An automated cognitive walkthrough
CHI '91 Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Communications of the ACM
The state of the art in automating usability evaluation of user interfaces
ACM Computing Surveys (CSUR)
Cognitive walkthrough for the web
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Personal privacy through understanding and action: five pitfalls for designers
Personal and Ubiquitous Computing
Verification and change-impact analysis of access-control policies
Proceedings of the 27th international conference on Software engineering
User experiences with sharing and access control
CHI '06 Extended Abstracts on Human Factors in Computing Systems
Ontologies are us: A unified model of social networks and semantics
Web Semantics: Science, Services and Agents on the World Wide Web
Administration in role-based access control
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
Why Johnny can't encrypt: a usability evaluation of PGP 5.0
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
A semantic web based framework for social network access control
Proceedings of the 14th ACM symposium on Access control models and technologies
Social applications: exploring a more secure framework
Proceedings of the 5th Symposium on Usable Privacy and Security
Proceedings of the 5th Symposium on Usable Privacy and Security
Laissez-faire file sharing: access control designed for individuals at the endpoints
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Privacy wizards for social networking sites
Proceedings of the 19th international conference on World wide web
Data leakage mitigation for discretionary access control in collaboration clouds
Proceedings of the 16th ACM symposium on Access control models and technologies
Policy auditing over incomplete logs: theory, implementation and applications
Proceedings of the 18th ACM conference on Computer and communications security
Specifying and reasoning about dynamic access-control policies
IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning
Software Abstractions: Logic, Language, and Analysis
Software Abstractions: Logic, Language, and Analysis
Policy-by-example for online social networks
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Fine-grained access control of personal data
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
| Hi-index | 0.00 |
The privacy policies of many websites, especially those designed for sharing data, are a product of many inputs. They are defined by the program underlying the website, by user configurations (such as privacy settings), and by the interactions that interfaces enable with the site. A website's security thus depends partly on users' ability to effectively use security mechanisms provided through the interface. Questions about the effectiveness of an interface are typically left to manual evaluation by user-experience experts. However, interfaces are generated by programs and user input is received and processed by programs. This suggests that aspects of usable security could also be approached as a program-analysis problem. This paper establishes a foundation on which to build formal analyses for usable security. We define a formal model for data-sharing websites. We adapt a set of design principles for usable security to modern websites and formalize them with respect to our model. In the formalization, we decompose each principle into two parts: one amenable to formal analysis, and another that requires manual evaluation by a designer. We demonstrate the potential of this approach through a preliminary analysis of models of actual sites.