Expressions of Expertness: The Virtuous Circle of Natural Language for Access Control Policy Specification

The implementation of usable security is particularly challenging in the growing field of Grid computing, where control is decentralised, systems are heterogeneous, and authorization applies across administrative domains. PERMIS, based on the Role-Based Access Control (RBAC) model, provides a unified, scalable infrastructure to address these challenges. Previous research has found that resource owners generally do not understand the PERMIS RBAC model and consequently have difficulty expressing access control policies. We have addressed this issue by investigating the use of a controlled natural language parser for expressing these policies. In this paper, we describe our experiences in the design, implementation, and evaluation of this parser for the PERMIS Editor. We began by understanding the ways in which non-security specialists express their Grid access control needs, through interviews and focus groups with 45 resource owners. We found that the many areas of Grid computing use present varied security requirements; this suggests a minimal, open design. We designed and implemented a controlled natural language system to support these needs, which we evaluated with a cross-section of 17 target users. We found that the interface is highly usable for interaction: participants were not daunted by the text editor, and understood the syntax easily. However, some strict requirements of the controlled language were problematic. Using natural language helps overcome some conceptual mis-matches between PERMIS RBAC and older paradigms; however, there are still subtleties which are not always understood. In conclusion, the parser is not sufficient on its own, and should be seen in the interplay with other parts of the PERMIS Editor, so that, iteratively, users are helped to understand the underlying PERMIS model and to express their security policies more accurately and more completely.