Towards Usable Application-Oriented Access Controls-Reference-Cited by-同舟云学术

Towards Usable Application-Oriented Access Controls

Published:2012-01 Issue:1 Volume:6 Page:57-76
ISSN:1930-1650
Container-title:International Journal of Information Security and Privacy
language:en
Short-container-title:

Author:

Schreuders Z. Cliffe¹,McGill Tanya²,Payne Christian²

Affiliation:

1. Leeds Metropolitan University, UK

2. Murdoch University, Australia

Abstract

A number of security mechanisms are available for improving the security of systems by restricting the actions of individual programs to activities that are authorised. However, configuring these systems to enforce end users’ own security goals is often beyond their expertise. Little research has investigated the usability issues associated with application-oriented access controls. This paper presents the results of a qualitative analysis of user perceptions of the usability of three application-oriented security systems: SELinux, AppArmor, and FBAC-LSM. Qualitative analysis identified a number of factors that affect the usability of application-restriction mechanisms. These themes are used to compare the usability of the three systems studied, and it is proposed that these factors can be used to inform the design of new systems and development of existing ones. Changes to the three security systems are also proposed to address or mitigate specific usability issues that were identified.

Publisher

IGI Global

Subject

Information Systems

Reference38 articles.

1. Alexander, J. D., & Jasna, K. (2006). Aligning usability and security: A usability study of Polaris. In Proceedings of the Second Symposium on Usable Privacy and Security, Pittsburgh, PA (pp. 1-7). New York, NY: ACM.

2. Alma, W., & Tygar, J. D. (1999). Why Johnny can't encrypt: A usability evaluation of PGP 5.0. In Proceedings of the 8th Conference on USENIX Security Symposium, Washington, DC (pp. 169-184). Berkeley, CA: USENIX.

3. Berman, A., Bourassa, V., & Selberg, E. (1995). TRON: Process-specific file protection for the UNIX operating system. In Proceedings of the Winter USENIX Conference, New Orleans, LA (pp. 165-175). Berkeley, CA: USENIX.

4. Brodie, C. A., Karat, C.-M., & Karat, J. (2006). An empirical study of natural language parsing of privacy policy rules using the SPARCLE Policy Workbench. In Proceedings of the 2nd Symposium on Usable Privacy and Security, Pittsburgh, PA (pp. 8-19). New York, NY: ACM.

5. SUS: A quick and dirty usability scale;J.Brooke;Usability evaluation in industry,1996

Cited by 6 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Survey of Real-World Process Sandboxing;2024 35th Conference of Open Innovations Association (FRUCT);2024-04-24

2. Sandboxing Adoption in Open Source Ecosystems;Proceedings of the 12th ACM/IEEE International Workshop on Software Engineering for Systems-of-Systems and Software Ecosystems;2024-04-14

3. An Historical Analysis of the SEAndroid Policy Evolution;Proceedings of the 34th Annual Computer Security Applications Conference;2018-12-03

4. Trading off usability and security in user interface design through mental models;Behaviour & Information Technology;2016-12-07

5. The functionality-based application confinement model;International Journal of Information Security;2013-05-12