Role-Based Access Control Models
Computer
Computer security
Communications of the ACM
Studying the language and structure in non-programmers' solutions to programming problems
International Journal of Human-Computer Studies
Security Implications of Typical Grid Computing Usage Scenarios
Cluster Computing
User Interaction Design for Secure Systems
ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
Conceptual Design Reconsidered: The Case of the Internet Session Directory Tool
HCI 97 Proceedings of HCI on People and Computers XII
RBAC Policies in XML for X.509 Based Privilege Management
SEC '02 Proceedings of the IFIP TC11 17th International Conference on Information Security: Visions and Perspectives
End-Users' Mental Models of Concepts Critical to Web Application Development
VLHCC '04 Proceedings of the 2004 IEEE Symposium on Visual Languages - Human Centric Computing
Software—Practice & Experience - Grid Security
Evaluating interfaces for privacy policy rule authoring
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
History of programming languages I
Integrating security and usability into the requirements and design process
International Journal of Electronic Security and Digital Forensics
PERMIS: a modular authorization infrastructure
Concurrency and Computation: Practice & Experience - UK e-Science All Hands Meeting 2006
CLOnE: controlled language for ontology editing
ISWC'07/ASWC'07 Proceedings of the 6th international The semantic web and 2nd Asian conference on Asian semantic web conference
Usability meets access control: challenges and research opportunities
Proceedings of the 14th ACM symposium on Access control models and technologies
Soramame: what you see is what you control access control user interface
Proceedings of the Symposium on Computer Human Interaction for the Management of Information Technology
Filter-based access control model: exploring a more usable database management
Proceedings of the 4th Symposium on Computer Human Interaction for the Management of Information Technology
Authorization enforcement usability case study
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
More than skin deep: measuring effects of the underlying model on access-control system usability
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A controlled natural language interface for authoring access control policies
Proceedings of the 2011 ACM Symposium on Applied Computing
Physical access control administration using building information models
CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security
Implementing database access control policy from unconstrained natural language text
Proceedings of the 2013 International Conference on Software Engineering
| Hi-index | 0.00 |
The implementation of usable security is particularly challenging in the growing field of Grid computing, where control is decentralised, systems are heterogeneous, and authorization applies across administrative domains. PERMIS, based on the Role-Based Access Control (RBAC) model, provides a unified infrastructure to address these challenges. Previous research has found that resource owners who do not understand the PERMIS RBAC model have difficulty expressing access control policies. We have addressed this issue by investigating the use of a controlled natural language parser for expressing these policies. In this paper, we describe our experiences in the design, implementation, and evaluation of this parser for the PERMIS Editor. We began by understanding Grid access control needs as expressed by resource owners, through interviews and focus groups with 45 Grid practitioners. We found that the many areas of Grid computing use present varied security requirements; this suggests a minimal, open design. We designed and implemented a controlled natural language system to support these needs, which we evaluated with a cross-section of 17 target users. We found that participants were not daunted by the text editor, and understood the syntax easily. However, some strict requirements of the controlled language were problematic. Using controlled natural language helps overcome some conceptual mis-matches between PERMIS RBAC and older paradigms; however, there are still subtleties which are not always understood. In conclusion, the parser is not sufficient on its own, and should be seen in the interplay with other parts of the PERMIS Editor, so that, iteratively, users are helped to understand the underlying PERMIS model and to express their security policies more accurately and more completely.