Expandable grids for visualizing and authoring computer security policies

Conference on Human Factors in Computing Systems - Proceedings

Volumn , Issue , 2008, Pages 1473-1482

  Reeder, Robert W ^a   Bauer, Lujo ^a   Cranor, Lorrie Faith ^a   Reiter, Michael K ^a,b   Bacon, Kelh ^c   How, Keisha ^a   Strong, Heather ^a  

^a CARNEGIE MELLON UNIVERSITY   (United States)

^b UNIVERSITY OF NORTH CAROLINA   (United States)

^c GONZAGA UNIVERSITY   (United States)

Author keywords

Expandable Grid; File permissions; Policy; Security; Visualization

Indexed keywords

HUMAN ENGINEERING; SECURITY OF DATA; SECURITY SYSTEMS; USER INTERFACES; VISUALIZATION; WINDOWS;

COMPUTER SECURITIES; EXPANDABLE GRID; FILE PERMISSIONS; INTERACTION TECHNIQUES; MATRIXES; MICROSOFT WINDOWS XP; OPERATING SYSTEMS; POLICY; SECURITY; SECURITY POLICIES; USER STUDIES; WINDOWS XP;

WINDOWS OPERATING SYSTEM;

EID: 56449119921     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1357054.1357285     Document Type: Conference Paper

References (11)

1. X. Cao and L. Iverson. Intentional access management: Making access control usable for end-users. In Proc. of the Second Symposium on Usable Privacy and Security (SOUPS 2006), pages 20-31, 2006.
2. N. S. Good and A. Krekelberg. Usability and privacy: a study of Kazaa P2P file-sharing. In Proceedings of the ACM SIGCHI Conference on Human Factors in Computing Systems(CHI 2003), pages 137-144, New York, NY, April 2003.
3. J. Karat, C.-M. Karat, C. Brodie, and J. Feng. Privacy in information technology: Designing to enable privacy policy management in organizations. International Journal of Human-Computer Studies, 63(1-2):153-174, July 2005.
4. B. W. Lampson. Protection. Operating Systems Review, 8(1): 18-24, January 1974. Reprint of the original from Proceedings of the Fifth Princeton Symposium on Information Sciences and Systems (Princeton University, March, 1971), 437-443.
5. R. A. Maxion and R. W. Reeder. Improving user-interface dependability through mitigation of human error. International Journal of Human-Computer Studies, 63(1-2):25-50, July 2005.
6. M. C. Mont, R. Thyne, and P. Bramhall. Privacy enforcement with HP Select Access for regulatory compliance. Technical Report HPL-2005-10, HP Laboratories Bristol, Bristol, UK, January 2005. Available at http: //www.hpl.hp.com/ techreports/2005/HPL-2005-10.pdf. Accessed on January 10, 2008.
7. J. Rode, C. Johansson, P. DiGioia, R. S. Filho, K. Nies, D. H. Nguyen, J. Ren, P. Dourish, and D. Redmiles. Seeing further: Extending visualization as a basis for usable security. In Proceedings of the Second Symposium on Usable Privacy and Security (SOUPS 2006), pages 145-155, 2006.
8. The Open Group Research Institute. Adage system overview. Available at http: //www.memesoft. com/adage/SystemSpec.ps.Accessed on September 20, 2006.
9. U.S. Senate Sergeant at Arms. Report on the investigation into improper access to the Senate Judiciary Committee's computer system, March 2004. Available at http: //judiciary.senate.gov/testimony.cfm?id=1085&wit-id=2514. Accessed on January 10, 2008.
10. M. E. Zurko. Adage usability testing results: Formal testing affinity mapping and questionnaire. Available at http: //www.memesoft.com/adage/affinity. ps. Accessed on September 20, 2006.
11. M. E. Zurko, R. Simon, and T. Sanfilippo. A user-centered, modular authorization service built on an RBAC foundation. In Proceedings 1999 IEEE Symposium on Security and Privacy, pages 57-71, Los Alamitos, CA, May 1999.