Towards Supporting Users in Assessing the Risk in Privilege Elevation

Sara Motiee

21 October 2011

Abstract: To better protect users from security incidents, the principle of least privilege (PLP) requires that users and programs be granted the most restrictive set of privileges possible to perform the required tasks. The low-privileged user accounts (LUA) and privilege elevation prompts are two practical implementations of PLP in the main-stream operating systems. However, there is anecdotal evidence suggesting that users do not employ these implementations correctly. Our research goal was to understand users' challenges and behavior in using these mechanisms and improve them so that average users of personal computers can follow the PLP correctly. For this purpose, we conducted a user study and contextual interviews to investigate the understanding, behavior, and challenges users face when working with user accounts and the privilege elevation prompts (called User Account Control (UAC) prompts) in Windows Vista and 7. We found that 69% of participants did not use and respond correctly to UAC prompts. Also, all our 45 participants used an admin user account, and 91% were not aware of the benefits of low-privileged user accounts or the risks of high-privileged ones. Their knowledge and experience were limited to the restricted rights of low-privileged accounts. Based on our findings, we offered recommendations to improve the UAC and LUA approaches. Since our study showed that users can benefit from UAC prompts, we investigated the information content for such prompts so that users can assess the risk of privilege elevation more accurately and consequently respond to the prompts correctly. We considered thirteen different information items for including on these prompts mostly based on the results of our first study. Our user study with 48 participants showed that program name, origin, description, digital certification, changes the program applies and the result of program scan by anti-virus are the most understandable, useful and preferred items for users. To avoid habituation, decrease cognitive load on users and improve users' response to the prompts, we recommend to employ a context-based UAC prompt which presents a subset of information items to users based on the context. A set of guidelines is provided for selecting the appropriate items in different contexts.

Keyword(s): Usable Security, Principle of Least Privilege, Risk Assessment, Security Warning

Published in: Sara Motiee, "Towards Supporting Users in Assessing the Risk in Privilege Elevation", MASc thesis, Department of Electrical and Computer Engineering, University of British Columbia, Vancouver, Canada, October 2011.:

The record appears in these collections:
Usable Security

 Record created 2011-10-31, last modified 2013-05-22

Transfer from CDS 0.99.7:
Download fulltext

Rate this document:

Rate this document:
(Not yet reviewed)