Usability meets access control: challenges and research opportunities

This panel discusses specific challenges in the usability of access control technologies and new opportunities for research. The questions vary from "Why nobody, even experts, uses access control lists (ACLs)?" to "Shall access controls (and corresponding languages) be totally embedded and invisible and never, ever seen by the users?" to "What should be the user-study methodology for access control systems?".

[1]  Konstantin Beznosov,et al.  Towards understanding IT security professionals and their tools , 2007, SOUPS '07.

[2]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[3]  Robert W. Reeder,et al.  Improving user-interface dependability through mitigation of human error , 2005, Int. J. Hum. Comput. Stud..

[4]  David W. Chadwick,et al.  ‘ R-Whatq ’ Development of a role-based access control policy-writing tool for e-Scientists: Research Articles , 2005 .

[5]  Jeff Yan,et al.  Usability of CAPTCHAs or usability issues in CAPTCHA design , 2008, SOUPS '08.

[6]  Robert Biddle,et al.  A Usability Study and Critique of Two Password Managers , 2006, USENIX Security Symposium.

[7]  Lujo Bauer,et al.  Expandable grids for visualizing and authoring computer security policies , 2008, CHI.

[8]  David W. Chadwick,et al.  ‘R‐What?’ Development of a role‐based access control policy‐writing tool for e‐Scientists , 2005, Softw. Pract. Exp..

[9]  Kirstie Hawkey,et al.  Towards improving mental models of personal firewall users , 2009, CHI Extended Abstracts.

[10]  David W. Chadwick,et al.  Expressions of expertness: the virtuous circle of natural language for access control policy specification , 2008, SOUPS '08.

[11]  Marti A. Hearst,et al.  Why phishing works , 2006, CHI.

[12]  Robert Biddle,et al.  A second look at the usability of click-based graphical passwords , 2007, SOUPS '07.

[13]  S. Hudson,et al.  CHI '08 Extended Abstracts on Human Factors in Computing Systems , 2009, CHI 2009.

[14]  Stuart E. Schechter,et al.  The Emperor's New Security Indicators , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).