Search papers, labs, and topics across Lattice.
This paper investigates the effectiveness of different text-based explanations of Trusted Execution Environments (TEEs) for non-expert users. Through vignette scenarios with 966 crowdworkers, they found that non-technical explanations focusing on specific threats prevented by TEEs improved understanding of the technology. However, even with enhanced understanding, willingness to use TEE-enhanced technology remained largely unchanged.
Explaining how a technology works doesn't necessarily make people trust it more, even when they understand the specific security threats it addresses.
Trusted Execution Environments (TEEs) protect confidentiality and integrity of trusted applications by creating an isolated environment for executing code. Prior work has shown that users may feel more comfortable sharing data when they know it will be protected by a TEE, especially if they understand what a TEE is. In this study, we evaluated text-based explanations introducing TEEs to non-experts. We analyzed existing TEE explanations to develop candidate explanations and evaluated them via vignette scenarios with 966 crowdworkers. The explanations that enhanced understanding most were non-technical ones that highlighted specific threats that can be prevented by a TEE. Surprisingly, even the explanations that enhanced understanding had little effect on willingness to use the TEE-enhanced technology. These results provide insights into ways to communicate technical security concepts more effectively but also suggest that explaining security technology might not be enough to address users' privacy concerns.