Intentional access management: Making access control usable for end-users

ACM International Conference Proceeding Series

Volumn 149, Issue , 2006, Pages 20-31

  Xiang, Cao ^a   Iverson, Lee ^a  

^a UNIVERSITY OF BRITISH COLUMBIA   (Canada)

Author keywords

Access control; Intentional access management; Usability; WebDAV

Indexed keywords

COMPUTER PROGRAMMING; DECISION MAKING; PROBLEM SOLVING; SOFTWARE PROTOTYPING; USABILITY ENGINEERING; USER INTERFACES; WEB SERVICES;

CONTROL MECHANISMS; CONTROL PUZZLE; INTENTIONAL ACCESS MANAGEMENT; WEBDAV;

ACCESS CONTROL;

EID: 34250753855     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1143120.1143124     Document Type: Conference Paper

References (19)

1. Adams, A. and Sasse, M. A. Users are not the enemy. Comm. ACM, vol. 42, no. 12, 1999, 41-46.
2. Balfanz, D., Durfee, G., Smetters, D.K., and Grinter, R.E. In search of usable security: five lessons from the field. IEEE Security & Privacy Magazine, vol. 2, no. 5, 2004, 19-24.
3. Brostoff, S., Sasse, M. A., Chadwick, D., Cunningham, J., Mbanaso, U., and Otenko, S. R-What? Development of a role-based access control (RBAC) policy-writing tool for e-scientists. Software: Practice and Experience, vol. 35, no. 9, July 2005, 835-856.
4. Clemm, G., Reschke, J., Sedlar, E., and Whitehead, J. Web Distributed Authoring and Versioning (WebDAV) Access Control Protocol. RFC 3744. May 2004. http://www.ietf.org/rfc/rfc3744.txt.
5. DAV Explorer, http://www.ics.uci.edu/~webdav/
6. Dussault, L. WebDAV benefits for the enterprise and its denizens. DM Direct Newsletter, Dmreview.com, June 27, 2003. http://www.dmreview.com/ article_sub.cfm?articleID=6971
7. Goland, Y., Whitehead, E., Faizi, A., Carter, S.R., and Jensen, D. HTTP Extensions for Distributed Authoring - WEBDAV. RFC 2518. Feb. 1999. http://www.ietf.org/rfc/rfc2518.txt.
8. Jakarta Slide project, http://jakarta.apache.org/slide/
9. Kapadia, A., Sampemane, G., and Campbell, R. Know why your access was denied: regulating feedback for usable security. In Proceedings of the 11th ACM conference on Computers and Communications Security (CCS), Washington DC, Oct 25-29 2004.
10. Lampson, B. Protection. In Proceedings of the Fifth Princeton Symposium on Information Sciences and Systems, Princeton University, March 1971, 437-443.
11. Maxion, R.A. and Reeder, R.W. Improving user-interface dependability through mitigation of human error. International Journal of Human-Computer Studies, vol. 63, 2005, 23-50.
12. Norman, D. The Design of Everyday Things. Basic Books, New York, 2002.
13. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., and Youman, C.E. Role-based access control models. IEEE Computer, vol. 29, no. 2, February 1996, 38-47.
14. Sheehan, K. Towards a typology of Internet users and online privacy concerns. The Information Society, vol. 18, 2002, 21-23.
15. Whitten, A. and Tygar, J.D. Why Johnny can't encrypt: a usability evaluation of POP 5.0. In Proceedings of 8th Usenix Security Symposium, Usenix Assoc., 1999, 169-184.
16. Wilson, A., Burnett, M., Beckwith, L., Granatir, O., Casburn, L., Cook, C., Durham, M., and Rothermel, G. Harnessing curiosity to increase correctness in end-user programming. In Proceedings of ACM Conference on Human Factors in Computing Systems, Ft. Lauderdale, FL, April 2003.
17. Yee, K.-P. User interaction design for secure systems. In Proceedings of 4th International Conference on Information and Communications Security, Deng R. et al., eds., LNCS 2513 Springer, 2002,278-290; http://zestv.ca/sid.
18. Zurko, M. E. and Simon, R. T. User-centered security. In Proceedings of the ACM New Security Paradigms Workshop, 1996, 27-33.
19. Zurko, M. E., Simon, R., and Sanfilippo, T. A user-centered, modular authorization service built on an RBAC foundation. In Proceedings of the IEEE Symposium on Security and Privacy, 9-12 May 1999, 57-71.