Real Life Challenges in Access-control Management

Lujo Bauer, Lorrie Faith Cranor, Robert W. Reeder, Michael K. Reiter, Kami Vaniea

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In this work we ask the question: what are the challenges of managing a physical or file system access-control policy for a large organization? To answer the question, we conducted a series of interviews with thirteen administrators who manage access-control policy for either a file system or a physical space. Based on these interviews we identified three sets of real-world requirements that are either ignored or inadequately addressed by technology: 1) policies are made/implemented by multiple people; 2) policy makers are distinct from policy implementers; and 3) access-control systems don't always have the capability to implement the desired policy. We present our interview results and propose several possible solutions to address the observed issues.
Original languageEnglish
Title of host publicationProceedings of the SIGCHI Conference on Human Factors in Computing Systems
Place of PublicationNew York, NY, USA
PublisherACM
Pages899-908
Number of pages10
ISBN (Print)978-1-60558-246-7
DOIs
Publication statusPublished - 2009

Keywords

  • access control, policy creation

Fingerprint

Dive into the research topics of 'Real Life Challenges in Access-control Management'. Together they form a unique fingerprint.

Cite this