Proceedings of the SIGCHI Conference on Human Factors in Computing Systems 2009
DOI: 10.1145/1518701.1518838
|View full text |Cite
|
Sign up to set email alerts
|

Real life challenges in access-control management

Abstract: In this work we ask the question: what are the challenges of managing a physical or file system access-control policy for a large organization? To answer the question, we conducted a series of interviews with thirteen administrators who manage access-control policy for either a file system or a physical space. Based on these interviews we identified three sets of real-world requirements that are either ignored or inadequately addressed by technology: 1) policies are made/implemented by multiple people; 2) poli… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
35
0

Year Published

2012
2012
2024
2024

Publication Types

Select...
5
3

Relationship

0
8

Authors

Journals

citations
Cited by 67 publications
(35 citation statements)
references
References 16 publications
0
35
0
Order By: Relevance
“…No financial incentive was offered to the participants. 1 We used semi-structured interviews as our method of inquiry in the pilot study. This method provided us the flexibility to ask for details regarding the challenges faced when managing access control rule sets.…”
Section: Methodsmentioning
confidence: 99%
See 1 more Smart Citation
“…No financial incentive was offered to the participants. 1 We used semi-structured interviews as our method of inquiry in the pilot study. This method provided us the flexibility to ask for details regarding the challenges faced when managing access control rule sets.…”
Section: Methodsmentioning
confidence: 99%
“…These activities are now expected even from less experienced users [4]. However, the task of generating and managing access control rule sets is not trivial [1,4,13]. Errors in access control rule sets can lead to unintended results, such as sharing more (or less) data than desired and the generation of too complex access control rule sets [13].…”
Section: Introductionmentioning
confidence: 99%
“…Such work provides valuable insights to work such as ours. For example, our assertions about the badness of exceptions in ACLs are based on the observations of Bauer et al [7]. Similarly, the work of Smetters and Good [28] discusses the value of groups and also makes some insightful observations.…”
Section: Related Workmentioning
confidence: 96%
“…This is particularly relevant to entries of the form user:, as these can be viewed as exceptions. It is known that exceptions in access control policies make them difficult to administer [7]. One may argue that if askfacl is always use to manage an ACL, then the redundancy should not matter.…”
Section: Designmentioning
confidence: 99%
“…For instance, it is well-known that users' social networks have many more contacts than they interact with on a day-to-day basis: a 2011 poll of 1,954 British citizens found that the average person had 476 1 Facebook friends, but only 152 contacts in their cellular phone [38]. Furthermore, research studies have shown that users frequently make mistakes when authoring even basic access control policies in commodity systems [5,11,30]. As such, it is clear that accidents and misconfigurations can lead to over-sharing in large social networks.…”
mentioning
confidence: 99%