Role-Based Access Control Models
Computer
NSPW '96 Proceedings of the 1996 workshop on New security paradigms
Usability and privacy: a study of Kazaa P2P file-sharing
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A study of preferences for sharing and privacy
CHI '05 Extended Abstracts on Human Factors in Computing Systems
Improving user-interface dependability through mitigation of human error
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Share and share alike: exploring the user interface affordances of file sharing
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
User experiences with sharing and access control
CHI '06 Extended Abstracts on Human Factors in Computing Systems
Intentional access management: making access control usable for end-users
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Seeing further: extending visualization as a basis for usable security
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Give and take: a study of consumer photo-sharing culture and practice
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Over-exposed?: privacy patterns and considerations in online and mobile photo sharing
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Facemail: showing faces of recipients to prevent misdirected email
Proceedings of the 3rd symposium on Usable privacy and security
Expandable grids for visualizing and authoring computer security policies
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
The social web: global village or private cliques?
Proceedings of the 2007 conference on Designing for User eXperiences
Visual vs. compact: a comparison of privacy policy interfaces
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
User interface models for the cloud
UIST '10 Adjunct proceedings of the 23nd annual ACM symposium on User interface software and technology
Proceedings of the 17th ACM conference on Computer and communications security
Filter-based access control model: exploring a more usable database management
Proceedings of the 4th Symposium on Computer Human Interaction for the Management of Information Technology
Regroup: interactive machine learning for on-demand group creation in social networks
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Tag, you can see it!: using tags for access control in photo sharing
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Relating declarative semantics and usability in access control
Proceedings of the Eighth Symposium on Usable Privacy and Security
A conundrum of permissions: installing applications on an android smartphone
FC'12 Proceedings of the 16th international conference on Financial Cryptography and Data Security
Interleaving tasks to improve performance: Users maximise the marginal rate of return
International Journal of Human-Computer Studies
Privacy as part of the app decision-making process
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Formal definitions for usable access control rule sets from goals to metrics
Proceedings of the Ninth Symposium on Usable Privacy and Security
An empirical study of three access control systems
Proceedings of the 6th International Conference on Security of Information and Networks
Toward strong, usable access control for shared distributed data
FAST'14 Proceedings of the 12th USENIX conference on File and Storage Technologies
| Hi-index | 0.00 |
Existing technologies for file sharing differ widely in the granularity of control they give users over who can access their data; achieving finer-grained control generally requires more user effort. We want to understand what level of control users need over their data, by examining what sorts of access policies users actually create in practice. We used automated data mining techniques to examine the real-world use of access control features present in standard document sharing systems in a corporate environment as used over a long ( 10 year) time span. We find that while users rarely need to change access policies, the policies they do express are actually quite complex. We also find that users participate in larger numbers of access control and email sharing groups than measured by self-report in previous studies. We hypothesize that much of this complexity might be reduced by considering these policies as examples of simpler access control patterns. From our analysis of what access control features are used and where errors are made, we propose a set of design guidelines for access control systems themselves and the tools used to manage them, intended to increase usability and decrease error.