Scholars@Duke

A user study of policy creation in a flexible access-control system

Publication ,  Conference
Bauer, L; Cranor, LF; Reeder, RW; Reiter, MK; Vaniea, K
Published in: Conference on Human Factors in Computing Systems - Proceedings
December 22, 2008
Published version (DOI)

Significant effort has been invested in developing expressive and flexible access-control languages and systems. However, little has been done to evaluate these systems in practical situations with real users, and few attempts have been made to discover and analyze the access-control policies that users actually want to implement. We report on a user study in which we derive the ideal access policies desired by a group of users for physical security in an office environment. We compare these ideal policies to the policies the users actually implemented with keys and with a smartphone-based distributed access-control system. We develop a methodology that allows us to show quantitatively that the smartphone system allowed our users to implement their ideal policies more accurately and securely than they could with keys, and we describe where each system fell short. Copyright 2008 ACM.

Duke Scholars

Michael Reiter
Author Michael Reiter Computer Science

Published In

Conference on Human Factors in Computing Systems - Proceedings

DOI

10.1145/1357054.1357143

Publication Date

December 22, 2008

Start / End Page

543 / 552

Related Subject Headings

  • 3507 Strategy, management and organisational behaviour
  • 1503 Business and Management
  • 1202 Building
 

Citation

APA
Chicago
ICMJE
MLA
NLM
Bauer, L., Cranor, L. F., Reeder, R. W., Reiter, M. K., & Vaniea, K. (2008). A user study of policy creation in a flexible access-control system. In Conference on Human Factors in Computing Systems - Proceedings (pp. 543–552). https://doi.org/10.1145/1357054.1357143
Bauer, L., L. F. Cranor, R. W. Reeder, M. K. Reiter, and K. Vaniea. “A user study of policy creation in a flexible access-control system.” In Conference on Human Factors in Computing Systems - Proceedings, 543–52, 2008. https://doi.org/10.1145/1357054.1357143.
Bauer L, Cranor LF, Reeder RW, Reiter MK, Vaniea K. A user study of policy creation in a flexible access-control system. In: Conference on Human Factors in Computing Systems - Proceedings. 2008. p. 543–52.
Bauer, L., et al. “A user study of policy creation in a flexible access-control system.” Conference on Human Factors in Computing Systems - Proceedings, 2008, pp. 543–52. Scopus, doi:10.1145/1357054.1357143.
Bauer L, Cranor LF, Reeder RW, Reiter MK, Vaniea K. A user study of policy creation in a flexible access-control system. Conference on Human Factors in Computing Systems - Proceedings. 2008. p. 543–552.

Published In

Conference on Human Factors in Computing Systems - Proceedings

DOI

10.1145/1357054.1357143

Publication Date

December 22, 2008

Start / End Page

543 / 552

Related Subject Headings

  • 3507 Strategy, management and organisational behaviour
  • 1503 Business and Management
  • 1202 Building