@inproceedings{5d8637caf1c84a0bb2327a2690137369,
title = "Modeling security policy and the effect for end-users",
abstract = "Many {"}good practices{"} in computer security are based on assumptions and local evidence that do not generalize. There are few quantifiable methods of establishing or refuting the validity of these practices from a user perspective. We propose a formal model of security policies that allows us to evaluate the claimed benefits to the user of the system quantitatively. We illustrate the use of the model by looking at a security policy we all live with daily: The Password Policy.",
author = "Jones, {Kevin D.} and Kizito Salako",
year = "2013",
doi = "10.1007/978-3-642-39345-7_27",
language = "English",
isbn = "9783642393440",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "256--265",
booktitle = "Human Aspects of Information Security, Privacy, and Trust - First International Conference, HAS 2013, Held as Part of HCI International 2013, Proceedings",
address = "Germany",
note = "1st International Conference on Human Aspects of Information Security, Privacy, and Trust, HAS 2013, Held as Part of 15th International Conference on Human-Computer Interaction, HCI 2013 ; Conference date: 21-07-2013 Through 26-07-2013",
}