BYU

Abstract by Matthew Holt

Personal Infomation


Presenter's Name

Matthew Holt

Degree Level

Masters

Co-Authors

Torstein Collett
Daniel Zappala

Abstract Infomation


Department

Computer Science

Faculty Advisor

Daniel Zappala

Title

After HTTPS: Indicating Risk on Deceptive Websites

Abstract

Browser security indicators show warnings when sites load without HTTPS, but more malicious sites are using HTTPS to appear legitimate in browsers and deceive users. We explore a new approach to browser indicators that overcomes several limitations of existing indicators. We first develop a high-level risk assessment framework to identify risky interactions and evaluate the utility of this approach through a survey. We next evaluate potential designs for a new risk indicator to communicate risk rather than security. Finally, we conduct a within-subjects user study to compare the risk indicator to existing security indicators by observing participant behavior and collecting feedback. Our results show that participants prefer risk indicators over current security indicators and suggest that risk indicators help make users more confident in judging their risk. In addition, users take somewhat fewer risks in the presence of risk indicators, making this a promising direction for research and implementation into web browsers.