A unified framework for enforcing multiple access control policies
SIGMOD '97 Proceedings of the 1997 ACM SIGMOD international conference on Management of data
NSPW '96 Proceedings of the 1996 workshop on New security paradigms
Communications of the ACM
Usability and privacy: a study of Kazaa P2P file-sharing
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
KNOW Why your access was denied: regulating feedback for usable security
Proceedings of the 11th ACM conference on Computer and communications security
Software—Practice & Experience - Grid Security
Improving user-interface dependability through mitigation of human error
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Evaluating interfaces for privacy policy rule authoring
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
User experiences with sharing and access control
CHI '06 Extended Abstracts on Human Factors in Computing Systems
Intentional access management: making access control usable for end-users
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Seeing further: extending visualization as a basis for usable security
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
A user study of policy creation in a flexible access-control system
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Expandable grids for visualizing and authoring computer security policies
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Proceedings of the 4th symposium on Usable privacy and security
Expandable grids: a user interface visualization technique and a policy semantics to support fast, accurate security and privacy policy authoring
Laissez-faire file sharing: access control designed for individuals at the endpoints
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
A model of triangulating environments for policy authoring
Proceedings of the 15th ACM symposium on Access control models and technologies
Specifying and reasoning about dynamic access-control policies
IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning
An operating system for the home
NSDI'12 Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation
Relating declarative semantics and usability in access control
Proceedings of the Eighth Symposium on Usable Privacy and Security
Studying access-control usability in the lab: lessons learned from four studies
Proceedings of the 2012 Workshop on Learning from Authoritative Security Experiment Results
Usable object management approaches for online social networks
Proceedings of the 2013 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining
Formal definitions for usable access control rule sets from goals to metrics
Proceedings of the Ninth Symposium on Usable Privacy and Security
SEC'13 Proceedings of the 22nd USENIX conference on Security
Hi-index | 0.01 |
In access-control systems, policy rules conflict when they prescribe different decisions (allow or deny) for the same access. We present the results of a user study that demonstrates the significant impact of conflict-resolution method on policy-authoring usability. In our study of 54 participants, varying the conflict-resolution method yielded statistically significant differences in accuracy in five of the six tasks we tested, including differences in accuracy rates of up to 78%. Our results suggest that a conflict-resolution method favoring rules of smaller scope over rules of larger scope is more usable than the Microsoft Windows operating system's method of favoring deny rules over allow rules. Perhaps more importantly, our results demonstrate that even seemingly small changes to a system's semantics can fundamentally affect the system's usability in ways that are beyond the power of user interfaces to correct.