Security Configuration for Non-Experts
End users often find that security configuration interfaces are difficult to use. In this chapter, we explore how application designers can improve the design and evaluation of security configuration interfaces. We use IEEE 802.11 network configuration as a case study. First, we design and implement a configuration interface that guides users through secure network configuration. The key insight is that users have a difficult time translating their security goals into specific feature configurations. Our interface automates the translation from users’ high-level goals to low-level feature configurations. Second, we develop and conduct a user study to compare our interface design with commercially available products. We adapt existing user research methods to sidestep common difficulties in evaluating security applications. Using our configuration interface, non-expert users are able to secure their networks as well as expert users. In general, our research addresses prevalent issues in the design and evaluation of consumer-configured security applications.