CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
On SDSI's linked local name spaces
Journal of Computer Security
Design of a Role-Based Trust-Management Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Personal Servers as Digital Keys
PERCOM '04 Proceedings of the Second IEEE International Conference on Pervasive Computing and Communications (PerCom'04)
KNOW Why your access was denied: regulating feedback for usable security
Proceedings of the 11th ACM conference on Computer and communications security
Personal privacy through understanding and action: five pitfalls for designers
Personal and Ubiquitous Computing
Improving user-interface dependability through mitigation of human error
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
User experiences with sharing and access control
CHI '06 Extended Abstracts on Human Factors in Computing Systems
Understanding SPKI/SDSI using first-order logic
International Journal of Information Security
The Master Key: A Private Authentication Approach for Pervasive Computing Environments
PERCOM '06 Proceedings of the Fourth Annual IEEE International Conference on Pervasive Computing and Communications
Lessons learned from the deployment of a smartphone-based access-control system
Proceedings of the 3rd symposium on Usable privacy and security
Device-enabled authorization in the grey system
ISC'05 Proceedings of the 8th international conference on Information Security
Efficient proving for practical distributed access-control systems
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
ISPEC '09 Proceedings of the 5th International Conference on Information Security Practice and Experience
Private location-based information retrieval through user collaboration
Computer Communications
Access Control for Home Data Sharing: Attitudes, Needs and Practices
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Optimizing a policy authoring framework for security and privacy policies
Proceedings of the Sixth Symposium on Usable Privacy and Security
The home needs an operating system (and an app store)
Hotnets-IX Proceedings of the 9th ACM SIGCOMM Workshop on Hot Topics in Networks
Challenges in access right assignment for secure home networks
HotSec'10 Proceedings of the 5th USENIX conference on Hot topics in security
Nexus authorization logic (NAL): Design rationale and applications
ACM Transactions on Information and System Security (TISSEC)
More than skin deep: measuring effects of the underlying model on access-control system usability
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Home automation in the wild: challenges and opportunities
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Proceedings of the 50th Annual Southeast Regional Conference
An operating system for the home
NSDI'12 Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation
Relating declarative semantics and usability in access control
Proceedings of the Eighth Symposium on Usable Privacy and Security
Hi-index | 0.01 |
Significant effort has been invested in developing expressive and flexible access-control languages and systems. However, little has been done to evaluate these systems in practical situations with real users, and few attempts have been made to discover and analyze the access-control policies that users actually want to implement. We report on a user study in which we derive the ideal access policies desired by a group of users for physical security in an office environment. We compare these ideal policies to the policies the users actually implemented with keys and with a smartphone-based distributed access-control system. We develop a methodology that allows us to show quantitatively that the smartphone system allowed our users to implement their ideal policies more accurately and securely than they could with keys, and we describe where each system fell short.