Institutional Research Information Service
UCL Logo
Please report any queries concerning the funding data grouped in the sections named "Externally Awarded" or "Internally Disbursed" (shown on the profile page) to your Research Finance Administrator. Your can find your Research Finance Administrator at https://www.ucl.ac.uk/finance/research/rs-contacts.php by entering your department
Please report any queries concerning the student data shown on the profile page to:

Email: portico-services@ucl.ac.uk

Help Desk: http://www.ucl.ac.uk/ras/portico/helpdesk
Publication Detail
"R-What?" Development of a Role-Based Access Control (RBAC) Policy-Writing Tool for e-Scientists
  • Publication Type:
    Journal article
  • Publication Sub Type:
  • Authors:
    Brostoff S, Sasse MA, Chadwick D, Cunningham J, Mbanaso U, Otenko S
  • Publication date:
  • Pagination:
    835, 856
  • Journal:
    Software Practice and Experience
  • Volume:
  • Issue:
  • Print ISSN:
  • Keywords:
    security, usability, access control
A lightweight role-based access control policy authoring tool was developed for e-Scientists, a community where access policies have to be implemented for an increasingly heterogeneous group of local and remote users. Two fundamental problems were identified (1) lack of understanding what the policy components are (i.e. how authorization policies are structured), and (2) lack of understanding of the underlying policy paradigm (i.e. what should go into the policy, and what should be left out). Conceptual design (CD) techniques were used to revise the user interface (UI) labels so that e-Scientists and developers were better able to describe access policy components from labels, and match labels with components (t=6.28, df=7, p=.000 two tailed). CD, instructional text, bubble help, UI behaviour and alert boxes were used to shape users\' models of the policy paradigm. The final prototype improved users\' efficiency and effectiveness by: more than doubling the speed with which expert users could write authorization policies; and facilitating users without specialist security knowledge to overcome the policy paradigm and components problems, enabling them to complete 80% of basic and 75% of advanced authorization policy writing tasks in a usability trial.
Publication data is maintained in RPS. Visit https://rps.ucl.ac.uk
 More search options
UCL Researchers
Dept of Computer Science
University College London - Gower Street - London - WC1E 6BT Tel:+44 (0)20 7679 2000

© UCL 1999–2011

Search by