Usable set-up of runtime security policies

Information Management and Computer Security

Volumn 15, Issue 5, 2007, Pages 394-407

  Herzog, Almut ^a   Shahmehri, Nahid ^a  

^a LINKÖPING UNIVERSITY   (Sweden)

Author keywords

Business policy; Data security; Internet; Java

Indexed keywords

COMPUTER SOFTWARE; INTERNET; JAVA PROGRAMMING LANGUAGE; SOFTWARE ENGINEERING;

BUSINESS POLICY; RUNTIME SECURITY POLICIES; SECUITY OF SOFTWARE;

SECURITY OF DATA;

EID: 34948857053     PISSN: 09685227     EISSN: None     Source Type: Journal    
DOI: 10.1108/09685220710831134     Document Type: Article

References (26)

1. Brostoff, S., Sasse, M.A., Chadwick, D., Cunningham, J., Mbanaso, U. and Otenko, S. (2005), "'R-what?' development of a role-based access control policy-writing tool for e-scientists", Software - Practice & Experience, Vol. 35, pp. 835-56.
2. Damianou, N., Dulay, N., Lupu, E. and Sloman, M. (2001), "The ponder policy specification language", Proceedings of the International Workshop on Policies for Distributed Systems and Networks (Policy'01), Volume LNCS 1995, Springer, New York, NY, pp. 18-38.
3. Garfinkel, S.L. (2005), "Design principles and patterns for computer systems that are simultaneously secure and usable", PhD thesis, Massachusetts Institute of Technology, Cambridge, MA.
4. Gong, L., Ellison, G. and Dageforde, M. (2003), Inside Java 2 Platform Security: Architecture, API Design, and Implementation, 2nd ed., Addison-Wesley, Reading, MA.
5. Hardee, J.B., West, R. and Mayhorn, C.B. (2006), "To download or not to download: An examination of computer security decision making", Interactions, Vol. 13 No. 3, pp. 32-7.
6. Hauswirth, M., Kerer, C. and Kurmanowytsch, R. (2000), "A secure execution framework for Java", Proceedings of the 7th ACM Conference on Computer and Communications Security (CCS'00), ACM Press, New York, NY, pp. 43-52.
7. Herrmann, P. and Krumm, H. (2001), "Trust-adapted enforcement of security policies in distributed component-structured applications", Proceedings of the 6th IEEE Symposium on Computers and Communications, IEEE, Piscataway, NJ, pp. 2-8.
8. Herzog, A. (2006), "A pilot study on setting an applet access control policy", Technical report, Linköpings universitet, Department of Computer and Information Science, Stockholm.
9. Herzog, A. and Shahmehri, N. (2005), "Performance of the Java security manager", Computers & Security, Vol. 24 No. 3, pp. 192-207.
10. Herzog, A. and Shahmehri, N. (2006), "A usability study of security policy management", in Fischer-Hübner, S., Rannenberg, K. and Louise Yngström, S.L. (Eds), Security and Privacy in Dynamic Environments, Proceedings of the 21st International Information Security Conference (IFIP TC-11) (SEC'06), Springer, New York, NY, pp. 296-306.
11. Herzog, A. and Shahmehri, N. (2007), "Usability and security of personal firewalls", Proceedings of the International Information Security Conference (IFIP TC-11) (SEC'07), Springer, New York, NY.
12. Johnston, J., Eloff, J.H.P. and Labuschagne, L. (2003), "Security and human computer interfaces", Computers & Security, Vol. 22 No. 8, pp. 675-84.
13. Kagal, L., Finin, T. and Joshi, A. (2003), "A policy based approach to security for the semantic web", Proceedings of the International Semantic Web Conference (ISWC'03), Volume LNCS2870, Springer, New York, NY, pp. 402-18.
14. Leveson, N. (1995), Safeware: System Safety and Computers, Addison-Wesley, Reading, MA.
15. Nielsen, J. (1993), Usability Engineering, Morgan Kaufmann Publisher, San Fransisco, CA.
16. Nielsen, J. (1994), "Heuristic evaluation", in Nielsen, J. and Mack, R.L. (Eds), Usability Inspection Methods, Wiley, New York, NY, pp. 25-62.
17. Pettersson, J.S. (2005), "HCI guidance and proposals", Deliverable D06.1.c, PRIME Project.
18. Saltzer, J.H. and Schroeder, M.D. (1975), "The protection of information in computer systems", Proceedings of the IEEE, Vol. 63 No. 9, pp. 1278-308.
19. Sasse, M.A., Brostoff, S. and Weirich, D. (2003), "Transforming the weakest link - a human/computer interaction approach to usable and effective security", BT Technology Journal, Vol. 19 No. 3, pp. 122-31.
20. Seamons, K.E., Winslett, M., Yu, T., Smith, B., Child, E., Jacobson, J., Mills, H. and Yu, L. (2002), "Requirements for policy languages for trust negotiation", Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (Policy'02), IEEE, Piscataway, NJ, pp. 68-79.
21. Shneiderman, B. and Plaisant, C. (2004), Designing the User Interface, 4th ed., Addison-Wesley, Reading, MA.
22. Snyder, C. (2003), Paper Prototyping, Morgan Kaufmann Publishers, San Fransisco, CA.
23. Whitten A. (2004), "Making security usable", PhD thesis, School of Computer Science, Carnegie Mellon University, Pittsburgh, PA, CMU-CS-04-135.
24. Whitten, A. and Tygar, J.D. (1999), "Why Johnny can't encrypt: A usability evaluation of PGP 5.0", Proceedings of the 8th USENIX Security Symposium (Security'99). Usenix.
25. Yee, K-P. (2002), "User interaction design for secure systems", Proceedings of the International Conference on Information and Communications Security (ICICS'02), Springer, New York, NY, pp. 278-90.
26. Zurko, M.E., Simon, R. and Sanfilippo, T. (1999), "A user-centered, modular authorization service built on an RBAC foundation", Proceedings of the IEEE Symposium on Security and Privacy, IEEE, Piscataway, NJ, pp. 57-71.