Abstract
We examine the problem of providing useful feedback about access control decisions to users while controlling the disclosure of the system's security policies. Relevant feedback enhances system usability, especially in systems where permissions change in unpredictable ways depending on contextual information. However, providing feedback indiscriminately can violate the confidentiality of system policy. To achieve a balance between system usability and the protection of security policies, we present Know, a framework that uses cost functions to provide feedback to users about access control decisions. Know honors the policy protection requirements, which are represented as a meta-policy, and generates permissible and relevant feedback to users on how to obtain access to a resource. To the best of our knowledge, our work is the first to address the need for useful access control feedback while honoring the privacy and confidentiality requirements of a system's security policy.
Original language | English (US) |
---|---|
Pages (from-to) | 52-61 |
Number of pages | 10 |
Journal | Proceedings of the ACM Conference on Computer and Communications Security |
State | Published - 2004 |
Event | Proceedings of the 11th ACM Conference on Computer and Communications Security, CCS 2004 - Washington, DC, United States Duration: Oct 25 2004 → Oct 29 2004 |
Keywords
- Access control
- Feedback
- Policy protection
- Privacy
- Security
- Usability
ASJC Scopus subject areas
- Software
- Computer Networks and Communications