Democratizing Cybersecurity in Smart Environments: Investigating the Mental Models of Novices and Experts

As the Internet of Things (IoT) technology continues to grow, more and more people with no technical expertise are demanding the ability to get the most out of smart devices according to their level of knowledge. To meet user needs, task automation systems (TAS) are used to customize the behavior of IoT devices by defining trigger-action rules. However, while TASs allow different types of behavior to be defined, they do not address the aspects that can make smart devices vulnerable to security and privacy threats. To truly democratize cybersecurity in smart environments, TAS should enable end users (both experts and novices) to protect their devices from external threats. To design TASs that are effective for both types of users, it is necessary to investigate how they differ in the definition of rules in natural language. This research aims to contribute to this issue by investigating the mental models of cybersecurity novices and experts when faced with the need to protect their smart environment from security and privacy threats through the definition of security-oriented rules.