NSPW '96 Proceedings of the 1996 workshop on New security paradigms
Protecting Data from Malicious Software
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
SubDomain: Parsimonious Server Security
LISA '00 Proceedings of the 14th USENIX conference on System administration
Privacy in information technology: designing to enable privacy policy management in organizations
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Aligning usability and security: a usability study of Polaris
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Intentional access management: making access control usable for end-users
SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Polaris: virus-safe computing for Windows XP
Communications of the ACM - Privacy and security in highly dynamic systems
Improving host security with system call policies
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Why Johnny can't encrypt: a usability evaluation of PGP 5.0
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
TRON: process-specific file protection for the UNIX operating system
TCON'95 Proceedings of the USENIX 1995 Technical Conference Proceedings
A secure environment for untrusted helper applications confining the Wily Hacker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Domain and type enforcement for linux
ALS'00 Proceedings of the 4th annual Linux Showcase & Conference - Volume 4
Expandable grids for visualizing and authoring computer security policies
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Reusability of Functionality-Based Application Confinement Policy Abstractions
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
Usability challenges in security and privacy policy-authoring interfaces
INTERACT'07 Proceedings of the 11th IFIP TC 13 international conference on Human-computer interaction - Volume Part II
Optimizing a policy authoring framework for security and privacy policies
Proceedings of the Sixth Symposium on Usable Privacy and Security
SEEdit: SELinux security policy configuration system with higher level language
LISA'09 Proceedings of the 23rd conference on Large installation system administration
Apiary: easy-to-use desktop application fault containment on commodity operating systems
USENIXATC'10 Proceedings of the 2010 USENIX conference on USENIX annual technical conference
Usable Policy Template Authoring for Iterative Policy Refinement
POLICY '10 Proceedings of the 2010 IEEE International Symposium on Policies for Distributed Systems and Networks
Techniques for Automating Policy Specification for Application-oriented Access Controls
ARES '11 Proceedings of the 2011 Sixth International Conference on Availability, Reliability and Security
| Hi-index | 0.00 |
A number of security mechanisms are available for improving the security of systems by restricting the actions of individual programs to activities that are authorised. However, configuring these systems to enforce end users' own security goals is often beyond their expertise. Little research has investigated the usability issues associated with application-oriented access controls. This paper presents the results of a qualitative analysis of user perceptions of the usability of three application-oriented security systems: SELinux, AppArmor, and FBAC-LSM. Qualitative analysis identified a number of factors that affect the usability of application-restriction mechanisms. These themes are used to compare the usability of the three systems studied, and it is proposed that these factors can be used to inform the design of new systems and development of existing ones. Changes to the three security systems are also proposed to address or mitigate specific usability issues that were identified.