Usability meets access control: challenges and research opportunities

Authors:
Konstantin Beznosov;Philip Inglesant;Jorge Lobo;Rob Reeder;Mary Ellen Zurko
Affiliations:
University of British Columbia, Vancouver, BC, Canada;University College London, London, United Kingdom;IBM, Hawthorne, NY, USA;Microsoft, Redmond, WA, USA;IBM, Westford, MA, USA
Venue:
Proceedings of the 14th ACM symposium on Access control models and technologies
Year:
2009

Citing 12
Cited 4

‘R-What?’ Development of a role-based access control policy-writing tool for e-Scientists: Research Articles

Software—Practice & Experience - Grid Security
Improving user-interface dependability through mitigation of human error

International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Why phishing works

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Why Johnny can't encrypt: a usability evaluation of PGP 5.0

SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
The Emperor's New Security Indicators

SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
A usability study and critique of two password managers

USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
A second look at the usability of click-based graphical passwords

Proceedings of the 3rd symposium on Usable privacy and security
Towards understanding IT security professionals and their tools

Proceedings of the 3rd symposium on Usable privacy and security
Expandable grids for visualizing and authoring computer security policies

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Usability of CAPTCHAs or usability issues in CAPTCHA design

Proceedings of the 4th symposium on Usable privacy and security
Expressions of expertness: the virtuous circle of natural language for access control policy specification

Proceedings of the 4th symposium on Usable privacy and security
Towards improving mental models of personal firewall users

CHI '09 Extended Abstracts on Human Factors in Computing Systems

A methodology for empirical analysis of permission-based security models and its application to android

Proceedings of the 17th ACM conference on Computer and communications security
Managing access control for things: a capability based approach

Proceedings of the 7th International Conference on Body Area Networks
On the features and challenges of security and privacy in distributed internet of things

Computer Networks: The International Journal of Computer and Telecommunications Networking
An empirical study of three access control systems

Proceedings of the 6th International Conference on Security of Information and Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

This panel discusses specific challenges in the usability of access control technologies and new opportunities for research. The questions vary from "Why nobody, even experts, uses access control lists (ACLs)?" to "Shall access controls (and corresponding languages) be totally embedded and invisible and never, ever seen by the users?" to "What should be the user-study methodology for access control systems?".