When systems rely on a "human in the loop" to carry out a security-critical function, cyber trust indicators are often employed to communicate when and how to perform that function. Indicators typically serve as warnings or status indicators that communicate information, remind users of information previously communicated, and influence behavior. They include a variety of security- and privacy-related symbols in the operating system status bar or browser chrome, pop-up alerts, security control panels, or symbols embedded in web content. However, a growing body of literature has found the effectiveness of many of these indicators to be rather disappointing. This research is systematically studying the effectiveness of cyber trust indicators and developing approaches to making these indicators most effective and usable. The researchers are using cognitive psychology's "mental models" approach to study how both expert and non-expert personal computer users understand common cyber trust indicators. They are also using the "Communication-Human Information Processing" (C-HIP) model from warnings science to structure their evaluation and provide insights into the human information processing steps at which a warning is mostly likely to fail. Using an iterative design process, they are developing improved indicators for several common applications and evaluating the effectiveness of these indicators. The expected results include a set of specific recommendations for improving a set of common cyber trust indicators, a set of design patterns for designing effective cyber trust indicators, and a curriculum module for teaching students how to design effective and usable cyber trust indicators.
CT-ISG: Usable Cyber Trust Indicators