Comparing Access-Control Technologies: A Study of Keys and Smartphones

Lujo Bauer, Lorrie Faith Cranor, Robert W. Reeder, Michael K. Reiter, Kami Vaniea

Research output: Working paper

Abstract / Description of output

Significant effort has been invested in developing expressive and flexible access-control languages and systems. However, little work has been done to evaluate these theoretically interesting systems in practical situations with real users, and few attempts have been made to discover and analyze the accesscontrol policies that users actually want to implement. In this paper we report on a study in which we derive the ideal access policies desired by a group of users for physical security in an office environment. We compare these ideal policies to the policies the users actually implemented with keys and with Grey, a smartphone-based distributed access-control system. We show quantitatively that Grey allowed our users to implement their ideal policies more accurately and securely than they could with keys, and describe where each system fell short. As part of this evaluation we identify conditions that users commonly required in their desired policies and explain how these conditions can or cannot be implemented with keys and Grey. Our results and experience can serve to inform the designers of access-control systems about which features these systems should include if they are to successfully meet users’ needs.
Original languageEnglish
Number of pages21
Publication statusPublished - 2007


Dive into the research topics of 'Comparing Access-Control Technologies: A Study of Keys and Smartphones'. Together they form a unique fingerprint.

Cite this