More Web Proxy on the site http://driver.im/

research-article

How Do System Administrators Resolve Access-Denied Issues in the Real World?

Authors:

Yuanyuan ZhouAuthors Info & Claims

CHI '17: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems

Pages 348 - 361

https://doi.org/10.1145/3025453.3025999

Published: 02 May 2017 Publication History

Abstract

The efficacy of access control largely depends on how system administrators (sysadmins) resolve access-denied issues. A correct resolution should only permit the expected access, while maintaining the protection against illegal access. However, anecdotal evidence suggests that correct resolutions are occasional---sysadmins often grant too much access (known as security misconfigurations) to allow the denied access, posing severe security risks. This paper presents a quantitative study on real-world practices of resolving access-denied issues, with a particular focus on how and why security misconfigurations are introduced during problem solving. We characterize the real-world security misconfigurations introduced in the field, and show that many of these misconfigurations were the results of trial-and-error practices commonly adopted by sysadmins to work around access denials. We argue that the lack of adequate feedback information is one fundamental reason that prevents sysadmins from developing precise understanding and thus induces trial and error. Our study on access-denied messages shows that many of today's software systems miss the opportunities for providing adequate feedback information, imposing unnecessary obstacles to correct resolutions.

References

[1]

Sepehr Amir-Mohammadian, Stephen Chong, and Christian Skalka. 2016. Correct Audit Logging: Theory and Practice. In Proceedings of the 5th International Conference on Principles of Security and Trust (POST'16). Eindhoven, The Netherlands.

Digital Library

[2]

Apache Users Mailing List. 2016. http://mail-archives.apache.org/mod_mbox/httpd-users/. (2016).

[3]

Dirk Balfanz. 2003. Usable Access Control for the World Wide Web. In Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC'03). Las Vegas, NV, USA.

[4]

Rob Barrett, Yen-Yang Michael Chen, and Paul Maglio. 2009. System Administrators are Users, Too: Designing Workspaces for Managing Internet-Scale Systems. In Proceedings of the 27th ACM Conference on Human Factors in Computing Systems (CHI'03). Boston, MA, USA.

[5]

Rob Barrett, Eser Kandogan, Paul P. Maglio, Eben Haber, Leila A. Takayama, and Madhu Prabaker. 2004. Field Studies of Computer System Administrators: Analysis of System Management Tools and Practices. In Proceedings of the 2004 ACM Conference on Computer Supported Cooperative Work (CSCW'04). Baltimore, MD, USA.

Digital Library

[6]

Lujo Bauer, Lorrie Faith Cranor, Robert W. Reeder, Michael K. Reiter, and Kami Vaniea. 2008. A User Study of Policy Creation in a Flexible Access-Control System. In Proceedings of the 26th ACM Conference on Human Factors in Computing Systems (CHI'08). Florence, Italy.

Digital Library

[7]

Lujo Bauer, Lorrie Faith Cranor, Robert W. Reeder, Michael K. Reiter, and Kami Vaniea. 2009. Real Life Challenges in Access Control Management. In Proceedings of the 27th ACM Conference on Human Factors in Computing Systems (CHI'09). Boston, MA, USA.

Digital Library

[8]

Lujo Bauer, Scott Garriss, and Michael K. Reiter. 2008. Detecting and Resolving Policy Misconfigurations in Access-Control Systems. In Proceedings of the 13th ACM Symposium on Access Control Models and Technologies (SACMAT'08). Estes Park, CO, USA.

Digital Library

[9]

Lujo Bauer, Scott Garriss, and Michael K. Reiter. 2011. Detecting and Resolving Policy Misconfigurations in Access-Control Systems. ACM Transactions on Information and System Security (TISSEC) 14, 1 (May 2011), 1--28.

Digital Library

[10]

David Botta, Rodrigo Werlinger, André Gagné, Konstantin Beznosov, Lee Iverson, Sidney Fels, and Brian Fisher. 2007. Towards Understanding IT Security Professionals and Their Tools. In Proceedings of the 2nd Symposium on Usable Privacy and Security (SOUPS'07). Pittsburgh, PA, USA.

Digital Library

[11]

Xiang Cao and Lee Iverson. 2006. Intentional access management: making access control usable for end-users. In Proceedings of the 2nd Symposium on Usable Privacy and Security (SOUPS'06). Pittsburgh, PA, USA.

Digital Library

[12]

CentOS Forums. 2016. https://www.centos.org/forums/. (2016).

[13]

CentOS Mailing Lists. 2016. https://lists.centos.org/pipermail/centos/. (2016).

[14]

Anton Chuvakin and Gunnar Peterson. 2010. How to Do Application Logging Right. IEEE Security & Privacy 8, 4 (Jul. 2010), 82--85.

Digital Library

[15]

Tathagata Das, Ranjita Bhagwan, and Prasad Naldurg. 2010. Baaz: A System for Detecting Access Control Misconfigurations. In Proceedings of the 19th USENIX Security Symposium (USENIX Security'10). Washington, DC, USA.

[16]

Database Administrators. 2016. http://dba.stackexchange.com. (2016).

[17]

Database Administrators #127003. 2016. Can't access MySQL database with created user through dll. http://dba.stackexchange.com/questions/127003/cantaccess-mysql-database-with-created-user-through-dll. (Jan. 2016).

[18]

Serge Egelman, Andrew Oates, and Shriram Krishnamurthi. 2011. Oops, I Did it Again: Mitigating Repeated Access Control Errors on Facebook. In Proceedings of the 29th ACM International Conference on Human Factors in Computing Systems (CHI'11). Vancouver, BC, Canada.

Digital Library

[19]

Daniel Farmer and Eugene H. Spafford. 1990. The COPS Security Checker System. Technical Report CSD-TR-993. Purdue University, Dept. of Computer Science.

[20]

Adrienne Porter Felt. 2012. Towards Comprehensible and Effective Permission Systems. Ph.D. Dissertation. University of California at Berkeley, Electrical Engineering and Computer Sciences.

[21]

Jeff Goldman. 2014. Misconfigured Server Causes Massive Data Breach at MBIA. http://www.esecurityplanet.com/networksecurity/misconfigured-server-causes-massive-databreach-at-mbia.html. (Oct. 2014).

[22]

Eben M. Haber and John Bailey. 2007. Design Guidelines for System Administration Tools Developed through Ethnographic Field Study. In Proceedings of the 1st ACM Symposium on Computer Human Interaction for Management of Information Technology (CHIMIT'07). Cambridge, MA, USA.

Digital Library

[23]

Hadoop User Mailing Lists. 2016. http://mail-archives.apache.org/mod_mbox/hadoop-user/. (2016).

[24]

Hewlett Packard Enterprise. 2015. HP Cyber Risk Report 2015. http://www8.hp.com/h20195/v2/GetPDF.aspx/4AA50858ENN.pdf. (Feb. 2015).

[25]

Adele E. Howe, Indrajit Ray, Mark Roberts, Malgorzata Urbanska, and Zinta Byrne. 2012. The Psychology of Security for the Home Computer User. In Proceeding of the 33rd IEEE Symposium on Security & Privacy (S&P). San Francisco, CA, USA.

Digital Library

[26]

Weihang Jiang, Chongfeng Hu, Shankar Pasupathy, Arkady Kanevsky, Zhenmin Li, and Yuanyuan Zhou. 2009. Understanding Customer Problem Troubleshooting from Storage System Logs. In Proceedings of the 7th USENIX Conference on File and Storage Technologies (FAST'09). San Francisco, CA, USA.

Digital Library

[27]

Maritza L. Johnson. 2012. Toward Usable Access Control for End-users: A Case Study of Facebook Privacy Settings. Ph.D. Dissertation. Columbia University, Computer Science.

[28]

Eser Kandogan and Eben M. Haber. 2005. Security Administration Tools and Practices. Security and Usability, O'Reilly Media, Inc. (Aug. 2005).

[29]

Apu Kapadia, Geetanjali Sampemane, and Roy H. Campbell. 2004. Know Why Your Access Was Denied: Regulating Feedback for Usable Security. In Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS'04). Washington, DC, USA.

Digital Library

[30]

Butler Lampson. 2009. Usable Security: How to Get It. Commun. ACM 52, 11 (Nov. 2009), 25--27.

Digital Library

[31]

Butler Lampson. 2015. Perspectives on Security. SOSP History Day. (Oct. 2015). http://sigops.org/sosp/sosp15/history/.

[32]

Butler W. Lampson. 1974. Protection. ACM SIGOPS Operating Systems Review 8, 1 (Jan. 1974), 18--24.

Digital Library

[33]

Butler W. Lampson. 2004. Computer Security in the Real World. IEEE Computer 37, 6 (Jun. 2004), 37--46.

Digital Library

[34]

Paul P. Maglio and Eser Kandogan. 2004. Error Messages: What's the Problem? ACM Queue 2, 8 (Nov. 2004), 50--55.

Digital Library

[35]

Roy A. Maxion and Robert W. Reeder. 2005. Improving User-Interface Dependability through Mitigation of Human Error. International Journal of Human-Computer Studies 63, 1--2 (Jul. 2005), 25--50.

Digital Library

[36]

Michelle L. Mazurek, J. P. Arsenault, Joanna Bresee, Nitin Gupta, Iulia Ion, Christine Johns, Daniel Lee, Yuan Liang, Jenny Olsen, Brandon Salmon, Richard Shay, Kami Vaniea, Lujo Bauer, Lorrie Faith Cranor, Gregory R. Granger, and Michael K. Reiter. 2010. Access Control for Home Data Sharing: Attitudes, Needs, and Practices. In Proceedings of the 28th ACM International Conference on Human Factors in Computing Systems (CHI'10). Atlanta, GA, USA.

Digital Library

[37]

Microsoft Baseline Security Analyzer. 2016. http://www. microsoft.com/technet/security/tools/MBSAHome.mspx. (2016).

[38]

MySQL Bug #80542. 2016. Should notify users when ignoring their option files. http://bugs.mysql.com/bug.php?id=80542. (Feb. 2016).

[39]

MySQL General Discussion Mailing List. 2016. https://lists.mysql.com/mysql. (2016).

[40]

Peter G. Neumann. 2015. Reminiscences on the 25th SOSP's History Day Workshop. http://sigops.org/sosp/sosp15/history/12-neumann.pdf. (2015).

[41]

Eric Steven Raymond and Rick Moen. 2014. How To Ask Questions The Smart Way. http://www.catb.org/~esr/faqs/smart-questions.html. (2014).

[42]

Robert W. Reeder, Lujo Bauer, Lorrie Faith Cranor, Michael K. Reiter, Kelli Bacon, Keisha How, and Heather Strong. 2008. Expandable Grids for Visualizing and Authoring Computer Security Policies. In Proceedings of the 26th ACM Conference on Human Factors in Computing Systems (CHI'08). Florence, Italy.

Digital Library

[43]

Robert W. Reeder, Lujo Bauer, Lorrie Faith Cranor, Michael K. Reiter, and Kami Vaniea. 2011. More than Skin Deep: Measuring Effects of the Underlying Model on Access-Control System Usability. In Proceedings of the 29th ACM International Conference on Human Factors in Computing Systems (CHI'11). Vancouver, BC, Canada.

Digital Library

[44]

Cindy Rubio-González, Haryadi S. Gunawi, Ben Liblit, Remzi H. Arpaci-Dusseau, and Andrea C. Arpaci-Dusseau. 2009. Error Propagation Analysis for File Systems. In Proceedings of the 30th Annual ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI'09). Dublin, Ireland.

Digital Library

[45]

Bruce Schneier. 2009. Real-World Access Control. https://www.schneier.com/blog/archives/2009/09/realworld_acce.html. (2009).

[46]

ServerFault. 2016. http://serverfault.com. (2016).

[47]

ServerFault #235376. 2011. Apache/PHP writing to a user's home folder. http://serverfault.com/questions/235376/apache-phpwriting-to-a-users-home-folder. (Feb. 2011).

[48]

ServerFault #287508. 2011. Apache Permission denied problem on OS X. serverfault.com/questions//apachepermission-denied-problem-on-os-x. (Jul. 2011).

[49]

ServerFault #396036. 2012. Apache httpd permissions. http://serverfault.com/questions/396036/apache-httpdpermissions. (Jun. 2012).

[50]

ServerFault #401115. 2012. Apache Mod SVN Access Forbidden. http://serverfault.com/questions/401115/apache-modsvn-access-forbidden. (Jun. 2012).

[51]

ServerFault #402630. 2012. HTTP Error: 413 Request Entity Too Large. http://serverfault.com/questions/402630/http-error413-request-entity-too-large. (Jun. 2012).

[52]

ServerFault #418101. 2012. Apache "Client denied by server con?guration", despite allowing access to directory (vhost configuration). http://serverfault.com/questions/418101/apache-clientdenied-by-server-configuration-despite-allowingaccess-to-direc. (Aug. 2012).

[53]

ServerFault #421633. 2012. Cannot write file with apache despite 777 permissions on Directory. http://serverfault.com/questions/421633/cannot-writefile-with-apache-despite-777-permissions-on-directory. (Aug. 2012).

[54]

ServerFault #507914. 2013. Mysql working remotely but not localy. http://serverfault.com/questions/507914/mysql-workingremotely-but-not-localy. (May 2013).

[55]

ServerFault #65362. 2009. Is there a work around for the "Permission denied? error from urllib2.urlopen" http: //serverfault.com/questions//is-there-a-work-aroundfor-the-permission-denied-error-from-urllib2-urlopen. (Sep. 2009).

[56]

Sara Sinclair. 2013. Access Control In and For the Real World. Ph.D. Dissertation. Dartmouth College, Dept. of Computer Science.

[57]

Sara Sinclair and Sean W. Smith. 2010. What's Wrong with Access Control in the Real World? IEEE Security & Privacy 8, 4 (Jul. 2010), 74--77.

Digital Library

[58]

StackOverflow. 2016. http://stackoverflow.com. (2016).

[59]

StackOverflow #13542384. 2012. Setting permissions for cloudera hadoop. http://stackoverflow.com/questions/13542384/settingpermissions-for-cloudera-hadoop. (Nov. 2012).

[60]

StackOverflow #22664268. 2014. Error on map reduce example of Hadoop 2.2.0. http://stackoverflow.com/questions/22664268/error-onmap-reduce-example-of-hadoop-2--2-0. (Mar. 2014).

[61]

StackOverflow #29438893. 2015. Hadoop jar execution failing on class not found. http://stackoverflow.com/questions/29438893/hadoopjar-execution-failing-on-class-not-found. (Apr. 2015).

[62]

StackOverflow #30926357. 2015. Oozie on YARN oozie is not allowed to impersonate hadoop. http://stackoverflow.com/questions/30926357/oozie-onyarn-oozie-is-not-allowed-to-impersonate-hadoop. (Jun. 2015).

[63]

StackOverflow #33358339. 2015. Hadoop "error while writing TokenizerMapper permission denied". http://stackoverflow.com/questions/33358339/hadooperror-while-writing-tokenizermapper-permission-denied. (Jun. 2015).

[64]

StackOverflow #473789. 2013. mysql doesn't start after relocating data dir. http://serverfault.com/questions/473789/mysql-doesntstart-after-relocating-data-dir. (Jan. 2013).

[65]

StackOverflow Help Center. 2016. Why is voting important? http://stackoverflow.com/help/why-vote. (2016).

[66]

Leila Takayama and Eser Kandogan. 2006. Trust as an Underlying Factor of System Administrator Interface Choice. In CHI '06 Extended Abstracts on Human Factors in Computing Systems (CHI EA'06). Montréal, Québec, Canada.

Digital Library

[67]

The Open Web Application Security Project. 2013. OWASP Top 10: The Ten Most Critical Web Application Security Risks. http://owasptop10.googlecode.com/files/ OWASP%20Top%2010%20-%202013.pdf. (2013).

[68]

Dan Walsh. 2013. Audit2allow should be your third option not the first. http://danwalsh.livejournal.com/63137.html. (2013).

[69]

Ryan West. 2008. The Psychology of Security. Commun. ACM 51, 4 (Apr. 2008), 34--40.

Digital Library

[70]

Tianyin Xu, Long Jin, Xuepeng Fan, Yuanyuan Zhou, Shankar Pasupathy, and Rukma Talwadker. 2015. Hey, You Have Given Me Too Many Knobs! Understanding and Dealing with Over-Designed Configuration in System Software. In Proceedings of the 10th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE'15). Bergamo, Italy.

Digital Library

[71]

Tianyin Xu, Xinxin Jin, Peng Huang, Yuanyuan Zhou, Shan Lu, Long Jin, and Shankar Pasupathy. 2016. Early Detection of Configuration Errors to Reduce Failure Damage. In Proceedings of the 12th USENIX Conference on Operating Systems Design and Implementation (OSDI'16). Savannah, GA, USA.

Digital Library

[72]

Tianyin Xu, Jiaqi Zhang, Peng Huang, Jing Zheng, Tianwei Sheng, Ding Yuan, Yuanyuan Zhou, and Shankar Pasupathy. 2013. Do Not Blame Users for Misconfigurations. In Proceedings of the 24th Symposium on Operating System Principles (SOSP'13). Farmington, PA, USA.

Digital Library

[73]

Tianyin Xu and Yuanyuan Zhou. 2015. Systems Approaches to Tackling Configuration Errors: A Survey. ACM Computing Surveys (CSUR) 47, 4 (Jul. 2015).

Digital Library

[74]

Zuoning Yin, Xiao Ma, Jing Zheng, Yuanyuan Zhou, Lakshmi N. Bairavasundaram, and Shankar Pasupathy. 2011. An Empirical Study on Configuration Errors in Commercial and Open Source Systems. In Proceedings of the 23rd ACM Symposium on Operating Systems Principles (SOSP'11). Cascais, Portugal.

Digital Library

[75]

Ding Yuan. 2012. Improving Failure Diagnosis with Better Logging Design and Analysis. Ph.D. Dissertation. University of Illinois Urbana-Champaign, Dept. of Computer Science.

[76]

Ding Yuan, Soyeon Park, Peng Huang, Yang Liu, Michael M. Lee, Xiaoming Tang, Yuanyuan Zhou, and Stefan Savage. 2012. Be Conservative: Enhancing Failure Diagnosis with Proactive Logging. In Proceedings of the 10th USENIX Conference on Operating Systems Design and Implementation (OSDI'12). Hollywood, CA, USA.

[77]

Ding Yuan, Jing Zheng, Soyeon Park, Yuanyuan Zhou, and Stefan Savage. 2011. Improving Software Diagnosability via Log Enhancement. In Proceedings of the 16th International Conference on Architecture Support for Programming Languages and Operating Systems (ASPLOS'11). Newport Beach, CA, USA.

Digital Library

[78]

Jiaqi Zhang, Lakshmi Renganarayana, Xiaolan Zhang, Niyu Ge, Vasanth Bala, Tianyin Xu, and Yuanyuan Zhou. 2014. EnCore: Exploiting System Environment and Correlation Information for Misconfiguration Detection. In Proceedings of the 19th International Conference on Architecture Support for Programming Languages and Operating Systems (ASPLOS'14). Salt Lake City, UT, USA.

Digital Library

[79]

Sai Zhang and Michael D. Ernst. 2015. Proactive Detection of Inadequate Diagnostic Messages for Software Configuration Errors. In Proceedings of the 2015 International Symposium on Software Testing and Analysis (ISSTA'15). Baltimore, MD, USA.

Digital Library

[80]

Mary Ellen Zurko, Rich Simon, and Tom Sanfilippo. 1999. A User-Centered, Modular Authorization Service Built on an RBAC Foundation. In Proceedings of the 20th IEEE Symposium on Security and Privacy (S&P). Oakland, CA, USA.

Cited By

Frazier JWeinstein EIzydorczak IWu YCuadros NSur DMorrison-Smith S(2025)DriveGroups: Using Group Perspective for Usable Data Sharing in Research CollaborationsProceedings of the ACM on Human-Computer Interaction10.1145/37011929:1(1-28)Online publication date: 10-Jan-2025
https://dl.acm.org/doi/10.1145/3701192
Baumer TReittinger TKern SPernul GKelley PKapadia A(2024)Digital nudges for access reviewsProceedings of the Twentieth USENIX Conference on Usable Privacy and Security10.5555/3696899.3696912(239-258)Online publication date: 12-Aug-2024
https://dl.acm.org/doi/10.5555/3696899.3696912
Jayasundara SGamagedara Arachchilage NRussello G(2024)SoK: Access Control Policy Generation from High-level Natural Language RequirementsACM Computing Surveys10.1145/370605757:4(1-37)Online publication date: 28-Nov-2024
https://dl.acm.org/doi/10.1145/3706057
Show More Cited By

Index Terms

How Do System Administrators Resolve Access-Denied Issues in the Real World?

Recommendations

Authorized! access denied, unauthorized! access granted
SIN '13: Proceedings of the 6th International Conference on Security of Information and Networks

Existing access control systems are mostly identity-based. However, such access control systems impose risks because recognized identity is not essentially an interpretation of good intentions of access. On the other hand, an un-identified individual ...
An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security
ICFNDS '17: Proceedings of the International Conference on Future Networks and Distributed Systems

Role-based access control (RBAC) is a widely-used protocol to design and build an access control for providing the system security regarding authorization. Even though in the context of internet resources access, the authentication and access control ...
An authorization mechanism for a relational database system

A multiuser database system must selectively permit users to share data, while retaining the ability to restrict data access. There must be a mechanism to provide protection and security, permitting information to be accessed only by properly authorized ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CHI '17: Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems

May 2017

7138 pages

ISBN:9781450346559

DOI:10.1145/3025453

General Chairs:
Gloria Mark
University of California Irvine
,
Susan Fussell
Cornell University
,
Program Chairs:
Cliff Lampe
University of Michigan
,
m.c. schraefel
University of Southampton
,
Juan Pablo Hourcade
University of Iowa
,
Caroline Appert
Université Paris-Sud
,
Daniel Wigdor
University of Toronto

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGCHI: ACM Special Interest Group on Computer-Human Interaction

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 May 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CHI '17

Sponsor:

SIGCHI

CHI '17: CHI Conference on Human Factors in Computing Systems

May 6 - 11, 2017

Colorado, Denver, USA

Acceptance Rates

CHI '17 Paper Acceptance Rate 600 of 2,400 submissions, 25%;

Overall Acceptance Rate 6,199 of 26,314 submissions, 24%

Upcoming Conference

CHI 2025

Sponsor:
sigchi

ACM CHI Conference on Human Factors in Computing Systems

April 26 - May 1, 2025

Yokohama , Japan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

25
Total Citations
View Citations
631
Total Downloads

Downloads (Last 12 months)32
Downloads (Last 6 weeks)0

Reflects downloads up to 23 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Frazier JWeinstein EIzydorczak IWu YCuadros NSur DMorrison-Smith S(2025)DriveGroups: Using Group Perspective for Usable Data Sharing in Research CollaborationsProceedings of the ACM on Human-Computer Interaction10.1145/37011929:1(1-28)Online publication date: 10-Jan-2025
https://dl.acm.org/doi/10.1145/3701192
Baumer TReittinger TKern SPernul GKelley PKapadia A(2024)Digital nudges for access reviewsProceedings of the Twentieth USENIX Conference on Usable Privacy and Security10.5555/3696899.3696912(239-258)Online publication date: 12-Aug-2024
https://dl.acm.org/doi/10.5555/3696899.3696912
Jayasundara SGamagedara Arachchilage NRussello G(2024)SoK: Access Control Policy Generation from High-level Natural Language RequirementsACM Computing Surveys10.1145/370605757:4(1-37)Online publication date: 28-Nov-2024
https://dl.acm.org/doi/10.1145/3706057
Shen BShan TZhou YCalandrino JTroncoso C(2023)MultiviewProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620657(7499-7516)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620657
Shen BShan TZhou YCalandrino JTroncoso C(2023)Improving logging to reduce permission over-granting mistakesProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620261(409-426)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620261
Soroko DSavino GGray NSchöning J(2023)Social Transparency in Network Monitoring and Security SystemsProceedings of the 22nd International Conference on Mobile and Ubiquitous Multimedia10.1145/3626705.3627773(37-53)Online publication date: 3-Dec-2023
https://dl.acm.org/doi/10.1145/3626705.3627773
Llamas JPreuveneers DJoosen W(2023)Effective Machine Learning-based Access Control Administration through Unlearning2023 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)10.1109/EuroSPW59978.2023.00011(50-57)Online publication date: Jul-2023
https://doi.org/10.1109/EuroSPW59978.2023.00011
Kern SBaumer TFuchs LPernul G(2023)Maintain High-Quality Access Control Policies: An Academic and Practice-Driven ApproachData and Applications Security and Privacy XXXVII10.1007/978-3-031-37586-6_14(223-242)Online publication date: 12-Jul-2023
https://doi.org/10.1007/978-3-031-37586-6_14
Markert PSchnitzler TGolla MDürmuth MChiasson SKapadia A(2022)"As soon as it's a risk, i want to require MFA"Proceedings of the Eighteenth USENIX Conference on Usable Privacy and Security10.5555/3563609.3563635(483-501)Online publication date: 8-Aug-2022
https://dl.acm.org/doi/10.5555/3563609.3563635
Andalibi VLear EKim DCamp L(2022)On the Analysis of MUD-Files’ Interactions, Conflicts, and Configuration Requirements Before DeploymentThe Fifth International Conference on Safety and Security with IoT10.1007/978-3-030-94285-4_9(137-157)Online publication date: 8-Jan-2022
https://doi.org/10.1007/978-3-030-94285-4_9
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents