Effects of Access-Control Policy Conflict-Resolution Methods on Policy-Authoring Usability (CMU-CyLab-09-006)
نویسندگان
چکیده
Access-control policies can be stated more succinctly if they support both rules that grant access and rules that deny access, but this introduces the possibility that multiple rules will give conflicting conclusions for an access. In this paper, we compare a new conflict-resolution method, which uses first specificity and then deny precedence, to the conflictresolution method used by Windows NTFS, which sometimes uses deny precedence before specificity. We show that our conflict-resolution method leads to a more usable policyauthoring system compared with the Windows method. We implemented both conflict-resolution methods in a simulated Windows NTFS file system and built a state-of-the-art policy authoring interface on top of the simulated file system. We ran a user study to compare policy authors’ performance with each conflict-resolution method on a range of file-permissions policy-authoring tasks. Our results show that the conflict-resolution method has a significant effect on usability, and that, though no conflict-resolution method can be optimal for all tasks, our specificity-based conflictresolution method is generally superior, from a usability perspective, to the Windows deny-based method. Ours is the first user study we are aware of that demonstrates empirically the effect that an access-control semantics can have on usability, independent of the graphical user interface.
منابع مشابه
Effects of Access-Control Policy Conflict-Resolution Methods on Policy-Authoring Usability
Access-control policies can be stated more succinctly if they support both rules that grant access and rules that deny access, but this introduces the possibility that multiple rules will give conflicting conclusions for an access. In this paper, we compare a new conflict-resolution method, which uses first specificity and then deny precedence, to the conflictresolution method used by Windows N...
متن کاملAccess Control for Home Data Sharing: Attitudes, Needs and Practices (CMU-CyLab-09-013, CMU-PDL-09-110)
As digital content becomes more prevalent in the home, nontechnical users are increasingly interested in sharing that content with others and accessing it from multiple devices. Not much is known about how these users think about controlling access to this data. To better understand this, we conducted semi-structured, in-situ interviews with 33 users in 15 households. We found that users create...
متن کاملUsability Challenges in Security and Privacy Policy-Authoring Interfaces
Policies, sets of rules that govern permission to access resources, have long been used in computer security and online privacy management; however, the usability of authoring methods has received limited treatment from usability experts. With the rise in networked applications, distributed data storage, and pervasive computing, authoring comprehensive and accurate policies is increasingly impo...
متن کاملThe Process of Policy Authoring of Patient-Controlled Privacy Preferences
Discussions about appropriate security controls to protect medical records led to the understanding that the patient her-/himself plays a crucial role in networked electronic health-care. Patients have individual privacy concerns and may want to execute their personal right of self-determination on access and usage of their medical records. The ability for patients to have control over their pe...
متن کاملDetecting and Resolving Policy Misconfigurations in Access-Control Systems (CMU-CyLab-08-004)
Access-control policy misconfigurations that cause requests to be erroneously denied can result in wasted time, user frustration and, in the context of particular applications (e.g., health care), very severe consequences. In this paper we apply association rule mining to logs of granted requests to predict changes to access-control policies that are likely to be consistent with users’ intentio...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2009