Proceedings of the Ninth Symposium on Usable Privacy and Security 2013
DOI: 10.1145/2501604.2501606
|View full text |Cite
|
Sign up to set email alerts
|

Formal definitions for usable access control rule sets from goals to metrics

Abstract: Access control policies describe high level requirements for access control systems. Access control rule sets ideally translate these policies into a coherent and manageable collection of Allow/Deny rules. Designing rule sets that reflect desired policies is a difficult and time-consuming task. The result is that rule sets are difficult to understand and manage. The goal of this paper is to provide means for obtaining usable access control rule sets, which we define as rule sets that (i) reflect the access con… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

2
35
0

Year Published

2015
2015
2021
2021

Publication Types

Select...
6
1

Relationship

0
7

Authors

Journals

citations
Cited by 30 publications
(37 citation statements)
references
References 12 publications
2
35
0
Order By: Relevance
“…Four experienced system administrators were then used to rank the results. This evaluation showed that the participants in the group that had the support from our formal tool, rule sets, and metrics performed significantly better than those in the group without this support (t(3.629) = 7.621, p = 0.007; details of this fourth experiment are published in Beckerle and Martucci [6]). …”
Section: Controlled Experimentsmentioning
confidence: 94%
See 2 more Smart Citations
“…Four experienced system administrators were then used to rank the results. This evaluation showed that the participants in the group that had the support from our formal tool, rule sets, and metrics performed significantly better than those in the group without this support (t(3.629) = 7.621, p = 0.007; details of this fourth experiment are published in Beckerle and Martucci [6]). …”
Section: Controlled Experimentsmentioning
confidence: 94%
“…The actual research work has been reported in various publications and is not reported here (see esp. [4][5][6]. For a comprehensive summary, see A4Cloud Deliverable D-C.7.1 [1]).…”
Section: Outlinementioning
confidence: 99%
See 1 more Smart Citation
“…Attribute management [6,8,16,20,35,37,52] in general deals with requirements related to the attributes used within ABAC policies, ranging from the aggregation of attributes up to their ongoing maintenance. Policy management [4,15,20,22,24,30,37] deals with the development and continuous improvement of access policies.…”
Section: Building Blocks Of Dynamic Identity and Access Managementmentioning
confidence: 99%
“…As a result, the establishment of design guidelines is mandatory in order to avoid semantically correct but inefficiently modeled and contradicting policies. Beckerle and Martucci [4] were the first to formally define security and manageability goals for policies. By means of such exemplary guidelines organizations can increase policy homogeneity and ease policy maintenance.…”
Section: Policy Managementmentioning
confidence: 99%