Scholars@Duke

Expandable grids for visualizing and authoring computer security policies

Publication ,  Conference
Reeder, RW; Bauer, L; Cranor, LF; Reiter, MK; Bacon, K; How, K; Strong, H
Published in: Conference on Human Factors in Computing Systems - Proceedings
December 22, 2008
Published version (DOI)

We introduce the Expandable Grid, a novel interaction technique for creating, editing, and viewing many types of security policies. Security policies, such as file permissions policies, have traditionally been displayed and edited in user interfaces based on a list of rules, each of which can only be viewed or edited in isolation. These list-of-rules interfaces cause problems for users when multiple rules interact, because the interfaces have no means of conveying the interactions amongst rules to users. Instead, users are left to figure out these rule interactions themselves. An Expandable Grid is an interactive matrix visualization designed to address the problems that list-of-rules interfaces have in conveying policies to users. This paper describes the Expandable Grid concept, shows a system using an Expandable Grid for setting file permissions in the Microsoft Windows XP operating system, and gives results of a user study involving 36 participants in which the Expandable Grid approach vastly outperformed the native Windows XP file-permissions interface on a broad range of policy-authoring tasks. Copyright 2008 ACM.

Duke Scholars

Michael Reiter
Author Michael Reiter Computer Science
Altmetric Attention Stats
Dimensions Citation Stats

Published In

Conference on Human Factors in Computing Systems - Proceedings

DOI

10.1145/1357054.1357285

Publication Date

December 22, 2008

Start / End Page

1473 / 1482

Related Subject Headings

  • 3507 Strategy, management and organisational behaviour
  • 1503 Business and Management
  • 1202 Building
 

Citation

APA
Chicago
ICMJE
MLA
NLM
Reeder, R. W., Bauer, L., Cranor, L. F., Reiter, M. K., Bacon, K., How, K., & Strong, H. (2008). Expandable grids for visualizing and authoring computer security policies. In Conference on Human Factors in Computing Systems - Proceedings (pp. 1473–1482). https://doi.org/10.1145/1357054.1357285
Reeder, R. W., L. Bauer, L. F. Cranor, M. K. Reiter, K. Bacon, K. How, and H. Strong. “Expandable grids for visualizing and authoring computer security policies.” In Conference on Human Factors in Computing Systems - Proceedings, 1473–82, 2008. https://doi.org/10.1145/1357054.1357285.
Reeder RW, Bauer L, Cranor LF, Reiter MK, Bacon K, How K, et al. Expandable grids for visualizing and authoring computer security policies. In: Conference on Human Factors in Computing Systems - Proceedings. 2008. p. 1473–82.
Reeder, R. W., et al. “Expandable grids for visualizing and authoring computer security policies.” Conference on Human Factors in Computing Systems - Proceedings, 2008, pp. 1473–82. Scopus, doi:10.1145/1357054.1357285.
Reeder RW, Bauer L, Cranor LF, Reiter MK, Bacon K, How K, Strong H. Expandable grids for visualizing and authoring computer security policies. Conference on Human Factors in Computing Systems - Proceedings. 2008. p. 1473–1482.

Published In

Conference on Human Factors in Computing Systems - Proceedings

DOI

10.1145/1357054.1357285

Publication Date

December 22, 2008

Start / End Page

1473 / 1482

Related Subject Headings

  • 3507 Strategy, management and organisational behaviour
  • 1503 Business and Management
  • 1202 Building