Role-Based Access Control Models
Computer
Communications of the ACM
Information security is information risk management
Proceedings of the 2001 workshop on New security paradigms
The Ponder Policy Specification Language
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
IEEE Security and Privacy
Firewalls and Internet Security: Repelling the Wily Hacker
Firewalls and Internet Security: Repelling the Wily Hacker
Usable Access Control for the World Wide Web
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Authorization and Privacy for Semantic Web Services
IEEE Intelligent Systems
Firmato: A novel firewall management toolkit
ACM Transactions on Computer Systems (TOCS)
Computer security strength and risk: a quantitative approach
Computer security strength and risk: a quantitative approach
Usable security and privacy: a case study of developing privacy management tools
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Improving user-interface dependability through mitigation of human error
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Privacy in information technology: designing to enable privacy policy management in organizations
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
What do they "indicate?": evaluating security and privacy indicators
interactions - A contradiction in terms?
Intentional access management: making access control usable for end-users
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
User interfaces for privacy agents
ACM Transactions on Computer-Human Interaction (TOCHI)
Design principles and patterns for computer systems that are simultaneously secure and usable
Design principles and patterns for computer systems that are simultaneously secure and usable
A user study of policy creation in a flexible access-control system
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Expandable grids for visualizing and authoring computer security policies
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Mining roles with semantic meanings
Proceedings of the 13th ACM symposium on Access control models and technologies
Understanding privacy settings in facebook with an audience view
UPSEC'08 Proceedings of the 1st Conference on Usability, Psychology, and Security
The Coalition Policy Management Portal for Policy Authoring, Verification, and Deployment
POLICY '08 Proceedings of the 2008 IEEE Workshop on Policies for Distributed Systems and Networks
A user study of the expandable grid applied to P3P privacy policy visualization
Proceedings of the 7th ACM workshop on Privacy in the electronic society
Expandable grids: a user interface visualization technique and a policy semantics to support fast, accurate security and privacy policy authoring
Laissez-faire file sharing: access control designed for individuals at the endpoints
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Usability challenges in security and privacy policy-authoring interfaces
INTERACT'07 Proceedings of the 11th IFIP TC 13 international conference on Human-computer interaction - Volume Part II
Crying wolf: an empirical study of SSL warning effectiveness
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
International Journal of Information Security and Privacy
Hi-index | 0.00 |
Policies which address security and privacy are pervasive parts of both technical and social systems, and technology to enable both organizations and individuals to create and manage such policies is seen as a critical need in IT. This paper describes policy authoring as a key component to usable privacy and security systems, and advances the notions of policy templates in a policy management environment in which different roles with different skill sets are seen as important. We discuss existing guidelines and provide support for the addition of new guidelines for usable policy authoring for security and privacy systems. We describe the relationship between general policy templates and specific policies, and the skills necessary to author each of these in a way that produces high-quality policies. We also report on an experiment in which technical users with limited policy experience authored policy templates using a prototype template authoring user interface we developed.