000000295 001__ 295
000000295 005__ 20151203070526.0
000000295 037__ $$aLERSSE-RefConfPaper-2014-003
000000295 100__ $$aPooya Jaferian
000000295 245__ $$aTo authorize or not authorize: helping users review access policies in organizations
000000295 260__ $$c2014-06-05
000000295 300__ $$a20
000000295 520__ $$aThis work addresses the problem of reviewing complex access policies in an organizational context using two studies. In the first study, we used semi-structured interviews to explore the access review activity and identify its challenges. The interviews revealed that access review involves challenges such as scale, technical complexity, the frequency of reviews, human errors, and exceptional cases. We also modeled access review in the activity theory framework. The model shows that access review requires an understanding of the activity context including information about the users, their job, their access rights, and the history of access policy. We then used activity theory guidelines to design a new user interface named AuthzMap. We conducted an exploratory user study with 340 participants to compare the use of AuthzMap with two existing commercial systems for access review. The results show that AuthzMap improved the efficiency of access review in 5 of the 7 tested scenarios, compared to the existing systems. AuthzMap also improved accuracy of actions in one of the 7 tasks, and only negatively affected accuracy in one of the tasks. 
000000295 6531_ $$aUsable Security
000000295 700__ $$aHootan Rashtian
000000295 700__ $$aKonstantin Beznosov
000000295 8560_ $$fpooya@ece.ubc.ca
000000295 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/295/files/soups-article.pdf
000000295 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/295/files/soups-article.pdf?subformat=pdfa$$xpdfa
000000295 909C4 $$pPooya Jaferian, Hootan Rashtian, and Konstantin Beznosov. 2014. To authorize or not authorize: helping users review access policies in organizations. SOUPS'14: Symposium On Usable Privacy and Security. Menlo Park, CA.
000000295 980__ $$aRefConfPaper