Expressions of Expertness: The Virtuous Circle of Natural Language for Access Control Policy Specification

Inglesant, Philip and Sasse, M. Angela and Chadwick, David W. and Shi, Lei Lei (2008) Expressions of Expertness: The Virtuous Circle of Natural Language for Access Control Policy Specification. In: UNSPECIFIED. (Full text available)

PDF
Download (197kB)
[img]
Preview

Abstract

The implementation of usable security is particularly challenging in the growing field of Grid computing, where control is decentralised, systems are heterogeneous, and authorization applies across administrative domains. PERMIS, based on the Role-Based Access Control (RBAC) model, provides a unified, scalable infrastructure to address these challenges. Previous research has found that resource owners generally do not understand the PERMIS RBAC model and consequently have difficulty expressing access control policies. We have addressed this issue by investigating the use of a controlled natural language parser for expressing these policies. In this paper, we describe our experiences in the design, implementation, and evaluation of this parser for the PERMIS Editor. We began by understanding the ways in which non-security specialists express their Grid access control needs, through interviews and focus groups with 45 resource owners. We found that the many areas of Grid computing use present varied security requirements; this suggests a minimal, open design. We designed and implemented a controlled natural language system to support these needs, which we evaluated with a cross-section of 17 target users. We found that the interface is highly usable for interaction: participants were not daunted by the text editor, and understood the syntax easily. However, some strict requirements of the controlled language were problematic. Using natural language helps overcome some conceptual mis-matches between PERMIS RBAC and older paradigms; however, there are still subtleties which are not always understood. In conclusion, the parser is not sufficient on its own, and should be seen in the interplay with other parts of the PERMIS Editor, so that, iteratively, users are helped to understand the underlying PERMIS model and to express their security policies more accurately and more completely.

Item Type: Conference or workshop item (Paper)
Uncontrolled keywords: Authorization; Access Control; Grid computing; RBAC;
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,
Divisions: Faculties > Science Technology and Medical Studies > School of Computing > Security Group
Depositing User: Mark Wheadon
Date Deposited: 29 Mar 2010 12:11
Last Modified: 14 May 2014 10:49
Resource URI: http://kar.kent.ac.uk/id/eprint/24031 (The current URI for this page, for reference purposes)
  • Depositors only (login required):

Downloads

Downloads per month over past year