Files in this item



application/pdfKnow Why Your A ... ck for Usable Security.pdf (2MB)
(no description provided)PDF


Title:Know Why Your Access Was Denied: Regulating Feedback for Usable Security
Author(s):Kapadia, Apu C.; Sampemane, Geetanjali
Contributor(s):Campbell, Roy H.
Subject(s):computer security
Abstract:We examine the problem of providing useful feedback to users who are denied access to resources, while controlling the disclosure of the system security policies. High-quality feedback enhances the usability of a system, especially when permissions may depend on contextual information---time of day, temperature of a room and other factors that change unpredictably. However, providing too much information to the user may breach the confidentiality of the system policies. To achieve a balance between system usability and privacy of security policies, we present Know, a framework that uses Ordered Binary Decision Diagrams (OBDDs) and cost functions to provide feedback to users about access control decisions. Know honors a system's privacy requirements, which are represented as a meta-policy, and generates permissible and relevant feedback to users on how to obtain access to a resource. To the best of our knowledge, our work is the first to address the need of access control feedback while honoring the privacy and confidentiality requirements of a system's security policy.
Issue Date:2004-02
Genre:Technical Report
Rights Information:You are granted permission for the non-commercial reproduction, distribution, display, and performance of this technical report in any format, BUT this permission is only for a period of 45 (forty-five) days from the most recent time that you verified that this technical report is still available from the University of Illinois at Urbana-Champaign Computer Science Department under terms that include this permission. All other rights are reserved by the author(s).
Date Available in IDEALS:2009-04-14

This item appears in the following Collection(s)

Item Statistics