Beckerle, Matthias ; Martucci, Leonardo (2013)
Formal Definitions for Usable Access Control Rule Sets From Goals to Metrics.
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Access control policies describe high level requirements for access control systems. Access control rule sets ideally translate these policies into a coherent and manageable collection of Allow/Deny rules. Designing rule sets that reect desired policies is a difficult and time-consuming task. The result is that rule sets are difficult to understand and manage. The goal of this paper is to provide means for obtaining usable access control rule sets, which we define as rule sets that (i) reect the access control policy and (ii) are easy to understand and manage. In this paper, we formally define the challenges that users face when generating usable access control rule sets and provide formal tools to handle them more easily. We started our research with a pilot study in which specialists were interviewed. The objective was to list usability challenges regarding the management of access control rule sets and verify how those challenges were handled by specialists. The results of the pilot study were compared and combined with results from related work and refined into six novel, formally defined metrics that are used to measure the security and usability aspects of access control rule sets. We validated our findings with two user studies, which demonstrate that our metrics help users generate statistically significant better rule sets.
Typ des Eintrags: | Konferenzveröffentlichung |
---|---|
Erschienen: | 2013 |
Autor(en): | Beckerle, Matthias ; Martucci, Leonardo |
Art des Eintrags: | Bibliographie |
Titel: | Formal Definitions for Usable Access Control Rule Sets From Goals to Metrics |
Sprache: | Deutsch |
Publikationsjahr: | Juli 2013 |
Buchtitel: | Symposium on Usable Privacy and Security (SOUPS) 2013 |
Zugehörige Links: | |
Kurzbeschreibung (Abstract): | Access control policies describe high level requirements for access control systems. Access control rule sets ideally translate these policies into a coherent and manageable collection of Allow/Deny rules. Designing rule sets that reect desired policies is a difficult and time-consuming task. The result is that rule sets are difficult to understand and manage. The goal of this paper is to provide means for obtaining usable access control rule sets, which we define as rule sets that (i) reect the access control policy and (ii) are easy to understand and manage. In this paper, we formally define the challenges that users face when generating usable access control rule sets and provide formal tools to handle them more easily. We started our research with a pilot study in which specialists were interviewed. The objective was to list usability challenges regarding the management of access control rule sets and verify how those challenges were handled by specialists. The results of the pilot study were compared and combined with results from related work and refined into six novel, formally defined metrics that are used to measure the security and usability aspects of access control rule sets. We validated our findings with two user studies, which demonstrate that our metrics help users generate statistically significant better rule sets. |
Freie Schlagworte: | - SST - Area Smart Security and Trust;- SST: CASED:;Access control; Usability; Security; Metrics; Formal logic |
ID-Nummer: | TUD-CS-2013-0252 |
Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik > Telekooperation LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt LOEWE > LOEWE-Zentren 20 Fachbereich Informatik LOEWE |
Hinterlegungsdatum: | 31 Dez 2016 12:59 |
Letzte Änderung: | 30 Mai 2018 12:53 |
PPN: | |
Export: | |
Suche nach Titel in: | TUfind oder in Google |
Frage zum Eintrag |
Optionen (nur für Redakteure)
Redaktionelle Details anzeigen |