Open Collections

UBC Theses and Dissertations

UBC Theses Logo
Featured Collection

UBC Theses and Dissertations

Intentional access management : making access control usable for end-users Cao, Xiang

Abstract

In today's network-connected, highly dynamic and distributed computing environments, end-users are motivated to share information and collaborate. It is often the responsibility of end-users, however, to control access to their information. The usability of access control mechanisms in modern distributed systems has been widely criticized but little studied. In this thesis, I carefully examine one widely deployed access control mechanism embedded in the WebDAV (Web-based Distributed Authoring and Versioning) standard, from the point-of-view of an end-user trying to decide how to grant or deny access to some resource to a third party. My analysis points to problems with the conceptual usability of the system. Significant effort is required on the part of the user to determine how to implement the desired access rules. The user, however, has low expertise and interest in this task, given that such access management actions are almost always secondary to the collaborative task at hand. This gap between interest and complexity does, however, indicate a possible solution to this problem: to recast the access control puzzle as a decision-support problem in which user intentions (i.e., the descriptions of desired system outputs) are interpreted by an access mediator that either automatically or semi-automatically decides how to achieve the designated goals. I call such systems intentional access management (IAM) systems, and describe them in both general and specific terms. I then propose a set of design principles, as well as three levels of IAM model (wizard, full, and multi-backend). By using the IAMs, end-users interact with the access control system in a natural and consistent way (e.g., by simply specifying their intentions and getting feedback in terms of system effects) without needing to know the internal security mechanism used. Such simplification makes access control more usable. To demonstrate the feasibility and usability of the proposed IAM models, I develop an intentional access management system for WebDAV. End-users can manage access to their WebDAV resources by specifying intentions to this system. The results of a user study conducted on the system show its superior usability compared to traditional access management tools like the access control list editor.

Item Metadata

Title
Intentional access management : making access control usable for end-users
Creator
Cao, Xiang
Publisher
University of British Columbia
Date Issued
2006
Description
In today's network-connected, highly dynamic and distributed computing environments, end-users are motivated to share information and collaborate. It is often the responsibility of end-users, however, to control access to their information. The usability of access control mechanisms in modern distributed systems has been widely criticized but little studied. In this thesis, I carefully examine one widely deployed access control mechanism embedded in the WebDAV (Web-based Distributed Authoring and Versioning) standard, from the point-of-view of an end-user trying to decide how to grant or deny access to some resource to a third party. My analysis points to problems with the conceptual usability of the system. Significant effort is required on the part of the user to determine how to implement the desired access rules. The user, however, has low expertise and interest in this task, given that such access management actions are almost always secondary to the collaborative task at hand. This gap between interest and complexity does, however, indicate a possible solution to this problem: to recast the access control puzzle as a decision-support problem in which user intentions (i.e., the descriptions of desired system outputs) are interpreted by an access mediator that either automatically or semi-automatically decides how to achieve the designated goals. I call such systems intentional access management (IAM) systems, and describe them in both general and specific terms. I then propose a set of design principles, as well as three levels of IAM model (wizard, full, and multi-backend). By using the IAMs, end-users interact with the access control system in a natural and consistent way (e.g., by simply specifying their intentions and getting feedback in terms of system effects) without needing to know the internal security mechanism used. Such simplification makes access control more usable. To demonstrate the feasibility and usability of the proposed IAM models, I develop an intentional access management system for WebDAV. End-users can manage access to their WebDAV resources by specifying intentions to this system. The results of a user study conducted on the system show its superior usability compared to traditional access management tools like the access control list editor.
Genre
Thesis/Dissertation
Type
Text
Language
eng
Date Available
2010-01-05
Provider
Vancouver : University of British Columbia Library
Rights
For non-commercial purposes only, such as research, private study and education. Additional conditions apply, see Terms of Use https://open.library.ubc.ca/terms_of_use.
DOI
10.14288/1.0065423
URI
http://hdl.handle.net/2429/17504
Degree
Master of Applied Science - MASc
Program
Electrical and Computer Engineering
Affiliation
Applied Science, Faculty of; Electrical and Computer Engineering, Department of
Degree Grantor
University of British Columbia
Graduation Date
2006-05
Campus
UBCV
Scholarly Level
Graduate
Aggregated Source Repository
DSpace

Item Media

Item Citations and Data

Rights

For non-commercial purposes only, such as research, private study and education. Additional conditions apply, see Terms of Use https://open.library.ubc.ca/terms_of_use.