A user study of policy creation in a flexible access-control system

Conference on Human Factors in Computing Systems - Proceedings

Volumn , Issue , 2008, Pages 543-552

  Bauer, Lujo ^a   Cranor, Lorrie Faith ^a   Reeder, Robert W ^a   Reiter, Michael K ^a,b   Vaniea, Kami ^a  

^a CARNEGIE MELLON UNIVERSITY   (United States)

^b UNIVERSITY OF NORTH CAROLINA   (United States)

Author keywords

Access control; Discretionary access control; Distributed access control; Policy creation; Smartphones

Indexed keywords

CONTROL SYSTEMS; HUMAN ENGINEERING; SECURITY SYSTEMS; SIGNAL ENCODING;

ACCESS POLICIES; ACCESS-CONTROL SYSTEMS; CONTROL POLICIES; DISCRETIONARY ACCESS CONTROL; DISTRIBUTED ACCESS CONTROL; LANGUAGES AND SYSTEMS; OFFICE ENVIRONMENTS; PHYSICAL SECURITIES; POLICY CREATION; SMARTPHONES; USER STUDIES;

ACCESS CONTROL;

EID: 57649195178     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1357054.1357143     Document Type: Conference Paper

References (15)

1. M. Abadi. On SDSI's linked local name spaces. Journal of Computer Security, 6(1-2):3-21, Oct. 1998.
2. A. W. Appel and E. W. Felten. Proof-carrying authentication. In 6th ACM Conference on Computer and Communications Security, Nov. 1999.
3. L. Bauer, L. F. Cranor, M. K. Reiter, and K. Vaniea. Lessons learned from the deployment of a smartphone-based access-control system. In Symposium On Usable Privacy and Security, July 2007.
4. L. Bauer, S. Garriss, J. M. McCune, M. K. Reiter, J. Rouse, and P. Rutenbar. Device-enabled authorization in the Grey system. In Proceedings of the 8th Information Security Conference, Sept. 2005.
5. L. Bauer, S. Garriss, and M. K. Reiter. Efficient proving for practical distributed access-control systems. In Computer Security-ESORICS 2007: 12th European Symposium on Research in Computer Security, Sept. 2007.
6. A. Beaufour and P. Bonnet. Personal servers as digital keys. In 2nd IEEE International Conference of Pervasive Computing and Communications, Mar. 2004.
7. X. Cao and L. Iverson. Intentional access management: Making access control usable for end-users. In Symposium On Usable Privacy and Security, 2006.
8. D. F. Ferraiolo, D. M. Gilbert, and N. Lynch. An examination of federal and commercial access control policy needs. In 16th National Computer Security Conference, pages 107-116, 1993.
9. A. Kapadia, G. Sampemane, and R. H. Campbell. KNOW Why your access was denied: regulating feedback for usable security. In 11th ACM Conference on Computer and Communications Security, 2004.
10. S. Lederer, J. I. Hong, A. K. Dey, and J. A. Landay. Personal privacy through understanding and action: Five pitfalls for designers. Personal and Ubiquitous Computing, 8(6):440-454, 2004.
11. N. Li and J. C. Mitchell. Understanding SPKI/SDSI using first-order logic. International Journal of Information Security, 2004.
12. N. Li, J. C. Mitchell, and W. H. Winsborough. Design of a role-based trust management framework. In IEEE Symposium on Security and Privacy, May 2002.
13. R. A. Maxion and R. W. Reeder. Improving user-interface dependability through mitigation of human error. International Journal of Human-Computer Studies, 63(1-2), 2005.
14. T. Whalen, D. Smetters, and E. F. Churchill. User experiences with sharing and access control. In CHI '06: CHI '06 extended abstracts on Human factors in computing systems, pages 1517-1522, 2006.
15. F. Zhu, M. W. Mutka, and L. M. Ni. The master key: A private authentication approach for pervasive computing environments. In 4th IEEE International Conference on Pervasive Computing and Communications, pages 212-221, 2006.