Usability challenges in security and privacy policy-authoring interfaces

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 4663 LNCS, Issue PART 2, 2007, Pages 141-155

  Reeder, Robert W ^a   Karat, Clare Marie ^b   Karat, John ^b   Brodie, Carolyn ^b  

^a CARNEGIE MELLON UNIVERSITY   (United States)

^b IBM T J WATSON RESEARCH CENTER   (United States)

Author keywords

Policy; Policy authoring; Privacy; Security; Usability

Indexed keywords

DATA PRIVACY; PUBLIC POLICY; UBIQUITOUS COMPUTING; COMPUTER PRIVACY; DIGITAL STORAGE; DISTRIBUTED COMPUTER SYSTEMS; SECURITY OF DATA; USABILITY ENGINEERING; USER INTERFACES;

POLICY-AUTHORING; SECURITY; USABILITY; DISTRIBUTED DATA STORAGES; NETWORKED APPLICATIONS; ONLINE PRIVACY; PRIVACY POLICIES; RULE CONFLICT; SECURITY AND PRIVACY;

HUMAN COMPUTER INTERACTION;

EID: 38049152588     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-74800-7_11     Document Type: Conference Paper

References (19)

1. Karat, J., Karat, C.-M., Brodie, C., Feng, J.: Privacy in information technology: Designing to enable privacy policy management in organizations. International Journal of Human-Computer Studies 63(1-2), 153-174 (2005)
2. Cao, X., Iverson, L.: Intentional access management: Making access control usable for end-users. In: Proceedings of the Second Symposium on Usable Privacy and Security (SOUPS 2006), New York, NY, pp. 20-31. ACM Press, New York (2006)
3. Good, N.S., Krekelberg, A.: Usability and privacy: a study of Kazaa P2P file-sharing. In: Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems(CHI 2003), New York, NY, April 2003, pp. 137-144. ACM Press, New York (2003)
4. Maxion, R.A., Reeder, R.W.: Improving user-interface dependability through mitigation of human error. International Journal of Human-Computer Studies 63(1-2), 25-50 (2005)
5. Cranor, L.F., Guduru, P., Arjula, M.: User interfaces for privacy agents. ACM Transactions on Computer-Human Interaction 13(2), 135-178 (2006)
6. U.S. Senate Sergeant at Arms: Report on the investigation into improper access to the Senate Judiciary Committee's computer system (2004), available at http://judiciary.senate.gov/test imony.cfm?id=1085\&wit_id=2514
7. Karat, C.-M., Karat, J., Brodie, C., Feng, J.: Evaluating interfaces for privacy policy rule authoring. In: Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems(CHI 2006), New York, NY, pp. 83-92. ACM Press, New York (2006)
8. Lederer, S., Mankoff, J., Dey, A.K., Beckmann, C.P.: Managing personal information disclosure in ubiquitous computing environments. Technical Report UCB-CSD-03-1257, University of California, Berkeley, Berkeley, CA (2003), available at http://www.eecs.berkeley.edu/Pubs/TechRpts/2003/CSD-03-1257.pdf
9. Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise Privacy Architecture Language (EPAL 1.2). W3C Member Submission 10-Nov-2003 (2003), available at http:www.w3.org/Submission/EPAL
10. Al-Shaer, E.S., Hamed, H.H.: Firewall Policy Advisor for anomaly discovery and rule editing. In: Marshall, A., Agoulmine, N. (eds.) MMNS 2003. LNCS, vol. 2839, pp. 17-30. Springer, Heidelberg (2003)
11. Ericsson, K.A., Simon, H.A.: Protocol Analysis: Verbal Reports as Data. Revised edn., MIT Press, Cambridge, MA (1993)
12. Brodie, C., Karat, C.M., Karat, J.: An empirical study of natural language parsing of privacy policy rules using the SPARCLE policy workbench. In: Proceedings of the 2006 Symposium on Usable Privacy and Security (SOUPS 2006), New York, NY, July 2006, pp. 8-19. ACM Press, New York (2006)
13. Agrawal, D., Giles, J., Lee, K.-W., Lobo, J.: Policy ratification. In: Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2005), Los Alamitos, CA, June 2005, pp. 223-232. IEEE Computer Society Press, Los Alamitos (2005)
14. Fisler, K., Krishnamurthi, S., Meyerovich, L.A., Tschantz, M.C.: Verification and change-impact analysis of access-control policies. In: ICSE 2005, pp. 196-205. IEEE Computer Society Press, Los Alamitos (2005)
15. Lederer, S., Hong, J.I., Jiang, X., Dey, A.K., Landay, J.A., Mankoff, J.: Towards everyday privacy for ubiquitous computing. Technical Report UCB-CSD-03-1283, University of California, Berkeley, Berkeley, CA (2003), available at http://www.eecs.berkeley.edu/Pubs/TechRpts/2003/CSD-03-1283.pdf
16. Cranor, L.F.: Web Privacy with P3P. O'Reilly, Sebastopol, CA (2002)
17. Zurko, M.E., Simon, R., Sanfilippo, T.: A user-centered, modular authorization service built on an RBAC foundation. In: Proceedings 1999 IEEE Symposium on Security and Privacy, Los Alamitos, CA, May 1999, pp. 57-71. IEEE Computer Society Press, Los Alamitos (1999)
18. Molich, R., Nielsen, J.: Improving a human-computer dialogue. Communications of the ACM 33(3), 338-348 (1990)
19. Lederer, S., Hong, J., Dey, A.K., Landay, J.: Personal privacy through understanding and action: Five pitfalls for designers. Personal and Ubiquitous Computing 8(6), 440-454 (2004)