)CrossRefGoogle Scholar
  45. 45.
    Friedman, B., Hurley, D., Howe, D.C., Felten, E., Nissenbaum, H.: Users’ conceptions of web security: A comparative study. In: CHI 2002 Extended Abstracts on Human factors in Computing Systems, pp. 746–747. ACM (2002)Google Scholar
  46. 46.
    Furman, S.M., Theofanos, M.F., Choong, Y.-Y., Stanton, B.: Basing cybersecurity training on user perceptions. IEEE Security & Privacy 10(2), 40–49 (2012)CrossRefGoogle Scholar
  47. 47.
    Furnell, S., Bryant, P., Phippen, A.D.: Assessing the security perceptions of personal internet users. Computers & Security 26(5), 410–417 (2007)CrossRefGoogle Scholar
  48. 48.
    Gentner, D., Stevens, A.L.: Mental models. Lawrence Erlbaum, Hillsdale (1983)Google Scholar
  49. 49.
    Greenhalgh, T., Helman, C., Chowdhury, A.M.: Health beliefs and folk models of diabetes in british bangladeshis: a qualitative study. BMJ: British Medical Journal 316(7136), 978 (1998)CrossRefGoogle Scholar
  50. 50.
    Gross, J.B., Rosson, M.B.: End user concern about security and privacy threats. In: Cranor, L.F. (ed.) SOUPS. ACM International Conference Proceeding Series, vol. 229, pp. 167–168. ACM (2007)Google Scholar
  51. 51.
    Gross, J.B., Rosson, M.B.: Looking for trouble: understanding end-user security management. In: Proceedings of the 2007 Symposium on Computer Human interaction For the Management of information Technology, p. 10. ACM (2007)Google Scholar
  52. 52.
    Gupta, S., Bostrom, R.P.: Theoretical model for investigating the impact of knowledge portals on different levels of knowledge processing. International Journal of knowledge and Learning 1(4), 287–304 (2005)CrossRefGoogle Scholar
  53. 53.
    Harris, M., Furnell, S.: Routes to security compliance: be good or be shamed? Computer Fraud & Security (12), 12–20 (2012)Google Scholar
  54. 54.
    Helm, R., Mark, A.: Implications from cue utilisation theory and signalling theory for firm reputation and the marketing of new products. International Journal of Product Development 4(3), 396–411 (2007)CrossRefGoogle Scholar
  55. 55.
    Helman, C.G.: “feed a cold, starve a fever” folk models of infection in an english suburban community, and their relation to medical treatment. Culture, Medicine and Psychiatry 2(2), 107–137 (1978)CrossRefGoogle Scholar
  56. 56.
    Hsu, Y.: The effects of metaphors on novice and expert learners performance and mental-model development. Interacting with Computers 18(4), 770–792 (2006)CrossRefGoogle Scholar
  57. 57.
    Johnson-Laird, P.N.: Mental models: Towards a cognitive science of language, inference, and consciousness, vol. 6. Harvard University Press (1983)Google Scholar
  58. 58.
    Johnson-Laird, P.N.: Mental models and thought. In: Holyoak, K.J., Morrison, R.G. (eds.) The Cambridge Handbook of Thinking and Reasoning, pp. 185–208. Cambridge University Press (2005)Google Scholar
  59. 59.
    Jones, N.A., Ross, H., Lynam, T., Perez, P., Leitch, A.: Mental models: an interdisciplinary synthesis of theory and methods. Ecology and Society 16(1), 46 (2011)Google Scholar
  60. 60.
    Karayumak, F., Kauer, M., Olembo, M.M., Volk, T., Volkamer, M.: User study of the improved Helios voting system interface. In: 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST), pp. 37–44. IEEE Digital Library (2011)Google Scholar
  61. 61.
  62. 62.
    Kauer, M., Günther, S., Storck, D., Volkamer, M.: A comparison of American and German folk models of home computer security. In: Marinos, L., Askoxylakis, I. (eds.) HAS 2013. LNCS, vol. 8030, pp. 100–109. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  63. 63.
    Kauer, M., Kiesel, F., Ueberschaer, F., Volkamer, M., Bruder, R.: The influence of trustworthiness of website layout on security perception of websites. In: Current Issues in IT Security 2012, May 7-11, vol. (18), pp. 215–220. Duncker & Humblot (2012); 5th MPICC Interdisciplinary Conference on Current Issues in IT Security, Freiburg i Breisgau, GermanyGoogle Scholar
  64. 64.
    Kelley, P.G., Consolvo, S., Cranor, L.F., Jung, J., Sadeh, N., Wetherall, D.: A conundrum of permissions: installing applications on an android smartphone. In: Proceedings of the 16th International Conference on Financial Cryptography and Data Security, FC 2012, pp. 68–79. Springer, Heidelberg (2012)Google Scholar
  65. 65.
    Kempton, W.: Variation in folk models and consequent behavior. In: American Behavioral Scientist; American Behavioral Scientist (1987)Google Scholar
  66. 66.
    Khaslavsky, J.: Integrating culture into interface design. In: Cconference Summary on Human Factors in Computing Systems, CHI 1998, pp. 365–366. ACM, New York (1998)CrossRefGoogle Scholar
  67. 67.
    Kindberg, T., Sellen, A., Geelhoed, E.: Security and trust in mobile interactions: A study of users perceptions and reasoning. In: Mynatt, E.D., Siio, I. (eds.) UbiComp 2004. LNCS, vol. 3205, pp. 196–213. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  68. 68.
    King, J.: How come I’m allowing strangers to go through my phone? - Smartphones and privacy expectations (2013),
  69. 69.
    Klimoski, R., Mohammed, S.: Team mental model: Construct or metaphor? Journal of Management 20(2), 403–437 (1994)Google Scholar
  70. 70.
    Kozma, R.B.: Will media influence learning? Reframing the debate. Educational Technology Research and Development 42(2), 7–19 (1994)MathSciNetCrossRefGoogle Scholar
  71. 71.
    Kruger, J.: Lake wobegon be gone! the “below-average effect” and the egocentric nature of comparative ability judgments. Journal of Personality and Social Psychology 77(2), 221 (1999)MathSciNetCrossRefGoogle Scholar
  72. 72.
    Kumaraguru, P., Cranor, L.F., Newton, E.: Privacy perceptions in India and the United States: An interview study. In: In The 33rd Research Conference on Communication, Information and Internet Policy (TPRC) (September 2005)Google Scholar
  73. 73.
    Langan-Fox, J., Code, S., Langfield-Smith, K.: Team mental models: Techniques, methods, and analytic approaches. Human Factors: The Journal of the Human Factors and Ergonomics Society 42(2), 242–271 (2000)CrossRefGoogle Scholar
  74. 74.
    Lin, J., Amini, S., Hong, J.I., Sadeh, N., Lindqvist, J., Zhang, J.: Expectation and purpose: understanding users’ mental models of mobile app privacy through crowdsourcing. In: Proceedings of the 2012 ACM Conference on Ubiquitous Computing, UbiComp 2012, pp. 501–510. ACM, New York (2012)CrossRefGoogle Scholar
  75. 75.
    Littman, D.C., Pinto, J., Letovsky, S., Soloway, E.: Mental models and software maintenance. Journal of Systems and Software 7(4), 341–355 (1987)CrossRefGoogle Scholar
  76. 76.
    Liu, D., Asgharpour, F., Camp, L.: Risk communication in security using mental models (2008), Usable Security Website:
  77. 77.
    Morey, D., Frangioso, T.: Aligning an organization for learning-the six principles of effective learning. Journal of Knowledge Management 1(4), 308–314 (1997)CrossRefGoogle Scholar
  78. 78.
    Muslukhov, I., Boshmaf, Y., Kuo, C., Lester, J., Beznosov, K.: Understanding users’ requirements for data protection in smartphones. In: 2012 IEEE 28th International Conference on Data Engineering Workshops (ICDEW), pp. 228–235. IEEE (2012)Google Scholar
  79. 79.
    Nemire, K.: Case study: The wrong mental model can kill you. In: Proceedings of the Human Factors and Ergonomics Society Annual Meeting, vol. 51, pp. 554–558. Sage Publications (2007)Google Scholar
  80. 80.
    Norman, D.: Some observations on mental models. In: Gentner, D., Stevens, A. (eds.) Mental Models. Erlbaum, Hillsdale (1983)Google Scholar
  81. 81.
    Olembo, M.M., Bartsch, S., Volkamer, M.: Mental models of verifiability in voting. In: Heather, J., Schneider, S., Teague, V. (eds.) Vote-ID 2013. LNCS, vol. 7985, pp. 142–155. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  82. 82.
    Orgill, G.L., Romney, G.W., Bailey, M.G., Orgill, P.M.: The urgency for effective user privacy-education to counter social engineering attacks on secure computer systems. In: Proceedings of the 5th Conference on Information Technology Education, pp. 177–181. ACM (2004)Google Scholar
  83. 83.
    Payne, S.J.: A descriptive study of mental models. Behaviour & Information Technology 10(1), 3–21 (1991)CrossRefGoogle Scholar
  84. 84.
    Pfeffer, J.: Changing mental models: HR’s most important task. Human Resource Management 44(2), 123–128 (2005)CrossRefGoogle Scholar
  85. 85.
    Raja, F., Hawkey, K., Hsu, S., Wang, K.-L., Beznosov, K.: Promoting a physical security mental model for personal firewall warnings. In: CHI 2011 Extended Abstracts on Human Factors in Computing Systems, CHI EA 2011, pp. 1585–1590. ACM, New York (2011)Google Scholar
  86. 86.
    Raja, F., Hawkey, K., Jaferian, P., Beznosov, K., Booth, K.S.: It’s too complicated, so I turned it off! Expectations, perceptions, and misconceptions of personal firewalls. In: Proceedings of the 3rd ACM Workshop on Assurable and Usable Security Configuration, pp. 53–62. ACM (2010)Google Scholar
  87. 87.
    Rao, A.R., Monroe, K.B.: The moderating effect of prior knowledge on cue utilization in product evaluations. Journal of Consumer Research, 253–264 (1988)Google Scholar
  88. 88.
    Renaud, K.: Blaming noncompliance is too convenient: What really causes information breaches? IEEE Security & Privacy 10(3), 57–63 (2012)CrossRefGoogle Scholar
  89. 89.
    Richardson, G.P., Andersen, D.F., Maxwell, T.A., Stewart, T.R.: Foundations of mental model research. In: Proceedings of the 1994 International System Dynamics Conference, pp. 181–192 (1994)Google Scholar
  90. 90.
    Robertson, I.T.: Human information-processing strategies and style. Behaviour & Information Technology 4(1), 19–29 (1985)CrossRefGoogle Scholar
  91. 91.
    Rouse, W.B., Morris, N.M.: On looking into the black box: Prospects and limits in the search for mental models. Psychological Bulletin 100(3), 349 (1986)CrossRefGoogle Scholar
  92. 92.
    Rowe, A.L., Cooke, N.J.: Measuring mental models: Choosing the right tools for the job. Human Resource Development Quarterly 6(3), 243–255 (1995)CrossRefGoogle Scholar
  93. 93.
    Rumelhart, D.E., Norman, D.A.: Representation in memory. In: Cognitive Science Laboratory, Center for Human Information Processing, University of California, San Diego (1983)Google Scholar
  94. 94.
    Schechter, S.E., Dhamija, R., Ozment, A., Fischer, I.: The emperor’s new security indicators. In: IEEE Symposium on Security and Privacy, SP 2007, pp. 51–65. IEEE (2007)Google Scholar
  95. 95.
    Sheng, S., Holbrook, M., Kumaraguru, P., Cranor, L.F., Downs, J.: Who falls for phish?: a demographic analysis of phishing susceptibility and effectiveness of interventions. In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, CHI 2010, pp. 373–382. ACM, New York (2010)Google Scholar
  96. 96.
    Simons, D.J., Levin, D.T.: Change blindness. Trends in Cognitive Sciences 1(7), 261–267 (1997)CrossRefGoogle Scholar
  97. 97.
    Slovic, P.: Perception of risk. Science 236(4799), 280–285 (1987)CrossRefGoogle Scholar
  98. 98.
    Spears, J.L., Barki, H.: User participation in information systems security risk management. MIS Quarterly 34(3), 503–522 (2010)Google Scholar
  99. 99.
    Staggers, N., Norcio, A.F.: Mental models: concepts for human-computer interaction research. International Journal of Man-Machine Studies 38(4), 587–605 (1993)CrossRefGoogle Scholar
  100. 100.
    Staw, B.M., Barsade, S.G.: Affect and managerial performance: A test of the sadder-but-wiser vs. happier-and-smarter hypotheses. Administrative Science Quarterly, 304–331 (1993)Google Scholar
  101. 101.
    Taber, K.S.: Mediating mental models of metals: Acknowledging the priority of the learner’s prior learning. Science Education 87(5), 732–758 (2003)CrossRefGoogle Scholar
  102. 102.
    Thatcher, A., Greyling, M.: Mental models of the internet. International Journal of Industrial Ergonomics 22(4), 299–305 (1998)CrossRefGoogle Scholar
  103. 103.
    Tversky, B.: Cognitive maps, cognitive collages, and spatial mental models. In: Campari, I., Frank, A.U. (eds.) COSIT 1993. LNCS, vol. 716, pp. 14–24. Springer, Heidelberg (1993)Google Scholar
  104. 104.
    Vosniadou, S., Brewer, W.F.: Mental models of the earth: A study of conceptual change in childhood. Cognitive Psychology 24(4), 535–585 (1992)CrossRefGoogle Scholar
  105. 105.
    Wash, R.: Folk models of home computer security. In: Proceedings of the Sixth Symposium on Usable Privacy and Security, p. 11. ACM (2010)Google Scholar
  106. 106.
    Wash, R., Rader, E.: Influencing mental models of security: a research agenda. In: Proceedings of the 2011 Workshop on New Security Paradigms Workshop, NSPW 2011, pp. 57–66. ACM, New York (2011)CrossRefGoogle Scholar
  107. 107.
    Wästlund, E., Angulo, J., Fischer-Hübner, S.: Evoking comprehensive mental models of anonymous credentials. In: Camenisch, J., Kesdogan, D. (eds.) iNetSec 2011. LNCS, vol. 7039, pp. 1–14. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  108. 108.
    Weirich, D., Sasse, M.A.: Pretty good persuasion: a first step towards effective password security in the real world. In: Proceedings of the 2001 Workshop on New Security Paradigms, NSPW 2001, pp. 137–143. ACM, New York (2001)CrossRefGoogle Scholar
  109. 109.
    Whitten, A., Tygar, J.: Why Johnny Can’t Encrypt. In: Proceedings of the 8th USENIX Security Symposium, vol. 99, p. 1. McGraw-Hill (1999)Google Scholar
  110. 110.
    Willingham, D.T.: Why don’t students like school: A cognitive scientist answers questions about how the mind works and what it means for the classroom. Wiley. com (2009)Google Scholar
  111. 111.
    Wu, M., Miller, R.C., Garfinkel, S.L.: Do security toolbars actually prevent phishing attacks? In: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems, pp. 601–610. ACM (2006)Google Scholar
  112. 112.
    Ye, N., Salverndy, G.: Expert-novice knowledge of computer programming at different levels of abstraction. Ergonomics 39(3), 461–481 (1996)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Melanie Volkamer
    • 1
  • Karen Renaud
    • 2
  1. 1.TU Darmstadt Darmstadt / CASEDDarmstadtGermany
  2. 2.University of GlasgowGlasgowUnited Kingdom

Personalised recommendations