User-centered security

User-centered security (1996)

Cached

Download Links

[www.cs.indiana.edu]

Other Repositories/Bibliography

DBLP

by Mary Ellen Zurko , Richard T. Simon

Citations:

64 - 0 self

BibTeX

@INPROCEEDINGS{Zurko96user-centeredsecurity,
    author = {Mary Ellen Zurko and Richard T. Simon},
    title = {User-centered security},
    booktitle = {},
    year = {1996},
    pages = {27--33},
    publisher = {ACM Press}
}

Years of Citing Articles

Bookmark

OpenURL

Abstract

Abstract: We introduce the term user-centered security to refer to security models, mechanisms, systems, and software that have usability as a primary motivation or goal. We discuss the history of usable secure systems, citing both past problems and present studies. We develop three categories for work in user-friendly security: applying usability testing and techniques to secure systems, developing security models and mechanisms for user-friendly systems, and considering user needs as a primary design goal at the start of secure system development. We discuss our work on user-centered authorization, which started with a rules-based authorization engine (MAP) and will continue with Adage. We outline the lessons we have learned to date and how they apply to our future work. 1

Citations

1373	Usability engineering - Nielsen - 1993
1274	The Design of Everyday Things - Norman - 1998
742	Decentralized trust management - Blaze, Feigenbaum, et al. - 1996
515	Secure computer system: unified exposition and MULTICS interpretation - Bell, LaPadula - 1976
343	A comparison of commercial and military computer security policies - Clark, Wilson - 1987
140	Access Control for Collaborative Environments - Shen, Dewan - 1992
89	Building a secure computer system - Gasser
70	Role-Based Access Control (RBAC): Features and Motivations - Ferraiolo, Cugini, et al. - 1995
55	Naming and Grouping Privileges to Simplify Security Management in Large Databases - Baldwin - 1990
54	Some conundrums concerning separation of duty - Nash, Poland - 1990
29	The Human Factor: Designing Computer Systems for People - Rubinstein, Hersh - 1984
12	Iterative Usability Testing of a Security Application - Karat - 1989
9	Specifying security for CSCW systems - Foley, Jacob - 1995
7	Usability Analysis of Messages from a Security System - Mosteller, Ballas - 1989
4	Contextual Design: An Emergent - Wixon, Holzblatt, et al. - 1990
3	Privacy-Enhanced Electronic Mail: From Architecture to Implementation - Linn - 1991
3	Attribute Support for Inter-Domain Use - Zurko - 1992
1	Networking for Collaboration: Video Telephony and - Fish, Kraut
1	New Uses and Abuses of Interaction History - Hill, Terveen
1	The DCE-Web: Securing the Enterprise Web,” http://www.osf.org/www/dceweb/papers/Secure_Enterprise.html - Lewontin - 1995
1	Adage home - Zurko
1	MAP Data Definitions This section contains the DCE Interface Data Language (IDL) definitions of the MAP rules and labels. The rule structure had five fields: typedef struct map_rule_s_t { mapname name; / the name of the rule / URL_list_t scope; /* whe - page, A