Filter-based access control model: exploring a more usable database management

In this study, we tested the usability of database management software for end-users. To improve the usability, novel concept Filter based Access Control model (FBAC) and FBAC UI have been developed. We conducted a user test and analyzed the results. In the test, 40 users tried to solve two tasks: 20 used Role based Access Control Model (RBAC) UI, and the rest FBAC UI. In the results, almost no RBAC UI users could complete the tasks, but users who used FBAC completed 40%.

[1]  Kenji Takahashi,et al.  Soramame: what you see is what you control access control user interface , 2009, CHIMIT.

[2]  Jan H. P. Eloff,et al.  Security and human computer interfaces , 2003, Comput. Secur..

[3]  David W. Chadwick,et al.  Expressions of expertness: the virtuous circle of natural language for access control policy specification , 2008, SOUPS '08.

[4]  Diana K. Smetters,et al.  How users use access control , 2009, SOUPS.

[5]  Steven L. Tanimoto,et al.  Programming in a data factory , 2003, IEEE Symposium on Human Centric Computing Languages and Environments, 2003. Proceedings. 2003.

[6]  Clare-Marie Karat,et al.  An empirical study of natural language parsing of privacy policy rules using the SPARCLE policy workbench , 2006, SOUPS '06.

[7]  Angela Sasse,et al.  Humans in the Loop Human – Computer Interaction and Security , 2022 .

[8]  Jakob Nielsen,et al.  Ten Usability Heuristics , 2006 .

[9]  Ka-Ping Yee,et al.  User Interaction Design for Secure Systems , 2002, ICICS.

[10]  Jonathan Chaffer,et al.  Learning jquery: better interaction design and web development with simple javascript techniques , 2007 .

[11]  Ka-Ping Yee,et al.  Aligning Security and Usability , 2004, IEEE Secur. Priv..

[12]  Waldemar Karwowski,et al.  International Encyclopedia of Ergonomics and Human Factors, Second Edition - 3 Volume Set , 2006 .

[13]  Elisa Bertino,et al.  Access Control Policy Analysis and Visualization Tools for Security Professionals , 2008 .

[14]  Brad A. Myers,et al.  Six Learning Barriers in End-User Programming Systems , 2004, 2004 IEEE Symposium on Visual Languages - Human Centric Computing.

[15]  Kirstie Hawkey,et al.  Revealing hidden context: improving mental models of personal firewall users , 2009, SOUPS.

[16]  Peter J. Denning,et al.  Protection: principles and practice , 1972, AFIPS '72 (Spring).

[17]  Rolf Oppliger,et al.  Authentication and authorization infrastructures (AAIs): a comparative survey , 2004, Comput. Secur..