Usability and privacy: a study of Kazaa P2P file-sharing
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Improving user-interface dependability through mitigation of human error
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Privacy in information technology: designing to enable privacy policy management in organizations
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Intentional access management: making access control usable for end-users
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Seeing further: extending visualization as a basis for usable security
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Effective Visualization of File System Access-Control
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
A user study of the expandable grid applied to P3P privacy policy visualization
Proceedings of the 7th ACM workshop on Privacy in the electronic society
Real life challenges in access-control management
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Perspective: semantic data management for the home
FAST '09 Proccedings of the 7th conference on File and storage technologies
Usability meets access control: challenges and research opportunities
Proceedings of the 14th ACM symposium on Access control models and technologies
Revealing hidden context: improving mental models of personal firewall users
Proceedings of the 5th Symposium on Usable Privacy and Security
Proceedings of the 5th Symposium on Usable Privacy and Security
Configuring audience-oriented privacy policies
Proceedings of the 2nd ACM workshop on Assurable and usable security configuration
A system for visual role-based policy modelling
Journal of Visual Languages and Computing
Laissez-faire file sharing: access control designed for individuals at the endpoints
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Visual vs. compact: a comparison of privacy policy interfaces
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Making policy decisions disappear into the user's workflow
CHI '10 Extended Abstracts on Human Factors in Computing Systems
Exploring reactive access control
CHI '10 Extended Abstracts on Human Factors in Computing Systems
Privacy wizards for social networking sites
Proceedings of the 19th international conference on World wide web
A model of triangulating environments for policy authoring
Proceedings of the 15th ACM symposium on Access control models and technologies
Towards analyzing complex operating system access control configurations
Proceedings of the 15th ACM symposium on Access control models and technologies
Visualization for access control policy analysis results using multi-level grids
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
The impact of social navigation on privacy policy configuration
Proceedings of the Sixth Symposium on Usable Privacy and Security
Optimizing a policy authoring framework for security and privacy policies
Proceedings of the Sixth Symposium on Usable Privacy and Security
Policy framework for security and privacy management
IBM Journal of Research and Development
Proceedings of the 17th ACM conference on Computer and communications security
A privacy recommendation wizard for users of social networking sites
Proceedings of the 17th ACM conference on Computer and communications security
FAME: a firewall anomaly management environment
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
Transparent collaboration: letting users simulate another user's world
Proceedings of the 4th Symposium on Computer Human Interaction for the Management of Information Technology
PolicyReplay: misconfiguration-response queries for data breach reporting
Proceedings of the VLDB Endowment
Challenges in access right assignment for secure home networks
HotSec'10 Proceedings of the 5th USENIX conference on Hot topics in security
More than skin deep: measuring effects of the underlying model on access-control system usability
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
An investigation into facebook friend grouping
INTERACT'11 Proceedings of the 13th IFIP TC 13 international conference on Human-computer interaction - Volume Part III
Visualizing privacy implications of access control policies in social network systems
DPM'09/SETOP'09 Proceedings of the 4th international workshop, and Second international conference on Data Privacy Management and Autonomous Spontaneous Security
Proceedings of the 50th Annual Southeast Regional Conference
Tag, you can see it!: using tags for access control in photo sharing
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A visualization tool for evaluating access control policies in facebook-style social network systems
Proceedings of the 27th Annual ACM Symposium on Applied Computing
The PViz comprehension tool for social network privacy settings
Proceedings of the Eighth Symposium on Usable Privacy and Security
Relating declarative semantics and usability in access control
Proceedings of the Eighth Symposium on Usable Privacy and Security
Studying access-control usability in the lab: lessons learned from four studies
Proceedings of the 2012 Workshop on Learning from Authoritative Security Experiment Results
Engineering access control policies for provenance-aware systems
Proceedings of the third ACM conference on Data and application security and privacy
International Journal of Information Security and Privacy
Combining social authentication and untrusted clouds for private location sharing
Proceedings of the 18th ACM symposium on Access control models and technologies
Formal definitions for usable access control rule sets from goals to metrics
Proceedings of the Ninth Symposium on Usable Privacy and Security
Toward strong, usable access control for shared distributed data
FAST'14 Proceedings of the 12th USENIX conference on File and Storage Technologies
Hi-index | 0.01 |
We introduce the Expandable Grid, a novel interaction technique for creating, editing, and viewing many types of security policies. Security policies, such as file permissions policies, have traditionally been displayed and edited in user interfaces based on a list of rules, each of which can only be viewed or edited in isolation. These list-of-rules interfaces cause problems for users when multiple rules interact, because the interfaces have no means of conveying the interactions amongst rules to users. Instead, users are left to figure out these rule interactions themselves. An Expandable Grid is an interactive matrix visualization designed to address the problems that list-of-rules interfaces have in conveying policies to users. This paper describes the Expandable Grid concept, shows a system using an Expandable Grid for setting file permissions in the Microsoft Windows XP operating system, and gives results of a user study involving 36 participants in which the Expandable Grid approach vastly outperformed the native Windows XP file-permissions interface on a broad range of policy-authoring tasks.