‘R-What?’ Development of a role-based access control policy-writing tool for e-Scientists: Research Articles

Authors:
Sacha Brostoff;M. Angela Sasse;David Chadwick;James Cunningham;Uche Mbanaso;Sassa Otenko
Affiliations:
Department of Computer Science, University College London, Gower Street, London WC1E 6BT, U.K.;Department of Computer Science, University College London, Gower Street, London WC1E 6BT, U.K.;Computing Laboratory, University of Kent, Canterbury, U.K.;Information Systems Institute, University of Salford, Salford, U.K.;Information Systems Institute, University of Salford, Salford, U.K.;Computing Laboratory, University of Kent, Canterbury, U.K.
Venue:
Software—Practice & Experience - Grid Security
Year:
2005

Citing 0
Cited 11

User experiences with sharing and access control

CHI '06 Extended Abstracts on Human Factors in Computing Systems
Intentional access management: making access control usable for end-users

SOUPS '06 Proceedings of the second symposium on Usable privacy and security
Expressions of expertness: the virtuous circle of natural language for access control policy specification

Proceedings of the 4th symposium on Usable privacy and security
Usability meets access control: challenges and research opportunities

Proceedings of the 14th ACM symposium on Access control models and technologies
Efficient integration of fine-grained access control and resource brokering in grid

The Journal of Supercomputing
A model of triangulating environments for policy authoring

Proceedings of the 15th ACM symposium on Access control models and technologies
It's too complicated, so i turned it off!: expectations, perceptions, and misconceptions of personal firewalls

Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
Authorization enforcement usability case study

ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Provenance security guarantee from origin up to now in the e-Science environment

Journal of Systems Architecture: the EUROMICRO Journal
More than skin deep: measuring effects of the underlying model on access-control system usability

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Physical access control administration using building information models

CSS'12 Proceedings of the 4th international conference on Cyberspace Safety and Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

A lightweight role-based access control policy authoring tool was developed for e-Scientists, a community for which access policies have to be implemented for an increasingly heterogeneous group of local and remote users. Two fundamental problems were identified: (1) lack of understanding of what the policy components are (i.e. how authorization policies are structured), and (2) lack of understanding of the underlying policy paradigm (i.e. what should go into the policy, and what should be left out). Conceptual design (CD) techniques were used to revise the user interface (UI) labels so that e-Scientists and developers were better able to describe access policy components from labels, and match labels with components (t = 6.28, df = 7, p = 0.000 two-tailed). CD, instructional text, bubble help, UI behaviour and alert boxes were used to shape users' models of the policy paradigm. The final prototype improved users' efficiency and effectiveness by more than doubling the speed with which expert users could write authorization policies, and facilitating users without specialist security knowledge to overcome the policy paradigm and components problems, enabling them to complete 80% of basic and 75% of advanced authorization policy-writing tasks in a usability trial. Copyright © 2005 John Wiley & Sons, Ltd.