Role-Based Access Control Models
Computer
NSPW '96 Proceedings of the 1996 workshop on New security paradigms
Communications of the ACM
Harnessing curiosity to increase correctness in end-user programming
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
User Interaction Design for Secure Systems
ICICS '02 Proceedings of the 4th International Conference on Information and Communications Security
In Search of Usable Security: Five Lessons from the Field
IEEE Security and Privacy
KNOW Why your access was denied: regulating feedback for usable security
Proceedings of the 11th ACM conference on Computer and communications security
Software—Practice & Experience - Grid Security
Improving user-interface dependability through mitigation of human error
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Why Johnny can't encrypt: a usability evaluation of PGP 5.0
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
The Design of Everyday Things
Lessons learned from the deployment of a smartphone-based access-control system
Proceedings of the 3rd symposium on Usable privacy and security
Access control by testing for shared knowledge
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Expandable grids for visualizing and authoring computer security policies
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Effective Visualization of File System Access-Control
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
Secure localised storage based on super-distributed RFID-tag infrastructures
Journal of Location Based Services - Privacy Aware and Location-Based Mobile Services
Verification of Business Process Entailment Constraints Using SPIN
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Proceedings of the 5th Symposium on Usable Privacy and Security
The infrastructure problem in HCI
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Visual vs. compact: a comparison of privacy policy interfaces
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Making policy decisions disappear into the user's workflow
CHI '10 Extended Abstracts on Human Factors in Computing Systems
Usability challenges in security and privacy policy-authoring interfaces
INTERACT'07 Proceedings of the 11th IFIP TC 13 international conference on Human-computer interaction - Volume Part II
Optimizing a policy authoring framework for security and privacy policies
Proceedings of the Sixth Symposium on Usable Privacy and Security
User interface models for the cloud
UIST '10 Adjunct proceedings of the 23nd annual ACM symposium on User interface software and technology
Cue: a framework for generating meaningful feedback in XACML
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
More than skin deep: measuring effects of the underlying model on access-control system usability
Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Designing for privacy in personal learning spaces
The New Review of Hypermedia and Multimedia - Special issue: Observing users of digital educational technologies
Relating declarative semantics and usability in access control
Proceedings of the Eighth Symposium on Usable Privacy and Security
International Journal of Information Security and Privacy
Interleaving tasks to improve performance: Users maximise the marginal rate of return
International Journal of Human-Computer Studies
An empirical study of three access control systems
Proceedings of the 6th International Conference on Security of Information and Networks
| Hi-index | 0.00 |
The usability of access control mechanisms in modern distributed systems has been widely criticized but little studied. In this paper, we carefully examine one such widely deployed access control mechanism, the one embedded in the WebDAV standard, from the point-of-view of an end-user trying to decide how to grant or deny access to some resource to a third party. This analysis points to problems with the conceptual usability of the system. Significant effort is required on the part of the user to determine how to implement the desired access rules; the user, however, has low interest and expertise in this task, given that such access management actions are almost always secondary to the collaborative task at hand. The analysis does however indicate a possible solution: to recast the access control puzzle as a decision support problem in which user intentions (i.e. the descriptions of desired system outputs) are interpreted by an access mediator that either automatically or semi-automatically decides how to achieve the designated goals and provides enough feedback to the user. We call such systems intentional access management (IAM) systems and describe them in both specific and general terms. To demonstrate the feasibility and usability of the proposed IAM models, we develop an intentional access management prototype for WebDAV. The results of a user study conducted on the system show its superior usability compared to traditional access management tools like the access control list editor.