TY - JOUR
T1 - Only Play in Your Comfort Zone: Interaction Methods for Improving Security Awareness on Mobile Devices
AU - Riedl, Peter
AU - Mayrhofer, Rene
AU - Möller, Andreas
AU - Kranz, Matthias
AU - Lettner, Florian
AU - Holzmann, Clemens
AU - Koelle, Marion
N1 - Funding Information:
Part of this work has been carried out within the scope of u’smile, the Josef Ressel Center for User-Friendly Secure Mobile Environments. We gratefully acknowledge funding and support by the Christian Doppler Gesellschaft, A1 Telekom Austria AG, Drei-Banken-EDV GmbH, LG Nexera Business Solutions AG, and NXP Semiconductors Austria GmbH. Part of this work has been carried out within the project “AUToMAte – Automatic Usability Testing of Mobile Applications” funded by the Austrian Research Promotion Agency (FFG) under Contract Number 839094.
Publisher Copyright:
© 2015, Springer-Verlag London.
PY - 2015/8/18
Y1 - 2015/8/18
N2 - In this paper, we study the concept of security zones as an intermediate layer of compartmentalization on mobile devices. Each of these security zones is isolated against the other zones and holds a different set of applications and associated user data and may apply different security policies. From a user point of view, they represent different contexts of use for the device, e.g., to distinguish between gaming (private context), payment transactions (secure context), and company-related email (enterprise context). We propose multiple visualization methods for conveying the current security zone information to the user, and interaction methods for switching between zones. Based on an online and a laboratory user study, we evaluated these concepts from a usability point of view. One important result is that in the tension field between security and usability, additional hardware can support the user’s awareness toward their zone context.
AB - In this paper, we study the concept of security zones as an intermediate layer of compartmentalization on mobile devices. Each of these security zones is isolated against the other zones and holds a different set of applications and associated user data and may apply different security policies. From a user point of view, they represent different contexts of use for the device, e.g., to distinguish between gaming (private context), payment transactions (secure context), and company-related email (enterprise context). We propose multiple visualization methods for conveying the current security zone information to the user, and interaction methods for switching between zones. Based on an online and a laboratory user study, we evaluated these concepts from a usability point of view. One important result is that in the tension field between security and usability, additional hardware can support the user’s awareness toward their zone context.
KW - Compartmentalization
KW - Mobile security
KW - Sandboxing
KW - Security zones
KW - Separation
UR - http://www.scopus.com/inward/record.url?scp=84939267210&partnerID=8YFLogxK
U2 - 10.1007/s00779-015-0840-5
DO - 10.1007/s00779-015-0840-5
M3 - Article
SN - 1617-4917
VL - 19
SP - 941
EP - 954
JO - PERSONAL AND UBIQUITOUS COMPUTING
JF - PERSONAL AND UBIQUITOUS COMPUTING
IS - 5-6
ER -