Skip to main content
Expandable Grids for Visualizing and Authoring Computer Security Policies
Institute for Software Research
  • Robert W Reeder, Carnegie Mellon University
  • Lujo Bauer, Carnegie Mellon University
  • Lorrie Faith Cranor, Carnegie Mellon University
  • Michael K Reiter, University of North Carolina at Chapel Hill
  • Kelli Bacon, Gonzaga University
  • Keisha How, Carnegie Mellon University
  • Heather Strong, Carnegie Mellon University
Date of Original Version
Rights Management
Abstract or Description
We introduce the Expandable Grid, a novel interaction technique for creating, editing, and viewing many types of security policies. Security policies, such as file permissions policies, have traditionally been displayed and edited in user interfaces based on a list of rules, each of which can only be viewed or edited in isolation. These list-of-rules interfaces cause problems for users when multiple rules interact, because the interfaces have no means of conveying the interactions amongst rules to users. Instead, users are left to figure out these rule interactions themselves. An Expandable Grid is an interactive matrix visualization designed to address the problems that list-of-rules interfaces have in conveying policies to users. This paper describes the Expandable Grid concept, shows a system using an Expandable Grid for setting file permissions in the MicrosoftWindows XP operating system, and gives results of a user study involving 36 participants in which the Expandable Grid approach vastly outperformed the nativeWindows XP file-permissions interface on a broad range of policy-authoring tasks.
Citation Information
Robert W Reeder, Lujo Bauer, Lorrie Faith Cranor, Michael K Reiter, et al.. "Expandable Grids for Visualizing and Authoring Computer Security Policies" (2008)
Available at: