Expressions of expertness: the virtuous circle of natural language for access control policy specification

The implementation of usable security is particularly challenging in the growing field of Grid computing, where control is decentralised, systems are heterogeneous, and authorization applies across administrative domains. PERMIS, based on the Role-Based Access Control (RBAC) model, provides a unified infrastructure to address these challenges. Previous research has found that resource owners who do not understand the PERMIS RBAC model have difficulty expressing access control policies. We have addressed this issue by investigating the use of a controlled natural language parser for expressing these policies. In this paper, we describe our experiences in the design, implementation, and evaluation of this parser for the PERMIS Editor. We began by understanding Grid access control needs as expressed by resource owners, through interviews and focus groups with 45 Grid practitioners. We found that the many areas of Grid computing use present varied security requirements; this suggests a minimal, open design. We designed and implemented a controlled natural language system to support these needs, which we evaluated with a cross-section of 17 target users. We found that participants were not daunted by the text editor, and understood the syntax easily. However, some strict requirements of the controlled language were problematic. Using controlled natural language helps overcome some conceptual mis-matches between PERMIS RBAC and older paradigms; however, there are still subtleties which are not always understood. In conclusion, the parser is not sufficient on its own, and should be seen in the interplay with other parts of the PERMIS Editor, so that, iteratively, users are helped to understand the underlying PERMIS model and to express their security policies more accurately and more completely.

[1]  K. Charmaz,et al.  Constructing Grounded Theory: A practical guide through qualitative analysis Kathy Charmaz Constructing Grounded Theory: A practical guide through qualitative analysis Sage 224 £19.99 0761973532 0761973532 [Formula: see text]. , 2006, Nurse researcher.

[2]  Brad A. Myers,et al.  Studying the language and structure in non-programmers' solutions to programming problems , 2001, Int. J. Hum. Comput. Stud..

[3]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[4]  David W. Chadwick,et al.  RBAC Policies in XML for X.509 Based Privilege Management , 2002, SEC.

[5]  M. Angela Sasse,et al.  Conceptual Design Reconsidered: The Case of the Internet Session Directory Tool , 1997, BCS HCI.

[6]  Anne Adams,et al.  Privacy in Multimedia Communications: Protecting Users, Not Just Data , 2001, BCS HCI/IHM.

[7]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[8]  David W. Chadwick,et al.  PERMIS: a modular authorization infrastructure , 2008 .

[9]  Stephen Pulman,et al.  Controlled Language for Knowledge Representation , 1996 .

[10]  Dieter Gollmann New paradigms - old paradigms? , 2000, Future Gener. Comput. Syst..

[11]  Mary Ellen Zurko,et al.  A user-centered, modular authorization service built on an RBAC foundation , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[12]  Xiang Cao,et al.  Intentional access management: making access control usable for end-users , 2006, SOUPS '06.

[13]  Mary Beth Rosson,et al.  End-Users' Mental Models of Concepts Critical to Web Application Development , 2004, 2004 IEEE Symposium on Visual Languages - Human Centric Computing.

[14]  Jean E. Sammet,et al.  The early history of COBOL , 1978, SIGP.

[15]  David W. Chadwick,et al.  ‘ R-Whatq ’ Development of a role-based access control policy-writing tool for e-Scientists: Research Articles , 2005 .

[16]  Clare-Marie Karat,et al.  Evaluating interfaces for privacy policy rule authoring , 2006, CHI.

[17]  Jean Vanderdonckt,et al.  People and Computers XV—Interaction without Frontiers , 2001, Springer London.

[18]  David W. Chadwick,et al.  The Virtuous Circle of Expressing Authorisation Policies , 2006 .

[19]  Clare-Marie Karat,et al.  An empirical study of natural language parsing of privacy policy rules using the SPARCLE policy workbench , 2006, SOUPS '06.

[20]  Paul Dourish,et al.  On "Technomethodology": Foundational Relationships Between Ethnomethodology and System Design , 1998, Hum. Comput. Interact..

[21]  Jakob Nielsen,et al.  Ten Usability Heuristics , 2006 .

[22]  Ka-Ping Yee,et al.  User Interaction Design for Secure Systems , 2002, ICICS.

[23]  M. Angela Sasse,et al.  Users are not the enemy , 1999, CACM.

[24]  Clare-Marie Karat,et al.  HUMAN-COMPUTER INTERACTION VIEWED FROM THE INTERSECTION OF PRIVACY, SECURITY, AND TRUST , 2009 .

[25]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[26]  Cecilia Mascolo,et al.  Integrating security and usability into the requirements and design process , 2007, Int. J. Electron. Secur. Digit. Forensics.

[27]  Dieter Gollmann,et al.  Computer Security , 1979, Lecture Notes in Computer Science.

[28]  David W. Chadwick,et al.  PERMIS: a modular authorization infrastructure , 2008, Concurr. Comput. Pract. Exp..

[29]  S. Barman,et al.  Writing Information Security Policies , 2001 .

[30]  Marty Humphrey,et al.  Security Implications of Typical Grid Computing Usage Scenarios , 2001, Proceedings 10th IEEE International Symposium on High Performance Distributed Computing.

[31]  Kalina Bontcheva,et al.  CLOnE: Controlled Language for Ontology Editing , 2007, ISWC/ASWC.