'R-What?' Development of a role-based access control policy-writing tool for e-Scientists

Software - Practice and Experience

Volumn 35, Issue 9, 2005, Pages 835-856

  Brostoff, Sacha ^a   Sasse, M Angela ^a   Chadwick, David ^b   Cunningham, James ^c   Mbanaso, Uche ^c   Otenko, Sassa ^b  

^a UNIVERSITY COLLEGE LONDON   (United Kingdom)

^b UNIVERSITY OF KENT   (United Kingdom)

^c UNIVERSITY OF SALFORD   (United Kingdom)

Author keywords

Policy generation; RBAC user interface; Usability

Indexed keywords

DATA PROCESSING; DATA REDUCTION; DECISION MAKING; PUBLIC POLICY; RESOURCE ALLOCATION; SOFTWARE ENGINEERING; SOFTWARE PROTOTYPING; USER INTERFACES;

CONCEPTUAL DESIGN (CD); POLICY GENERATION; RBAC USER INTERFACE; USABILITY;

COMPUTER AIDED SOFTWARE ENGINEERING;

EID: 22144439749     PISSN: 00380644     EISSN: None     Source Type: Journal    
DOI: 10.1002/spe.691     Document Type: Conference Paper

References (28)

1. Chadwick DW, Otenko A, Ball E. Implementing role based access controls using X.509 attribute certificates. IEEE Internet Computing, 2003; (March-April):62-69.
2. Zurko ME, Simon R, Sanfilippo T. A user-centered, modular authorization service built on an RBAC foundation. IEEE Symposium on Security and Privacy. IEEE Computer Press: Los Alamitos, CA, 1999; 57-71.
3. Saltzer JH, Schroeder MD. The protection of information in computer systems. Proceedings of IEEE 1975; 63(9):1278-1308.
4. Sandhu RS, Coyne EJ, Feinstein HL, Youman CE. Role based access control models. IEEE Computer 1996; 29(2):38-43.
5. Schaad A, Moffett J, Jacob J. The access control system of a European bank - a case study. Proceedings of the 6th ACM Symposium on Access Control Models and Technologies (SACMAT), Chantilly, VA. ACM Press: New York, 2003.
6. The Directory: Public-key and Attribute Certificate Frameworks, ISO 9594-8/ITU-T Rec. X.509, 2000.
7. Britton D, Clarke P, Coles J, Colling D, Doyle A, Fisher SM, Irving AC, Jensen J, McNab A, Newbold D. A Grid for particle physics-from testbed to production. U.K. e-Science All Hands Conference, Nottingham, 2004.
8. Yee K-P. User interaction design for secure systems. Proceedings of the 4th International Conference on Information and Communications Security (Lecture Notes in Computer Science, vol. 2513), Deng R, Qing S, Bao F, Zhou J (eds.). Springer: Berlin, 2002; 278-290. Available at: http://zesty.ca/sid.
9. Yee K-P. Aligning security and usability. IEEE Security and Privacy 2004; (Sept/Oct):48-55.
10. Balfanz D, Durfee G, Smetters DK, Grinter RE. In search of usable security: Five lessons from the field. IEEE Security and Privacy 2004; (Sept/Oct): 19-24.
11. Humphrey M. Grid security: Are we making progress? Paper presented at the 2004 U.K. Workshop on Grid Security Experiences, Oxford, 2004.
12. Nielsen J, Landauer TK. A mathematical model of the finding of usability problems. INTERCHI '93. ACM Press: New York, 1993; 206-213.
13. Nielsen J. Why you only need to test with 5 users, 2000. http://www.useit.com.
14. Woolrych A, Cockton G. Why and when five test users aren't enough. IHM-HCI2001. Toulouse, 2001. Cépadèus Éditions, 2001; 105-108.
15. Synder C. Paper Prototyping: The Fast and Easy Way to Design and Refine User Interfaces. Morgan Kaufmann: London, 2003.
16. Rubin J. Handbook of Usability Testing. Wiley: New York, 1994.
17. Law EL-C, Hvannberg ET. Analysis of combinatorial user effect in international usability tests. CHI2004. Vienna, Austria. ACM Press: New York, 2004; 9-16.
18. Whitten A, Tygar JD. Why Johnny can't encrypt: A usability evaluation of PGP 5.0. 9th USENIX Security Symposium, Washington, 1999.
19. Norman D. Some observations on mental models. Mental Models, Gentner DA, Stevens AA (eds.). Lawrence Erlbaum Associates: Hillsdale, NJ, 1986.
20. Anderson B, Smyth M, Knott RP, Bergan M, Bergan J, Alty JL. Minimising conceptual baggage: Making choices about metaphor. People and Computers IX, Glasgow, 1994. Cambridge University Press: Cambridge, 1994; 179-194.
21. Clark L, Sasse MA. Conceptual design reconsidered - the case of the Internet session directory tool. HCI '97, Bristol, 1997. Springer: Berlin, 1997; 67-84.
22. Gutmann P. Godzilla crypto tutorial, Part 2, 2002.
23. Nielsen J. Heuristic evaluation. Usability Inspection Methods, Nielsen J, Mack RL (eds.). Wiley: New York, 1994; 25-62.
24. Nielsen J. How to conduct a heuristic evaluation, 1994.
25. Spencer R. The streamlined cognitive walkthrough method, working around social constraints encountered in a software development company. CHI 2000, The Hague, The Netherlands, 2000. ACM Press: New York, 2000; 353-359.
26. Desurvire HW. Faster cheaper !! Are usability inspection methods as effective as empirical testing? Usability Inspection Methods, Nielsen J, Mack RL (eds.). Wiley: New York, 1994; 173-202.
27. Cooper A. The inmates are running the asylum: Why high-tech products drive us crazy and how to restore the sanity. Sams, 1999.
28. Sasse A, Brostoff S, Weirich D. Transforming the 'weakest link' - a human-computer interaction approach to usable and effective security. BT Technology Journal 19(3): 122-131.