Password Policy Languages: Usable Translation from the Informal to the Formal
作者: Michelle Steves , Mary Theofanos , Celia Paulsen , Athos Ribeiro
DOI: 10.1007/978-3-319-20376-8_11
关键词: Computer security 、 Password policy 、 Interface (Java) 、 World Wide Web 、 Computer science 、 Password management 、 Cognitive password 、 Password 、 USable
摘要: Password policies --- documents which regulate how users must create, manage, and change their passwords can have complex unforeseen consequences on organizational security. Since these user behavior, be clear as to what is expected of them. Unfortunately, current are written in language that often ambiguous. To tackle ambiguity, we previously developed a formal for stating behavior not allowed regarding password management. manual translation the policy this time consuming error prone. This work focuses providing an interface generate accurate models interpretations policy. will aid research, formalization, ultimately more usable policies. paper describes requirements, design, high-level application features, validation, testing, includes discussion progress.
springer.com
sci-hub.st 参考文章(24)
Thomas D. Wu, A Real-World Analysis of Kerberos Password Security. network and distributed system security symposium. ,(1999)
Matteo Dell'Amico, Pietro Michiardi, Yves Roudier, Password Strength: An Empirical Analysis international conference on computer communications. pp. 983- 991 ,(2010) , 10.1109/INFCOM.2010.5461951
D.V. Klein, Foiling the cracker: A survey of, and improvements to, password security Programming and Computer Software. ,vol. 17, ,(1992)
Wayne C. Summers, Edward Bosworth, Password policy: the good, the bad, and the ugly Proceedings of the winter international synposium on Information and communication technologies. pp. 1- 6 ,(2004) , 10.5555/984720.984724
Richard Shay, Abhilasha Bhargav-Spantzel, Elisa Bertino, Password policy simulation and analysis Proceedings of the 2007 ACM workshop on Digital identity management - DIM '07. pp. 1- 10 ,(2007) , 10.1145/1314403.1314405
Steven Furnell, An assessment of website password practices Computers & Security. ,vol. 26, pp. 445- 451 ,(2007) , 10.1016/J.COSE.2007.09.001
Wenjuan Xu, Mohamed Shehab, Gail-Joon Ahn, Visualization based policy analysis Proceedings of the 13th ACM symposium on Access control models and technologies - SACMAT '08. pp. 165- 174 ,(2008) , 10.1145/1377836.1377863
Stephen Farrell, Password Policy Purgatory IEEE Internet Computing. ,vol. 12, pp. 84- 87 ,(2008) , 10.1109/MIC.2008.108
Mohammad Mannan, P. C. van Oorschot, Security and usability: the gap in real-world online banking new security paradigms workshop. pp. 1- 14 ,(2008) , 10.1145/1600176.1600178
Carolyn Brodie, Clare-Marie Karat, John Karat, Jinjuan Feng, Usable security and privacy: a case study of developing privacy management tools symposium on usable privacy and security. pp. 35- 43 ,(2005) , 10.1145/1073001.1073005