A User Study of Policy Creation in a Flexible Access-Control System
Presenter
Lorrie Cranor, Carnegie Mellon University
Time
Session III - 1:30am - 3:00pm
Abstract
Significant effort has been invested in developing expressive and flexible access-control languages and systems. However, little has been done to evaluate these systems in practical situations with real users, and few attempts have been made to discover and analyze the access-control policies that users actually want to implement. We conducted a user study in which we derived the ideal access policies desired by a group of users for physical security in an office environment. We compared these ideal policies to the policies the users actually implemented with keys and with a smartphone-based distributed access-control system. [This is joint work with Rob Reeder, Michael Reiter, Lujo Bauer, and Kami Vaniea.]
Presentation
Download (PPT, 8.6 MB)