Usable set-up of runtime security policies

11 years 1 months ago
Usable set-up of runtime security policies
Setting up runtime security policies as required for firewalls or as envisioned by policy languages for the Semantic Web is a difficult task, especially for lay users who have little knowledge in the security domain. While technical solutions for runtime protection and advanced security policy languages abound, little effort has so far been spent on enabling users to actually use these systems to set up a security policy, and certainly not at runtime. To start filling this gap, we give concrete and verified guidelines for designers that are faced with the task of delegating security decisions to lay users. We advocate, for example, that security policies be set up at runtime, not off-line, that the principle of least privilege be enforced and that alert windows be compact but still contain information about the consequences of a chosen action. These guidelines have emerged from our own and others’ research on usability and security. They are further strengthened through the impl...
Almut Herzog, Nahid Shahmehri
Added 15 Dec 2010
Updated 15 Dec 2010
Type Journal
Year 2007
Where IMCS
Authors Almut Herzog, Nahid Shahmehri
Comments (0)