Access control for collaborative environments
CSCW '92 Proceedings of the 1992 ACM conference on Computer-supported cooperative work
Role-Based Access Control Models
Computer
NSPW '96 Proceedings of the 1996 workshop on New security paradigms
Optimistic security: a new access control paradigm
Proceedings of the 1999 workshop on New security paradigms
Formal Models for Computer Security
ACM Computing Surveys (CSUR)
Protection and the control of information sharing in multics
Communications of the ACM
Pretty good persuasion: a first step towards effective password security in the real world
Proceedings of the 2001 workshop on New security paradigms
User Interaction Design for Secure Systems
ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
Usable Access Control for the World Wide Web
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Aligning Security and Usability
IEEE Security and Privacy
KNOW Why your access was denied: regulating feedback for usable security
Proceedings of the 11th ACM conference on Computer and communications security
User Interface Dependability through Goal-Error Prevention
DSN '05 Proceedings of the 2005 International Conference on Dependable Systems and Networks
The multics system: an examination of its structure
The multics system: an examination of its structure
Share and share alike: exploring the user interface affordances of file sharing
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
User experiences with sharing and access control
CHI '06 Extended Abstracts on Human Factors in Computing Systems
Corporate wiki users: results of a survey
Proceedings of the 2006 international symposium on Wikis
Fuzzy Multi-Level Security: An Experiment on Quantified Risk-Adaptive Access Control
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
Expandable grids for visualizing and authoring computer security policies
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Decentralized access control in distributed file systems
ACM Computing Surveys (CSUR)
Ad-hoc guesting: when exceptions are the rule
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
The structure of authority: why security is not a separable concern
MOZ'04 Proceedings of the Second international conference on Multiparadigm Programming in Mozart/Oz
Optimizing a policy authoring framework for security and privacy policies
Proceedings of the Sixth Symposium on Usable Privacy and Security
More than skin deep: measuring effects of the underlying model on access-control system usability
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
The purge threat: scientists' thoughts on peta-scale usability
Proceedings of the sixth workshop on Parallel Data Storage
Proceedings of the 2013 ACM international symposium on New ideas, new paradigms, and reflections on programming & software
Runtime adaptive multi-factor authentication for mobile devices
IBM Journal of Research and Development
Hi-index | 0.00 |
When organizations deploy file systems with access control mechanisms that prevent users from reliably sharing files with others, these users will inevitably find alternative means to share. Alas, these alternatives rarely provide the same level of confidentiality, integrity, or auditability provided by the prescribed file systems. Thus, the imposition of restrictive mechanisms and policies by system designers and administrators may actually reduce the system's security. We observe that the failure modes of file systems that enforce centrally-imposed access control policies are similar to the failure modes of centrally planned economies: individuals either learn to circumvent these restrictions as matters of necessity or desert the system entirely, subverting the goals behind the central policy. We formalize requirements for laissez-faire sharing, which parallel the requirements of free market economies, to better address the file sharing needs of information workers. Because individuals are less likely to feel compelled to circumvent systems that meet these laissez-faire requirements, such systems have the potential to increase both productivity and security.