Home > Refereed Conference Papers > Do Windows Users Follow the Principle of Least Privilege? Investigating User Account Control Practices > MARC 
000000237 001__ 237
000000237 005__ 20130522141941.0
000000237 037__ $$aLERSSE-RefConfPaper-2010-002
000000237 100__ $$aSara Motiee
000000237 245__ $$aDo Windows Users Follow the Principle of Least Privilege? Investigating User Account Control Practices
000000237 260__ $$c2010-07-14
000000237 300__ $$a13
000000237 520__ $$aThe principle of least privilege requires that users and their programs be granted the most restrictive set of privileges possible to perform required tasks in order to limit the damages caused by security incidents. Low-privileged user accounts (LUA) and user account control (UAC) in Windows Vista and Windows 7 are two practical implementations of this principle. To be successful, however, users must apply due diligence, use appropriate accounts, and respond correctly to UAC prompts. With a user study and contextual interviews, we investigated the motives, understanding, behaviour, and challenges users face when working with user accounts and the UAC. Our results show that 69% of participants did not apply the UAC approach correctly. All 45 participants used an administrator user account, and 91% were not aware of the benefits of low-privilege user accounts or the risks of high-privilege ones. Their knowledge and experience were limited to the restricted rights of low-privilege accounts. Based on our findings, we offer recommendations to improve the UAC and LUA approaches.
000000237 6531_ $$ausable security
000000237 6531_ $$aPLP
000000237 6531_ $$aISSNet
000000237 700__ $$aKirstie Hawkey
000000237 700__ $$aKonstantin Beznosov
000000237 8560_ $$fbeznosov@ece.ubc.ca
000000237 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/237/files/237.pdf$$yTransfer from CDS 0.99.7
000000237 909C4 $$pMotiee, S., Hawkey, K., and Beznosov, K. 2010. Do windows users follow the principle of least privilege?: investigating user account control practices. In Proceedings of the Sixth Symposium on Usable Privacy and Security (Redmond, Washington, July 14 - 16, 2010). SOUPS '10, vol. 485. ACM, New York, NY, 1-13.
000000237 980__ $$aRefConfPaper
LERSSE Digital Library :: Search :: Submit :: Personalize :: Help
Powered by Invenio v1.1.1
Maintained by info@invenio-software.org