Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Formal Definitions for Usable Access Control Rule Sets: From Goals to Metrics
Technische Universit├Ąt Darmstadt,, Germany.
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science. (Privacy and Security Group)
2013 (English)In: Proceedings of the Ninth Symposium on Usable Privacy and Security, Association for Computing Machinery (ACM), 2013, p. 2:1-2:11Conference paper, Published paper (Refereed)
Abstract [en]

Access control policies describe high level requirements for access control systems. Access control rule sets ideally trans-late these policies into a coherent and manageable collectionof Allow/Deny rules. Designing rule sets that reflect desired policies is a difficult and time-consuming task. The result is that rule sets are difficult to understand and manage. The goal of this paper is to provide means for obtaining usable access control rule sets, which we define as rule sets that (i) reflect the access control policy and (ii) are easy to understand and manage. In this paper, we formally define the challenges that users face when generating usable access control rule sets and provide formal tools to handle them more easily. We started our research with a pilot study in which specialists were interviewed. The objective was to list usability challenges regarding the management of access control rule sets and verify how those challenges were handled by specialists. The results of the pilot study were compared and combined with results from related work and refined into six novel, formally defined metrics that are used to measure the security and usability aspects of access control rule sets. We validated our findings with two user studies, which demonstrate that our metrics help users generate statistically significant better rule sets.

Place, publisher, year, edition, pages
Association for Computing Machinery (ACM), 2013. p. 2:1-2:11
Keywords [en]
access control, complexity measures, user / machine systems
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-29005DOI: 10.1145/2501604.2501606ISBN: 978-1-4503-2319-2 (print)OAI: oai:DiVA.org:kau-29005DiVA, id: diva2:647575
Conference
Ninth Symposium on Usable Privacy and Security
Funder
EU, FP7, Seventh Framework Programme, 317550Available from: 2013-09-11 Created: 2013-09-11 Last updated: 2018-01-11Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full text

Authority records BETA

Martucci, Leonardo

Search in DiVA

By author/editor
Martucci, Leonardo
By organisation
Department of Mathematics and Computer Science
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 81 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf