Tiffany Hyun-Jin Kim, Payas Gupta, Jun Han, Emmanuel Owusu, Jason Hong, Adrian Perrig, and Debin Gao
Conference on Computer and Communications Security (CCS)
Malware continues to thrive on the Internet. Besides auto-mated mechanisms for detecting malware, we provide users with trust evidence information to enable them to make in-formed trust decisions. To scope the problem, we study the challenge of assisting users with judging the trustworthiness of software downloaded from the Internet. Through expert elicitation, we deduce indicators for trust evidence, then analyze these indicators with respect to scal-ability and robustness. We design OTO, a system for com-municating these trust evidence indicators to users, and we demonstrate through a user study the effectiveness of OTO, even with respect to IE’s SmartScreen Filter (SSF). The results from the between-subjects experiment with 58 par-ticipants confirm that the OTO interface helps people make correct trust decisions compared to the SSF interface regard-less of their security knowledge, education level, occupation, age, or gender.