Security is as old as human history. The medieval castles across the world are a perfect example. As we invented the cyber world, cyber security followed.

Cyber security has three main characteristics:

Critical: Cyber security breaches can and do cost billions of dollars each year, and cause serious national security threats.

Complex: One line of code “LOC” can have an invisible logical weakness that wreaks havoc and brings down a giant system. With hundreds of millions of LOC’s in a complex application, and with Internet connectivity, it’s not that easy to build a perfectly secure cyber system.

Continuous: Security experts spend a lifetime-worth of efforts to build a super-secured system. Hackers also spend a comparable amount of time trying to find hair-thin cracks to breach them. Apparently, both groups are very successful…


Modeling Cyber Security

So where is the user in all this.

Even the strongest castles must have a gate allowing legitimate users in, independent of the strength or height of their walls or any other fortifications.

That makes the traditional breach model looks like this:

  • Brut force
  • Sneak in through the door (trick the gate keeper)
With Cyber security, types of breaches are not very different, but get a bit complicated.
An essential part of our mandate is to simplify cyber security concepts to the typical user to help them:
  • Get better understanding of the problem
  • Get better ability to avoid security traps

Cyber security breaches can also attempt to go through the walls using brute force, or sneak in through the user with phishing or other deceptive methods.


We focus on several HCI methods, tools, and best practices to simplify, visualize and explain complex security issues in simple term. The ultimate goal is to educate the user and hence train them to become cyber-security savvies without the need to specialize in security.

We have multiple approaches:

Modeling: A model is inherently a simplified but accurate version of a complex system. This comes in line with our HSI goals, so we are building security models to simplify and visualize cyber security systems to help user get better understanding…more

Metaphors: Metaphors are a powerful brain capability to understand one concept by projecting it into another. While not identical projection, a metaphor have an unusual ability to explain complex terms in simple words. Human brain has the ability to conceptually map complex new concepts to common, well understood concepts and hence gain an advanced understanding of the complex system. We use metaphors in most aspects of our writings, conversations, and speech….more

Visualization: As cyber systems evolve and expand, it becomes harder to explain the details of security concepts, problems and solution to average users. We focus on visualization techniques to help explain complex concepts in simple figures, diagrams and graphical objects …more

Patterns: Another wonder of the human brain. While we use it in most aspects of life, many of us might not be aware of them. Patterns are encapsulations of complex concepts, helping most of us to avoid the analytical approach of understanding the reasons, especially if the reasons were complex, or even unknown. Therefore, a pattern looks into a tried, tested, and true concept and simply encapsulates it for reuse. Once proven to have worked successfully, we don’t necessarily need to look into the reasons, but rather to find accurate ways to reuse it properly…more

Simulation: Similar to modeling, simulation allows us to target a simplified replica of a real system without the cost or risks associated with the real system. At ASU, we have several simulation labs as well as experts and lines of study to look into the principles of simulation and apply them effectively…more


Concept Visualization: Simplify complex cyber security concepts and bring them to the average user.

Modeling: Build solid models to help us integrate and expand different concepts.

Case Studies: Capture important case studies and explain them in simple terms. Going public allows other users to contribute

Security Pattern Structure: We are building a standard data structure to use as a security pattern template.

Pattern Repository: User-related security patterns will be collected and stored in an accessible repository. Public contribution is solicited. A panel of security experts will receive community contribution, edit and format them before adding them to the existing repository.

Research: This work allows us to bring researchers, industry experts and students together to collaborate in better understanding the user-side of the story and help improve the situation.

Lab Simulations: Human behavior is observed and measured at our labs following specific cyber security situations setup to observe and analyze actual user behavior.