IDEALS Home University of Illinois at Urbana-Champaign logo The Alma Mater The Main Quad

Know Why Your Access Was Denied: Regulating Feedback for Usable Security

Show full item record

Bookmark or cite this item: http://hdl.handle.net/2142/10778

Files in this item

File Description Format
PDF Know Why Your A ... ck for Usable Security.pdf (2MB) (no description provided) PDF
Title: Know Why Your Access Was Denied: Regulating Feedback for Usable Security
Author(s): Kapadia, Apu C.; Sampemane, Geetanjali
Contributor(s): Campbell, Roy H.
Subject(s): computer security privacy
Abstract: We examine the problem of providing useful feedback to users who are denied access to resources, while controlling the disclosure of the system security policies. High-quality feedback enhances the usability of a system, especially when permissions may depend on contextual information---time of day, temperature of a room and other factors that change unpredictably. However, providing too much information to the user may breach the confidentiality of the system policies. To achieve a balance between system usability and privacy of security policies, we present Know, a framework that uses Ordered Binary Decision Diagrams (OBDDs) and cost functions to provide feedback to users about access control decisions. Know honors a system's privacy requirements, which are represented as a meta-policy, and generates permissible and relevant feedback to users on how to obtain access to a resource. To the best of our knowledge, our work is the first to address the need of access control feedback while honoring the privacy and confidentiality requirements of a system's security policy.
Issue Date: 2004-02
Genre: Technical Report
Type: Text
URI: http://hdl.handle.net/2142/10778
Rights Information: You are granted permission for the non-commercial reproduction, distribution, display, and performance of this technical report in any format, BUT this permission is only for a period of 45 (forty-five) days from the most recent time that you verified that this technical report is still available from the University of Illinois at Urbana-Champaign Computer Science Department under terms that include this permission. All other rights are reserved by the author(s).
Date Available in IDEALS: 2009-04-14
 

This item appears in the following Collection(s)

Show full item record

Item Statistics

  • Total Downloads: 208
  • Downloads this Month: 6
  • Downloads Today: 1

Browse

My Account

Information

Access Key