Almut Herzog, Nahid Shahmehri:
A Usability Study of Security Policy Management.
Abstract
Security policy management is a difficult and
security-critical task. We have evaluated Java's policytool with a
usability study to see how well it can support users in setting up an
appropriate security policy. The Java policytool is a graphical user
interface tool integrated into Sun Microsystem Inc.'s Java 5.0
distribution for setting up security policies that can enable e.g. applets
with more permissions than the default sandbox.
Results show that policytool is in line with other security tools, namely
usability is poor. Policytool provides a certain degree of syntax help to
novice users but it does not help with semantics, does not cater to expert
users and actually does promote the accidental set-up of too lenient a
policy. We show specific usability problems in policytool, comment on the
differences in the policy files created by our study users, explore ways
of solving the error-prone task of setting up a Java policy and relate
this to the general subject of usability of security tools.
URL:
http://rewerse.net/publications/rewerse-publications.html#REWERSE-RP-2006-021
@inproceedings{REWERSE-RP-2006-021, author = {Almut Herzog and Nahid Shahmehri}, title = {A Usability Study of Security Policy Management}, booktitle = {Proceedings of 21st IFIP TC-11 International Information Security Conference, Karlstad, Sweden (22nd--24th May 2006)}, year = {2006}, volume = {201}, organization = {IFIP TC-11}, series = {IFIP}, pages = {296--306}, url = {http://rewerse.net/publications/rewerse-publications.html#REWERSE-RP-2006-021} }