Modeling security policy and the effect for end-users

Kevin D. Jones, Kizito Salako

Research output: Chapter in Book/Report/Conference proceedingConference proceedings published in a bookpeer-review

Abstract

Many "good practices" in computer security are based on assumptions and local evidence that do not generalize. There are few quantifiable methods of establishing or refuting the validity of these practices from a user perspective. We propose a formal model of security policies that allows us to evaluate the claimed benefits to the user of the system quantitatively. We illustrate the use of the model by looking at a security policy we all live with daily: The Password Policy.

Original languageEnglish
Title of host publicationHuman Aspects of Information Security, Privacy, and Trust - First International Conference, HAS 2013, Held as Part of HCI International 2013, Proceedings
PublisherSpringer Verlag
Pages256-265
Number of pages10
ISBN (Print)9783642393440
DOIs
Publication statusPublished - 2013
Event1st International Conference on Human Aspects of Information Security, Privacy, and Trust, HAS 2013, Held as Part of 15th International Conference on Human-Computer Interaction, HCI 2013 - Las Vegas, NV, United States
Duration: 21 Jul 201326 Jul 2013

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume8030 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference1st International Conference on Human Aspects of Information Security, Privacy, and Trust, HAS 2013, Held as Part of 15th International Conference on Human-Computer Interaction, HCI 2013
Country/TerritoryUnited States
CityLas Vegas, NV
Period21/07/1326/07/13

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Modeling security policy and the effect for end-users'. Together they form a unique fingerprint.

Cite this