Sciweavers

CCS
2004
ACM

KNOW Why your access was denied: regulating feedback for usable security

14 years 5 months ago
KNOW Why your access was denied: regulating feedback for usable security
We examine the problem of providing useful feedback about access control decisions to users while controlling the disclosure of the system’s security policies. Relevant feedback enhances system usability, especially in systems where permissions change in unpredictable ways depending on contextual information. However, providing feedback indiscriminately can violate the confidentiality of system policy. To achieve a balance between system usability and the protection of security policies, we present Know, a framework that uses Ordered Binary Decision Diagrams (OBDDs) and cost functions to provide feedback to users about access control decisions. Know honors the policy protection requirements, which are represented as a meta-policy, and generates permissible and relevant feedback to users on how to obtain access to a resource. To the best of our knowledge, our work is the first to address the need of useful access control feedback while honoring the privacy and confidentiality requ...
Apu Kapadia, Geetanjali Sampemane, Roy H. Campbell
Added 01 Jul 2010
Updated 01 Jul 2010
Type Conference
Year 2004
Where CCS
Authors Apu Kapadia, Geetanjali Sampemane, Roy H. Campbell
Comments (0)