ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
KNOW Why your access was denied: regulating feedback for usable security
Full text PdfPdf (247 KB)
Source Conference on Computer and Communications Security archive
Proceedings of the 11th ACM conference on Computer and communications security table of contents
Washington DC, USA
SESSION: Access control table of contents
Pages: 52 - 61  
Year of Publication: 2004
ISBN:1-58113-961-6
Authors
Apu Kapadia  University of Illinois at Urbana-Champaign
Geetanjali Sampemane  University of Illinois at Urbana-Champaign
Roy H. Campbell  University of Illinois at Urbana-Champaign
Sponsors
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 4,   Downloads (12 Months): 64,   Citation Count: 5
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
Save this Article to a Binder    Display Formats: BibTex  EndNote ACM Ref   
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1030083.1030092
What is a DOI?

ABSTRACT

We examine the problem of providing useful feedback about access control decisions to users while controlling the disclosure of the system's security policies. Relevant feedback enhances system usability, especially in systems where permissions change in unpredictable ways depending on contextual information. However, providing feedback indiscriminately can violate the confidentiality of system policy. To achieve a balance between system usability and the protection of security policies, we present Know, a framework that uses cost functions to provide feedback to users about access control decisions. Know honors the policy protection requirements, which are represented as a meta-policy, and generates permissible and relevant feedback to users on how to obtain access to a resource. To the best of our knowledge, our work is the first to address the need for useful access control feedback while honoring the privacy and confidentiality requirements of a system's security policy.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Beate Bollig , Ingo Wegener, Improving the Variable Ordering of OBDDs Is NP-Complete, IEEE Transactions on Computers, v.45 n.9, p.993-1002, September 1996  [doi>10.1109/12.537122 ]
 
2
P. Bonatti , E. Damiani , S. de Capitani , P. Samarati, A Component-Based Architecture for Secure Data Publication, Proceedings of the 17th Annual Computer Security Applications Conference, p.309, December 10-14, 2001
 
3
Piero A. Bonatti , Pierangela Samarati, A uniform framework for regulating service access and information release on the web, Journal of Computer Security, v.10 n.3, p.241-271, 2002
4
Kenneth M. Butler , Don E. Ross , Rohit Kapur , M. Ray Mercer, Heuristics to compute variable orderings for efficient manipulation of ordered binary decision diagrams, Proceedings of the 28th conference on ACM/IEEE design automation, p.417-420, June 17-22, 1991, San Francisco, California, United States  [doi>10.1145/127601.127705]
 
5
David Eppstein. Finding the k shortest paths. In Proc. 35th Symp. Foundations of Computer Science, pages 154--165. IEEE, November 1994.
 
6
David F. Ferraiolo and D. Richard Kuhn. Role-based access controls. In Proc. 15th NIST-NCSC National Computer Security Conference, pages 554-563, Baltimore, MD, October 1992.
 
7
Masahiro Fujita , Yusuke Matsunaga , Taeko Kakuda, On variable ordering of binary decision diagrams for the application of multi-level logic synthesis, Proceedings of the conference on European design automation, February 25-28, 1991, Amsterdam, The Netherlands
 
8
Jonathan Graehl. kbest, a C++ library for efficiently finding the k shortest paths in a graph. Available from http://jonathan.graehl.org/kbest.zip.
 
9
Takashi Horiyama , Shuzo Yajima, Exponential Lower Bounds on the Size of OBDDs Representing Integer Divistion, Proceedings of the 8th International Symposium on Algorithms and Computation, p.163-172, December 17-19, 1997
 
10
Brad Johanson , Armando Fox , Terry Winograd, The Interactive Workspaces Project: Experiences with Ubiquitous Computing Rooms, IEEE Pervasive Computing, v.1 n.2, p.67-74, April 2002  [doi>10.1109/MPRV.2002.1012339 ]
 
11
R.E. Korf. Search techniques. In Hossein Bidgoli, editor, Encyclopedia of Information Systems. Academic Press, San Diego, CA, aug 2002.
 
12
Håkan Kvarnström, Hans Hedbom, and Erland Jonsson. Protecting security policies in ubiquitous environments using one-way functions. In D.Hutter et al., editors, Security in Pervasive Computing 2003, volume 2802 of LNCS, pages 71--85. Springer-Verlag, Heidelberg, 2003.
 
13
J. Lind-Nielsen. BuDDy - a binary decision diagram package. Technical Report IT-TR: 1999-028, Technical University of Denmark, 1999.
 
14
P. Orponen and H. Mannila. On approximation preserving reductions: Complete problems and robust measures. Technical Report C-1987-28, University of Helsinki, Dept. of Computer Science, 1987.
 
15
Shipra Panda , Fabio Somenzi, Who are the variables in your neighborhood, Proceedings of the 1995 IEEE/ACM international conference on Computer-aided design, p.74-77, November 05-09, 1995, San Jose, California, United States
 
16
Randal E. Bryant, Graph-based algorithms for Boolean function manipulation, IEEE Transactions on Computers, v.35 n.8, p.677-691, Aug. 1986  [doi>10.1109/TC.1986.1676819]
 
17
Manuel Román , Christopher Hess , Renato Cerqueira , Anand Ranganathan , Roy H. Campbell , Klara Nahrstedt, A Middleware Infrastructure for Active Spaces, IEEE Pervasive Computing, v.1 n.4, p.74-83, October 2002  [doi>10.1109/MPRV.2002.1158281 ]
 
18
Jerome H. Saltzer and Michael D. Schroeder. The protection of information in computer systems. In Proceedings of the IEEE, volume 63, pages 1278--1308, September 1975.
 
19
Geetanjali Sampemane , Prasad Naldurg , Roy H. Campbell, Access Control for Active Spaces, Proceedings of the 18th Annual Computer Security Applications Conference, p.343, December 09-13, 2002
 
20
Mark Weiser. The computer for the 21st century. Scientific American, pages 94-104, September 1991.
 
21
William H. Winsborough and Ninghui Li. Safety in automated trust negotiation. In Proceedings of the 2004 IEEE Symposium on Security and Privacy, pages 147--160, Oakland, CA, May 2004. IEEE Press.
 
22
Ka-Ping Yee, User Interaction Design for Secure Systems, Proceedings of the 4th International Conference on Information and Communications Security, p.278-290, December 09-12, 2002
 
23
Ting Yu , Marianne Winslett, A Unified Scheme for Resource Protection in Automated Trust Negotiation, Proceedings of the 2003 IEEE Symposium on Security and Privacy, p.110, May 11-14, 2003
24
Ting Yu , Marianne Winslett , Kent E. Seamons, Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation, ACM Transactions on Information and System Security (TISSEC), v.6 n.1, p.1-42, February 2003  [doi>10.1145/605434.605435]
 
25
Terry Zimmerman , Subbarao Kambhampati, Learning-assisted automated planning: looking back, taking stock, going forward, AI Magazine, v.24 n.2, p.73-96, Summer 2003
26
Mary Ellen Zurko , Richard T. Simon, User-centered security, Proceedings of the 1996 workshop on New security paradigms, p.27-33, September 17-20, 1996, Lake Arrowhead, California, United States  [doi>10.1145/304851.304859]

CITED BY  5
Lujo Bauer , Lorrie Faith Cranor , Robert W. Reeder , Michael K. Reiter , Kami Vaniea, A user study of policy creation in a flexible access-control system, Proceeding of the twenty-sixth annual SIGCHI conference on Human factors in computing systems, April 05-10, 2008, Florence, Italy
Xiang Cao , Lee Iverson, Intentional access management: making access control usable for end-users, Proceedings of the second symposium on Usable privacy and security, July 12-14, 2006, Pittsburgh, Pennsylvania
Michael LeMay , Omid Fatemieh , Carl A. Gunter, PolicyMorph: interactive policy transformations for a logical attribute-based access control framework, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
 
Kazuhiro Minami , David Kotz, Secure context-sensitive authorization, Pervasive and Mobile Computing, v.1 n.1, p.123-156, March 2005
Lujo Bauer , Lorrie Faith Cranor , Michael K. Reiter , Kami Vaniea, Lessons learned from the deployment of a smartphone-based access-control system, Proceedings of the 3rd symposium on Usable privacy and security, July 18-20, 2007, Pittsburgh, Pennsylvania

INDEX TERMS

Primary Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Access controls

Additional Classification:
  H. Information Systems
  H.5 INFORMATION INTERFACES AND PRESENTATION (I.7)
      H.5.m Miscellaneous


General Terms:
Security


Keywords:
access control, feedback, policy protection, privacy, security, usability

Collaborative Colleagues:
Apu Kapadia: colleagues
Geetanjali Sampemane: colleagues
Roy H. Campbell: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2008 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player