Significant effort has been invested in developing expressive and flexible access-control languages and systems. However, little work has been done to evaluate these theoretically interesting systems in practical situations with real users, and few attempts have been made to discover and analyze the accesscontrol policies that users actually want to implement. In this paper we report on a study in which we derive the ideal access policies desired by a group of users for physical security in an office environment. We compare these ideal policies to the policies the users actually implemented with keys and with Grey, a smartphone-based distributed access-control system. We show quantitatively that Grey allowed our users to implement their ideal policies more accurately and securely than they could with keys, and describe where each system fell short. As part of this evaluation we identify conditions that users commonly required in their desired policies and explain how these conditions can or cannot be implemented with keys and Grey. Our results and experience can serve to inform the designers of access-control systems about which features these systems should include if they are to successfully meet users’ needs.
Available at: http://works.bepress.com/lorrie_cranor/38/