Usable set-up of runtime security policies

Proceedings of the International Symposium on Human Aspects of Information Security and Assurance, HAISA 2007

Volumn , Issue , 2007, Pages 99-113

  Herzog, A ^a   Shahmehri, N ^a  

^a LINKÖPING UNIVERSITY   (Sweden)

Author keywords

Access control; Application surveillance; Java; Security policy management; Usability

Indexed keywords

ACCESS CONTROL; COMPUTATIONAL LINGUISTICS; JAVA PROGRAMMING LANGUAGE; MOBILE SECURITY; SECURITY OF DATA; SECURITY SYSTEMS; SEMANTIC WEB;

DESIGN AND EVALUATIONS; JAVA; JAVA APPLICATIONS; SECURITY DOMAINS; SECURITY POLICY MANAGEMENT; TECHNICAL SOLUTIONS; USABILITY; USABILITY AND SECURITY;

COMPUTER VIRUSES;

EID: 84873208320     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (27)

1. Brostoff, S., Sasse, M. A., Chadwick, D., Cunningham, J., Mbanaso, U., and Otenko, S. (2005). 'R-What?' Development of a role-based access control policy-writing tool for escientists. Software-Practice and Experience, 35:835-856.
2. Damianou, N., Dulay, N., Lupu, E., and Sloman, M. (2001). The Ponder policy specification language. In Proceedings of the International Workshop on Policies for Distributed Systems and Networks (Policy'01), volume LNCS 1995, pages 18-38. Springer-Verlag.
3. Garfinkel, S. L. (2005). Design Principles and Patterns for Computer Systems That Are Simultaneously Secure and Usable. PhD thesis, Massachusetts Institute of Technology.
4. nd edition.
5. Hardee, J. B., West, R., and Mayhorn, C. B. (2006). To download or not to download: an examination of computer security decision making. interactions, 13(3):32-37.
6. th ACM Conference on Computer and Communications Security (CCS'00), pages 43-52. ACM Press.
7. Herrmann, P. and Krumm, H. (2001). Trust-adapted enforcement of security policies in distributed component-structured applications. In Proceedings of the 6th IEEE Symposium on Computers and Communications, pages 2-8. IEEE.
8. Herzog, A. (2006). A pilot study on setting an applet access control policy. Technical report, Linköpings universitet, Dept. of Computer and Information Science.
9. Herzog, A. and Shahmehri, N. (2005). Performance of the Java security manager. Computers & Security, 24(3):192-207.
10. st International Information Security Conference (IFIP TC-11) (SEC'06), pages 296-306. Springer-Verlag.
11. Herzog, A. and Shahmehri, N. (2007). Usability and security of personal firewalls. Accepted for publication in Proceedings of the International Information Security Conference (IFIP TC-11) (SEC'07). Springer-Verlag.
12. Johnston, J., Eloff, J. H. P., and Labuschagne, L. (2003). Security and human computer interfaces. Computers & Security, 22(8):675-684.
13. Kagal, L., Finin, T., and Joshi, A. (2003). A policy based approach to security for the semantic web. In Proceedings of the International Semantic Web Conference (ISWC'03), volume LNCS2870, pages 402-418. Springer-Verlag.
14. Leveson, N. (1995). Safeware: System Safety and Computers. Addison Wesley.
15. Nielsen, J. (1993). Usability Engineering. Morgan Kaufmann Publishers.
16. Nielsen, J. (1994). Heuristic evaluation. In Nielsen, J. and Mack, R. L., editors (1994). Usability Inspection Methods. Wiley & Sons, pages 25-62.
17. Pettersson, J. S. (2005). HCI guidance and proposals. Deliverable D06.1.c, PRIME Project.
18. Saltzer, J. H. and Schroeder, M. D. (1975). The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278-1308.
19. Sasse, M. A., Brostoff, S., and Weirich, D. (2003). Transforming the weakest link-a human/computer interaction approach to usable and effective security. BT Technology Journal, 19(3):122-131.
20. rd International Workshop on Policies for Distributed Systems and Networks (Policy'02), pages 68-79. IEEE.
21. th edition.
22. Snyder, C. (2003). Paper Prototyping. Morgan Kaufmann Publishers.
23. Whitten, A. (2004). Making Security Usable. PhD thesis, School of Computer Science, Carnegie Mellon University. CMU-CS-04-135.
24. th USENIX Security Symposium (Security'99). Usenix.
25. Winsborough, W. H., Seamons, K. E., and Jones, V. E. (2000). Automated trust negotiation. In Proceedings of the DARPA Information Survivability Conference & Exposition (DISCEX'00), vol. 1, pages 88-102. IEEE.
26. Yee, K.-P. (2002). User interaction design for secure systems. In Proceedings of the International Conference on Information and Communications Security (ICICS'02), pages 278-290. Springer-Verlag.
27. Zurko, M. E., Simon, R., and Sanfilippo, T. (1999). A user-centered, modular authorization service built on an RBAC foundation. In Proceedings of the IEEE Symposium on Security and Privacy, pages 57-71. IEEE.