BIB-VERSION:: CS-TR-v2.0
ID:: ncstrl.dartmouthcs//TR2009-652
ENTRY:: June 09, 2009
ORGANIZATION:: Dartmouth College, Computer Science
REQUESTED-BY:: sws@cs.dartmouth.edu
REQUESTED-FOR:: sws@cs
REQUESTED-DATE:: Fri Jun 5 10:21:27 EDT 2009
TITLE:: The Effects of Introspection on Computer Security Policies
TYPE:: Technical Report (paper)
REVISION:: 1
AUTHOR:: Trudeau, Stephanie A.
DATE:: June 2009
RETRIEVAL:: For a paper copy, email <reports@cs.dartmouth.edu>
RETRIEVAL:: For a paper copy, write to
       Technical Report Librarian
       Department of Computer Science
       Dartmouth College
       6211 Sudikoff Laboratory
       Hanover, NH 03755-3510
       USA
RETRIEVAL:: PDF at http://www.cs.dartmouth.edu/reports/TR2009-652.pdf
ABSTRACT:: 
  What does it mean to be an expert?  And what makes an expert more capable than a non-expert when it comes to evaluating and articulating their impressions about something as commonly practiced as food tasting?  How do we explain those behaviors that humans perform very well, but don't quite know why? Studies have shown that there exists a class of activities that we as humans execute well intuitively, but that we perform much worse upon introspection.  Evidence supports the claim that the act of introspection actually causes us to do more poorly at these tasks.
  My goal is to apply this idea to computer security.  At present, designs for most security policy interfaces leave much to be desired.  This lack of usability leaves these systems in need of improvement, possibly causing users to become more vulnerable than they otherwise would have.  My research includes a user study on the privacy policies of the interface for a social networking website similar to Facebook.  Evidence from the study supports the claim that the act of introspecting upon one's personal security policy actually makes one worse at making policy decisions.
NOTE:: 
Senior Honors Thesis. Advisor:  Sean Smith, Scout Sinclair.
END:: ncstrl.dartmouthcs//TR2009-652