Towards Usable Application-Oriented Access Controls: Qualitative Results from a Usability Study of SELinux, AppArmor and FBAC-LSM

A number of security mechanisms are available for improving the security of systems by restricting the actions of individual programs to activities that are authorised. However, configuring these systems to enforce end users' own security goals is often beyond their expertise. Little research has investigated the usability issues associated with application-oriented access controls. This paper presents the results of a qualitative analysis of user perceptions of the usability of three application-oriented security systems: SELinux, AppArmor, and FBAC-LSM. Qualitative analysis identified a number of factors that affect the usability of application-restriction mechanisms. These themes are used to compare the usability of the three systems studied, and it is proposed that these factors can be used to inform the design of new systems and development of existing ones. Changes to the three security systems are also proposed to address or mitigate specific usability issues that were identified.

[1]  Alan H. Karp,et al.  Polaris: virus-safe computing for Windows XP , 2006, CACM.

[2]  Mary Ellen Zurko,et al.  A user-centered, modular authorization service built on an RBAC foundation , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[3]  Toshihiro Yamauchi,et al.  SEEdit: SELinux Security Policy Configuration System with Higher Level Language , 2009, LISA.

[4]  Christian Payne,et al.  Techniques for Automating Policy Specification for Application-oriented Access Controls , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[5]  Clare-Marie Karat,et al.  Usable Policy Template Authoring for Iterative Policy Refinement , 2010, 2010 IEEE International Symposium on Policies for Distributed Systems and Networks.

[6]  Jasna Kuljis,et al.  Aligning usability and security: a usability study of Polaris , 2006, SOUPS '06.

[7]  Christian Payne,et al.  Functionality-based Application Confinement - Parameterised Hierarchical Application Restrictions , 2008, SECRYPT.

[8]  Xiang Cao,et al.  Intentional access management: making access control usable for end-users , 2006, SOUPS '06.

[9]  Kirstie Hawkey,et al.  Do windows users follow the principle of least privilege?: investigating user account control practices , 2010, SOUPS.

[10]  Lujo Bauer,et al.  Expandable grids for visualizing and authoring computer security policies , 2008, CHI.

[11]  Clare-Marie Karat,et al.  An empirical study of natural language parsing of privacy policy rules using the SPARCLE policy workbench , 2006, SOUPS '06.

[12]  John Karat,et al.  Privacy in information technology: Designing to enable privacy policy management in organizations , 2005, Int. J. Hum. Comput. Stud..

[13]  Christian Payne,et al.  Empowering End Users to Confine Their Own Applications: The Results of a Usability Study Comparing SELinux, AppArmor, and FBAC-LSM , 2011, TSEC.

[14]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[15]  Christian Payne,et al.  Reusability of Functionality-Based Application Confinement Policy Abstractions , 2008, ICICS.

[16]  Phil Kearns,et al.  Domain and Type Enforcement for Linux , 2000, Annual Linux Showcase & Conference.

[17]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[18]  Wayne Salamon,et al.  Implementing SELinux as a Linux Security Module , 2003 .

[19]  Frank Hill,et al.  Protecting data from malicious software , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[20]  Crispin Cowan,et al.  Linux security modules: general security support for the linux kernel , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[21]  Ian Goldberg,et al.  A Secure Environment for Untrusted Helper Applications ( Confining the Wily Hacker ) , 1996 .

[22]  Simson L. Garfinkel,et al.  Security and Usability , 2005 .

[23]  Clare-Marie Karat,et al.  Usability Challenges in Security and Privacy Policy-Authoring Interfaces , 2007, INTERACT.

[24]  Mary Ellen Zurko,et al.  User-centered security , 1996, NSPW '96.

[25]  Jason Nieh,et al.  Apiary: Easy-to-Use Desktop Application Fault Containment on Commodity Operating Systems , 2010, USENIX Annual Technical Conference.

[26]  Calton Pu,et al.  SubDomain: Parsimonious Server Security , 2000, LISA.

[27]  H. Bernard,et al.  Techniques to Identify Themes , 2003 .

[28]  Niels Provos,et al.  Improving Host Security with System Call Policies , 2003, USENIX Security Symposium.

[29]  Andrew Berman,et al.  TRON: Process-Specific File Protection for the UNIX Operating System , 1995, USENIX.

[30]  Clare-Marie Karat,et al.  Optimizing a policy authoring framework for security and privacy policies , 2010, SOUPS.

[31]  J. B. Brooke,et al.  SUS: A 'Quick and Dirty' Usability Scale , 1996 .

[32]  Jean Hitchings,et al.  Deficiencies of the traditional approach to information security and the requirements for a new methodology , 1995, Comput. Secur..