What the Neurosecurity Lab Has Been Up To this Summer

With summer now officially over, it’s a good time to recap what the Neurosecurity Lab has been up to. We’ve been very busy, with a major publication, presentations on three continents, and our ongoing research.

Study on Interruptions and Security Messages Published in ISR

Our study, “More Harm than Good? How Messages that Interrupt Can Make Us Vulnerable,” was published online at Information Systems Research, one of the top two journals of the field of Information Systems. This article received press coverage in a number of outlets, including:

Workshop on Security and Human Behavior (SHB)

Bonnie and Tony presented at the Workshop on Security and Human Behavior, held at Harvard Law School. Bruce Schneier describes the workshop this way:

SHB is a small invitational gathering of people studying various aspects of the human side of security. The fifty or so people in the room include psychologists, economists, computer security researchers, sociologists, political scientists, philosophers, political scientists, neuroscientists, lawyers, anthropologists, business school professors, and a smattering of others. It’s not just an interdisciplinary event; most of the people here are individually interdisciplinary.

These are the most intellectually stimulating two days of my year; this year someone called it “Bruce’s brain in conference form.”

Bonnie and Tony participated in a panel on security decision making with Anupam Datta, Robin Dillon-Merrill, Serge Edelman, and Angela Sasse.

Ross Anderson summarized Bonnie’s presentation this way:

The last session of Tuesday was started by Bonnie Anderson from the neurosecurity lab at BYU. Mostly we tune out security warnings because we’re busy; if warnings could avoid dual-task interference they’d be more effective and less annoying. An overload in the MTL temporal lobe is responsible, and she’s been working with the Chrome security team to investigate bad times to interrupt a user (so: not during a video but after, not while typing, while switching between domains of different types …). Now she has an eye tracker that can be used with fMRI and is testing polymorphic warnings, jiggling warnings and much more. This demonstrated that polymorphic warnings are more resistant to habituation, and that eye tracking studies give much the same results as fMRI.

And here’s Ross’ summary of Tony’s presentation:

Tony Vance studies habituation in communication. It’s not the same as fatigue, as polymorphic stimuli still work, but rather a means of saving effort. However people habituate to whole classes of UI designs; and notifications are becoming pervasive and desensitising in general. It’s not just habituation you /have to forestall, but generalisation too. It’s good that the Chrome team worry about their warning design, but not sufficient; their good design can be impacted by others’ poor design (or downright mimicry). Tony has been using eye tracking and fMRI to explore all this.

Interdisciplinary Symposium on Decision Neuroscience

Brock and Dan presented a poster at the Interdisciplinary Symposium on Decision Neuroscience (ISDN) at Temple University in Philadelphia.

Besides presenting, Dan and Brock went to a Phillies game and had a great time. Brock caught a ball and gave it to Dan for his birthday. Best. PhD adviser. Ever.

Gmuden Retreat on NeuroIS

Bonnie and Tony participated in the Gmunden Retreat on NeuroIS, held in the Schloss Ort castle in Gmuden, Austria. This was their commute to work during the conference:

The Gmuden Retreat focuses on neuroscience applications to information systems research. Tony presented on generalization to security messages.

Tony, Bonnie, and colleague Adriane Randolph

European Conference on Information Systems

Bonnie and Tony attended the European Conference on Information Systems, held at Boğaziçi University at Istanbul, Turkey.

The Bospherous, looking towards the European side of Istanbul

Bonnie presented on our security message interruptions paper, described at the top of this post.

Symposium on Usable Security and Privacy

Finally, Bonnie presented at the USENIX Symposium on Usable Security and Privacy in Denver, Colorado. She presented on generalization to security messages.