Machine Learning
A uniform framework for regulating service access and information release on the web
Journal of Computer Security
Access Control: Policies, Models, and Mechanisms
FOSAD '00 Revised versions of lectures given during the IFIP WG 1.7 International School on Foundations of Security Analysis and Design on Foundations of Security Analysis and Design: Tutorial Lectures
Attributed Based Access Control (ABAC) for Web Services
ICWS '05 Proceedings of the IEEE International Conference on Web Services
Expandable grids for visualizing and authoring computer security policies
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Real life challenges in access-control management
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Proceedings of the 5th Symposium on Usable Privacy and Security
Access Control for Home Data Sharing: Attitudes, Needs and Practices
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
More than skin deep: measuring effects of the underlying model on access-control system usability
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Exploring reactive access control
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Oops, I did it again: mitigating repeated access control errors on facebook
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
A unified attribute-based access control model covering DAC, MAC and RBAC
DBSec'12 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy
| Hi-index | 0.00 |
Access control policies describe high level requirements for access control systems. Access control rule sets ideally translate these policies into a coherent and manageable collection of Allow/Deny rules. Designing rule sets that reflect desired policies is a difficult and time-consuming task. The result is that rule sets are difficult to understand and manage. The goal of this paper is to provide means for obtaining usable access control rule sets, which we define as rule sets that (i) reflect the access control policy and (ii) are easy to understand and manage. In this paper, we formally define the challenges that users face when generating usable access control rule sets and provide formal tools to handle them more easily. We started our research with a pilot study in which specialists were interviewed. The objective was to list usability challenges regarding the management of access control rule sets and verify how those challenges were handled by specialists. The results of the pilot study were compared and combined with results from related work and refined into six novel, formally defined metrics that are used to measure the security and usability aspects of access control rule sets. We validated our findings with two user studies, which demonstrate that our metrics help users generate statistically significant better rule sets.