Nachi Ueno
ABSTRACT
In this study, we tested the usability of database management software for end-users. To improve the usability, novel concept Filter based Access Control model (FBAC) and FBAC UI have been developed. We conducted a user test and analyzed the results. In the test, 40 users tried to solve two tasks: 20 used Role based Access Control Model (RBAC) UI, and the rest FBAC UI. In the results, almost no RBAC UI users could complete the tasks, but users who used FBAC completed 40%.
- Microsoft Office http://office.microsoft.com/enus/professional/Google Scholar
- Google Spreadsheets http://docs.google.comGoogle Scholar
- FileMaker http://www.filemaker.com/products/filemaker-pro/?nav=products-proGoogle Scholar
- Salesforce http://www.salesforce.com/?Country=usGoogle Scholar
- Nielsen, J. Ten usability heuristics. http://www.useit.com/papers/heuristic/heuristic_list.html, accessed on August 20, 2002.Google Scholar
- Johnston, J., Eloff, J. H. P. & Labuschagne L. Security and human computer interfaces. Computers & Security, Vol. 22 (8), pp. 675, 2003.Google ScholarDigital Library
- Ka-Ping Yee, User Interaction Design for Secure Systems, Proceedings of the 4th International Conference on Information and Communications Security, p. 278--290, December 09--12, 2002 Google ScholarDigital Library
- Brodie, C. A., Karat, C., and Karat, J. 2006. An empirical study of natural language parsing of privacy policy rules using the SPARCLE policy workbench. In Proceedings of the Second Symposium on Usable Privacy and Security (Pittsburgh, Pennsylvania, July 12--14, 2006). SOUPS '06, vol. 149. ACM, New York, NY, 8--19. DOI=http://doi.acm.org/10.1145/1143120.1143123 Google ScholarDigital Library
- Inglesant, P., Sasse, M. A., Chadwick, D., and Shi, L. L., "Expressions of expertness: the virtuous circle of natural language for access control policy specification", In Proceedings of the 4th Symposium on Usable Privacy and Security (SOUPS '08), pp. 77--88, 23--25 July, 2008 Google ScholarDigital Library
- Vaniea, K., Ni, Q., Cranor, L., and Bertino, E., "Access control policy analysis and visualization tools for security professionals", In Proceedings of the 4th Symposium on Usable Privacy and Security (SOUPS '08)Google Scholar
- Smith, S. W. Humans in the Loop: Human-Computer Interaction and Security, IEEE Security and Privacy, v. 1 n. 3, p. 75--79, May 2003 {doi>10.1109/MSECP.2003.1203228} Google ScholarDigital Library
- Ka-Ping Yee, Aligning Security and Usability, IEEE Security and Privacy, v.2 n.5, p.48--55, September 2004 {doi>10.1109/MSP.2004.64} Google ScholarDigital Library
- Raja, F., Hawkey, K., and Beznosov, K. 2009. Revealing hidden context: improving mental models of personal firewall users. In Proceedings of the 5th Symposium on Usable Privacy and Security (Mountain View, California, July 15--17, 2009). SOUPS '09. ACM, New York, NY, 1--12. DOI= http://doi.acm.org/10.1145/1572532.1572534 Google ScholarDigital Library
- Karwowski, W. International Encyclopedia of Ergonomics and Human Factors, Second Edition - 3 Volume Set, CRC Press, Inc., Boca Raton, FL, 2006 Google ScholarDigital Library
- Lopez, J., Oppliger, R., and Pernul, G. 2005. "Authentication and authorization infrastructures (AAIs): a comparative survey", Computers & Security, vol. 23, 2004, 578--590.Google ScholarDigital Library
- Ko, A. J., Myers, B. A. and Aung, H. H. Six Learning Barriers in End-User Programming Systems, Proceedings of the 2004 IEEE Symposium on Visual Languages - Human Centric Computing (VLHCC'04), p.199--206, September 26--29, 2004 {doi>10.1109/VLHCC.2004.47} Google ScholarDigital Library
- Tanimoto, S. L. (2003), Programming in a Data Factory, in 'Proceedings of Human Centric Computing Language and Environments', pp. 100--108. Google ScholarDigital Library
- Graham, G. S. and Denning, P. J. 1972. Protection: principles and practice. In Proceedings of the May 16--18, 1972, Spring Joint Computer Conference (Atlantic City, New Jersey, May 16--18, 1972). AFIPS '72 (Spring). ACM, New York, NY, 417--429. DOI= http://doi.acm.org/10.1145/1478873.1478928 Google ScholarDigital Library
- Chaffer, J. and Swedberg, K. 2007 Learning Jquery: Better Interaction Design and Web Development with Simple Javascript Techniques. Packt Publishing. Google ScholarDigital Library
- Ueno, N., Hashimoto, R., Shimomura, M., and Takahashi, K. 2009. Soramame: what you see is what you control access control user interface. In Proceedings of the Symposium on Computer Human interaction For the Management of information Technology (Baltimore, Maryland, November 07--08, 2009). CHiMiT '09. ACM, New York, NY, 38--41. DOI= http://doi.acm.org/10.1145/1641587.1641592 Google ScholarDigital Library
- Smetters, D. K. and Good, N. 2009. How users use access control. In Proceedings of the 5th Symposium on Usable Privacy and Security (Mountain View, California, July 15--17, 2009). SOUPS '09. ACM, New York, NY, 1--12. DOI= http://doi.acm.org/10.1145/1572532.1572552 Google ScholarDigital Library
Index Terms
- Filter-based access control model: exploring a more usable database management
Recommendations
An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security
ICFNDS '17: Proceedings of the International Conference on Future Networks and Distributed SystemsRole-based access control (RBAC) is a widely-used protocol to design and build an access control for providing the system security regarding authorization. Even though in the context of internet resources access, the authentication and access control ...
Domain Administration of Task-role Based Access Control for Process Collaboration Environments
IAS '09: Proceedings of the 2009 Fifth International Conference on Information Assurance and Security - Volume 01The fast evolving workflow technologies facilitate organizations to interact and cooperate with each other to achieve their business goals by process collaborations. Task-role based access control is an important security mechanism to protect data and ...
A generalized context-based access control model for pervasive environments
SPRINGL '09: Proceedings of the 2nd SIGSPATIAL ACM GIS 2009 International Workshop on Security and Privacy in GIS and LBSPervasive Computing Environments enable new opportunities for users to share and to access resources anytime and anywhere in a more natural way, making access control a critical issue. These heterogeneous and dynamic sensor-rich environments ...
Comments