research-article

Evaluating assistance of natural language policy authoring

Authors:

Clare-Marie Karat,

Joshua B. Gross,

Carolyn BrodieAuthors Info & Claims

SOUPS '08: Proceedings of the 4th symposium on Usable privacy and security

Pages 65 - 73

https://doi.org/10.1145/1408664.1408674

Published: 23 July 2008 Publication History

Abstract

The goal of the research study reported here was to investigate policy authors' ability to take descriptions of changes to policy situations and author high-quality, complete policy rules that would parse with high accuracy. As a part of this research, we investigated ways in which we could assist policy authors in writing policies. This paper presents the results of a user study on the effectiveness of providing syntax highlighting in a natural language policy authoring interface. While subjects liked the new interface, they showed no improvement in accuracy when writing rules. We discuss our results in terms of a three phase authoring process that users move through when authoring or modifying policies. We describe this process, discuss why and how our interface failed to support it and make recommendations to designers on how to better support this process.

References

[1]

Alamargot, D. and Chanquoy, L., Through the Models of Writing. Kluwer Academic Publishers, Dordrecht, The Netherlands, 2001.

[2]

Anton, A., He, Q., and Baumer, D., The complexity underlying JetBlue's privacy policy violations, IEEE Security & Privacy. August/September, 2004.

Digital Library

[3]

Breaux, T. D., and Anton, A. I. Analyzing Goal Semantics for Rights, Permissions, and Obligations. Technical Report #TR-2005-08, North Carolina State University, Department of Computer Science, February 15, 2005.

Digital Library

[4]

Baumer, D., Earp, J. B. and Payton, F. C., Privacy in medical records: IT implications of HIPPA. Computers and Society, 40--47. December, 2000.

Digital Library

[5]

Brodie, C., Karat, C. M., Karat, J., An empirical study of natural language parsing of privacy policy rules using the SPARCLE policy workbench. In Proceedings of the Symposium on Usable Privacy and Security (SOUPS), New York, NY, ACM Press 8--19. July 2006.

Digital Library

[6]

Brooks, K. Migrating to role-based access control. In Proceedings of the Fourth ACM Workshop on Role-Based Access Control, (RBAC). ACM Press, New York, NY, 71--81. 1999.

Digital Library

[7]

Hayes, J. R. and Flower, L. S. Identifying the organization of writing processes. In L. W. Gregg, and E. R. Steinberg (Eds.), Cognitive processes in writing: An interdisciplinary approach (pp. 3--30). Hillsdale, NJ: Lawrence Erlbaum Associates, 1980.

[8]

Holtzblatt, K. and Beyer, H., Contextual Design. Morgan Kaufmann, San Francisco. 1998.

[9]

Karat, C., Karat, J., Brodie, C., and Feng, J. Evaluating interfaces for privacy policy rule authoring. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. (ACM Press, New York, NY, 83--92. April 22--27, 2006.

Digital Library

[10]

Karat, C., Karat, J., and Brodie, C. Why HCI research in privacy and security is critical now, International Journal of Man-Machine Studies 63(1--2), 1--4. 2005.

Digital Library

[11]

Karat, J., Karat, C., Brodie, C. and Feng, J., Privacy in information technology: Designing to enable privacy policy management in organizations. International Journal of Human-Computer Studies, 63(1--2), 153--174. July, 2005.

Digital Library

[12]

Karjoth, G. and Schunter, M. A privacy policy model for enterprises. In Proceedings of the 15th IEEE Computer Security Foundations Workshop, 271--281. 2002.

Digital Library

[13]

Smith, J., Privacy policies and practices: Inside the organizational maze. Communications of the ACM, 36, 12, 105--122. 1993.

Digital Library

[14]

Reeder, R., Karat, C., Karat, J. and Brodie, C., Usability challenges in security and privacy policy-authoring interfaces. INTERACT, 2007.

Digital Library

[15]

Rubin, L. F., Syntax-directed pretty printing -- a first step towards a syntax-directed editor. In Proceedings of the IEEE Transactions on Software Engineering. 119--127. March, 1983.

Digital Library

[16]

Vertanen, K., and Kristensson P. O., On the benefits of confidence visualization in speech recognition. In Proceedings of the 26^th Annual SIGCHI Conference on Human Factors in Computer Systems. 1497--1500, April, 2008.

Digital Library

Cited By

Jayasundara SGamagedara Arachchilage NRussello G(2024)SoK: Access Control Policy Generation from High-level Natural Language RequirementsACM Computing Surveys10.1145/370605757:4(1-37)Online publication date: 28-Nov-2024
https://dl.acm.org/doi/10.1145/3706057
Andalibi VLear EKim DCamp L(2022)On the Analysis of MUD-Files’ Interactions, Conflicts, and Configuration Requirements Before DeploymentThe Fifth International Conference on Safety and Security with IoT10.1007/978-3-030-94285-4_9(137-157)Online publication date: 8-Jan-2022
https://doi.org/10.1007/978-3-030-94285-4_9
Narouei M(2020)A Top-Down Policy Engineering Framework for Attribute-Based Access Controlundefined10.12794/metadc1703379Online publication date: May-2020
https://doi.org/10.12794/metadc1703379
Show More Cited By

Index Terms

Evaluating assistance of natural language policy authoring
1. Human-centered computing
  1. Human computer interaction (HCI)
2. Social and professional topics
  1. Computing / technology policy

Recommendations

Usable security and privacy: a case study of developing privacy management tools
SOUPS '05: Proceedings of the 2005 symposium on Usable privacy and security

Privacy is a concept which received relatively little attention during the rapid growth and spread of information technology through the 1980's and 1990's. Design to make information easily accessible, without particular attention to issues such as ...
Evaluating interfaces for privacy policy rule authoring
CHI '06: Proceedings of the SIGCHI Conference on Human Factors in Computing Systems

Privacy policy rules are often written in organizations by a team of people in different roles. Currently, people in these roles have no technological tools to guide the creation of clear and implementable high-quality privacy policy rules. High-quality ...
An empirical study of natural language parsing of privacy policy rules using the SPARCLE policy workbench
SOUPS '06: Proceedings of the second symposium on Usable privacy and security

Today organizations do not have good ways of linking their written privacy policies with the implementation of those policies. To assist organizations in addressing this issue, our human-centered research has focused on understanding organizational ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

SOUPS '08: Proceedings of the 4th symposium on Usable privacy and security

July 2008

145 pages

ISBN:9781605582764

DOI:10.1145/1408664

General Chair:
Lorrie Faith Cranor
Carnegie Mellon University

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 July 2008

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SOUPS '08

SOUPS '08: The fourth Symposium on Usable Privacy and Security

July 23 - 25, 2008

Pennsylvania, Pittsburgh, USA

Acceptance Rates

Overall Acceptance Rate 15 of 49 submissions, 31%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

12
Total Citations
View Citations
302
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Jayasundara SGamagedara Arachchilage NRussello G(2024)SoK: Access Control Policy Generation from High-level Natural Language RequirementsACM Computing Surveys10.1145/370605757:4(1-37)Online publication date: 28-Nov-2024
https://dl.acm.org/doi/10.1145/3706057
Andalibi VLear EKim DCamp L(2022)On the Analysis of MUD-Files’ Interactions, Conflicts, and Configuration Requirements Before DeploymentThe Fifth International Conference on Safety and Security with IoT10.1007/978-3-030-94285-4_9(137-157)Online publication date: 8-Jan-2022
https://doi.org/10.1007/978-3-030-94285-4_9
Narouei M(2020)A Top-Down Policy Engineering Framework for Attribute-Based Access Controlundefined10.12794/metadc1703379Online publication date: May-2020
https://doi.org/10.12794/metadc1703379
Narouei MTakabi HNielsen R(2018)Automatic Extraction of Access Control Policies from Natural Language DocumentsIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2018.2818708(1-1)Online publication date: 2018
https://doi.org/10.1109/TDSC.2018.2818708
Garfinkel SLipford H(2014)Usable Security: History, Themes, and ChallengesSynthesis Lectures on Information Security, Privacy, and Trust10.2200/S00594ED1V01Y201408SPT0115:2(1-124)Online publication date: 20-Sep-2014
https://doi.org/10.2200/S00594ED1V01Y201408SPT011
Rudolph MSchwarz RJung C(2014)Security policy specification templates for critical infrastructure services in the cloudThe 9th International Conference for Internet Technology and Secured Transactions (ICITST-2014)10.1109/ICITST.2014.7038776(61-66)Online publication date: Dec-2014
https://doi.org/10.1109/ICITST.2014.7038776
Pearson SSander T(2013)A Decision Support System for Privacy ComplianceData Mining10.4018/978-1-4666-2455-9.ch078(1496-1518)Online publication date: 2013
https://doi.org/10.4018/978-1-4666-2455-9.ch078
Pearson SSander T(2012)A Decision Support System for Privacy ComplianceThreats, Countermeasures, and Advances in Applied Information Security10.4018/978-1-4666-0978-5.ch008(158-180)Online publication date: 2012
https://doi.org/10.4018/978-1-4666-0978-5.ch008
Wilson MCrompton SMatthews BOrlov A(2011)Enforcing Scientific Data Sharing AgreementsProceedings of the 2011 IEEE Seventh International Conference on eScience10.1109/eScience.2011.45(271-278)Online publication date: 5-Dec-2011
https://dl.acm.org/doi/10.1109/eScience.2011.45
Casassa Mont MPearson SCreese SGoldsmith MPapanikolaou N(2011)A Conceptual Model for Privacy Policies with Consent and Revocation RequirementsPrivacy and Identity Management for Life10.1007/978-3-642-20769-3_21(258-270)Online publication date: 2011
https://doi.org/10.1007/978-3-642-20769-3_21
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten