Usable access control

The research described in this work can significantly simplify and facilitate the creation and configuration of secure access control rule sets. Access control is used to provide confidential data or information only to authorized entities and deny access otherwise. Access control mechanisms can be configured with access control rule sets that need to be created and maintained by the users or administrators. The research commences by answering the first research question: 1. How can access control be integrated into future products? Basic concepts are presented and integrated into a holistic design. The latter is embedded into a general framework, which was developed by an academia-industry consortium, and in which the author participated. Questions arise regarding usability aspects of access control mechanisms. An analysis of security services in the beginning of this dissertation shows that, especially for access control mechanisms that are managed by casual users, a high level of usability is required because individual preferences of the data owner have to be taken into account. Analysis of how the core security objectives (see Section 2.2) can be achieved identifies a usability gap regarding the generation and configuration of access control rule sets. Automation is not fully possible because individual preferences of users need to be considered. Related research questions are: 2. What are the requirements for usable access control rule sets? Matthias Beckerle Dissertation Usable Access Control