Skip to main content
Article
A User Study of Policy Creation in a Flexible Access-Control System
Institute for Software Research
  • Lujo Bauer, Carnegie Mellon University
  • Lorrie Faith Cranor, Carnegie Mellon University
  • Robert W Reeder, Carnegie Mellon University
  • Michael K Reiter, University of North Carolina at Chapel Hill
  • Kami Vaniea, Carnegie Mellon University
Date of Original Version
1-1-2008
Type
Article
Rights Management
http://portal.acm.org/citation.cfm?id=1357143
Abstract or Description
Significant effort has been invested in developing expressive and flexible access-control languages and systems. However, little has been done to evaluate these systems in practical situations with real users, and few attempts have been made to discover and analyze the access-control policies that users actually want to implement. We report on a user study in which we derive the ideal access policies desired by a group of users for physical security in an office environment. We compare these ideal policies to the policies the users actually implemented with keys and with a smartphone-based distributed access-control system. We develop a methodology that allows us to show quantitatively that the smartphone system allowed our users to implement their ideal policies more accurately and securely than they could with keys, and we describe where each system fell short.
DOI
10.1145/1357054.1357143
Citation Information
Lujo Bauer, Lorrie Faith Cranor, Robert W Reeder, Michael K Reiter, et al.. "A User Study of Policy Creation in a Flexible Access-Control System" (2008)
Available at: http://works.bepress.com/lorrie_cranor/13/