Context
An issue often discussed in security is that users have a weak mental model of security threats and of the mechanisms designed to defend against those threats.
IMPORTANT
One of the earliest and most influential approaches to HCI stems from the observation that the internal workings of software need not be the way the software is presented to the user
The paper present a review of the literature about mental models in psychology and cognitive science, their use in cyber security and in human-computer interaction.
Results
- humans find common causal structures across domains, using analogies and metaphors
- Analogies provide a powerful method of coping with new situations, and are extensively relied upon in education (for instance, in the familiar case of comparing the structure of an atom to that of a solar system, or in explaining how to treat a tumor with radiation using a story about troops storming a fortress)
- ==Mental models give meaning to UI elements and guide interactions with software. Interaction with the software also feed back into the user’s mental model==
- User interface design contributes to cyber-security issue in the short term, by failing to provide intelligible cues to the security state of the system during key moments (such as when software is about to be installed), and in the long-term, by concealing too much of the security-relevant aspects of software functionality
The research on mental models in cyber-security suggests that the typical non-technical user has a weak understanding of how computers, software, and the internet work, which impairs their ability to detect threats, and take appropriate measures to defend themselves.
[![[error]]] A simple but correct model is enough Mental models need not be technically accurate, they just should support safe behavior.