More than skin deep
作者: Robert W. Reeder , Lujo Bauer , Lorrie F. Cranor , Michael K. Reiter , Kami Vaniea
关键词:
摘要: In access-control systems, policy rules conflict when they prescribe different decisions (allow or deny) for the same access. We present results of a user study that demonstrates significant impact conflict-resolution method on policy-authoring usability. our 54 participants, varying yielded statistically differences in accuracy five six tasks we tested, including rates up to 78%. Our suggest favoring smaller scope over larger is more usable than Microsoft Windows operating system's deny allow rules. Perhaps importantly, demonstrate even seemingly small changes semantics can fundamentally affect usability ways are beyond power interfaces correct.
tdp.cat
acm.org参考文章(47)
M. Angela Sasse, Sacha Brostoff, Sassa Otenko, Uche Mbanaso, David Chadwick, James Cunningham, ‘ R-Whatq ’ Development of a role-based access control policy-writing tool for e-Scientists: Research Articles Software - Practice and Experience. ,vol. 35, pp. 835- 856 ,(2005) , 10.1002/SPE.V35:9
Adrienne Porter Felt, Kate Greenwood, David Wagner, The effectiveness of application permissions usenix conference on web application development. pp. 7- 7 ,(2011)
Ross Anderson, Hassen Saïdi, Rubin Xu, Aurasium: practical policy enforcement for Android applications usenix security symposium. pp. 27- 27 ,(2012)
Daniel J. Dougherty, Kathi Fisler, Shriram Krishnamurthi, Specifying and Reasoning About Dynamic Access-Control Policies Automated Reasoning. pp. 632- 646 ,(2006) , 10.1007/11814771_51
Roger Dingledine, Nick Mathewson, Paul Syverson, Tor: the second-generation onion router usenix security symposium. pp. 21- 21 ,(2004) , 10.21236/ADA465464
M.E. Zurko, R. Simon, T. Sanfilippo, A user-centered, modular authorization service built on an RBAC foundation ieee symposium on security and privacy. pp. 57- 71 ,(1999) , 10.1109/SECPRI.1999.766718
William Enck, Patrick McDaniel, Jaeyeon Jung, Byung-Gon Chun, Peter Gilbert, Anmol N. Sheth, Landon P. Cox, TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones operating systems design and implementation. pp. 393- 407 ,(2010) , 10.5555/1924943.1924971
Lujo Bauer, Lorrie Faith Cranor, Robert W. Reeder, Michael K. Reiter, Kami Vaniea, A user study of policy creation in a flexible access-control system Proceeding of the twenty-sixth annual CHI conference on Human factors in computing systems - CHI '08. pp. 543- 552 ,(2008) , 10.1145/1357054.1357143
Nathaniel S. Good, Aaron Krekelberg, Usability and privacy: a study of Kazaa P2P file-sharing human factors in computing systems. pp. 137- 144 ,(2003) , 10.1145/642611.642636
Christopher Mann, Artem Starostin, A framework for static detection of privacy leaks in android applications acm symposium on applied computing. pp. 1457- 1462 ,(2012) , 10.1145/2245276.2232009