Making access control more usable

Get BibTex-formatted data

Author

Elisa Bertino, Trent Jaeger, Jonathan Moffett, Slyvia Osborn, Ravi Ravi

Entry type

proceedings

Abstract

Scope: a variety of things are expressed under the heading of access control: permission assignments, constraints, activations, transition, hierarchies, ect. What things really need to be expressed?Concepts: What modeling concepts are available to express these things? Where are we in understanding the usability of these models?Complexity-flexibility tradeoff: How do we make trade-offs between the flexibility of [removed]expressive power) and applying more usable concepts? Can this be measured?Domain specificity: Improving ease of use often involves increasing the level of the specification using domain-specific techniques. What techniques are possible? How can we compare teh effectiveness of these techniques?Composition: How can the modularity of access control policies be leveraged? Is there any modularity?Completeness: How do we integrate access control effectively with support for audit and intrusion detection?

Date

2002

URL

http://portal.acm.org/citation ... 8398&CFTOKEN=30584748

Booktitle

Symposium on Access Control Models and Technologies. Proceedings of the seventh ACM symposium on Access control models and technologies

Key alpha

Bertino

Pages

141

Affiliation

Purdue University

Publication Date

2002-00-00

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Proceedings{ Bertino,
	title = "Making access control more usable",
	author = "Elisa Bertino, Trent Jaeger, Jonathan Moffett, Slyvia Osborn, Ravi Ravi",
	year = "2002",
	booktitle = "Symposium on Access Control Models and Technologies. Proceedings of the seventh ACM symposium on Access control models and technologies",
	pages = "141",
	abstract = "Scope: a variety of things are expressed under the heading of access control: permission assignments, constraints, activations, transition, hierarchies, ect. What things really need to be expressed?Concepts: What modeling concepts are available to express these things? Where are we in understanding the usability of these models?Complexity-flexibility tradeoff: How do we make trade-offs between the flexibility of [removed]expressive power) and applying more usable concepts? Can this be measured?Domain specificity: Improving ease of use often involves increasing the level of the specification using domain-specific techniques. What techniques are possible? How can we compare teh effectiveness of these techniques?Composition: How can the modularity of access control policies be leveraged? Is there any modularity?Completeness: How do we integrate access control effectively with support for audit and intrusion detection?",
	affiliation = "Purdue University",
	url = "http://portal.acm.org/citation.cfm?id=507711.507734&coll=ACM&dl=ACM&CFID=26738398&CFTOKEN=30584748",
}