Cost-aware Internet Security Decision Model

The current delegated or "Stupid user" implementation of Internet Security services leaves users out of security decision making and configuration processes. This distorts their online security's mental models. As a result, many users do not configure optimal Internet security to meet their required protection level. This lack of sufficient security configuration provides a fertile environment for Internet attacks. Furthermore, the top-down security implementation does not usually provide the user with the associated cost information, such as privacy leakage or performance degradation. Such information would enable the user to build correct mental models around security, thereby improving the Quality of Protection and Internet browsing Experience. This research investigates the use of a cost-aware security decision model and a personal Internet security configurator that allow users to easily configure security options mapped to underlying complex Internet security protocols. We aim to examine whether these interventions would improve users' security mental models, security adoption and Quality of Experience (QoE).