Faculty of Economics and Business Administration Publications Database

How much negotiation and detail can users handle?

Abstract: Tailor made security is being enabled by more options for specifying security policies and enhanced possibilities for negotiating security. On the other side these new options raise the complexity of transactions and systems: Users can be overwhelmed, which can lead to less security than before. This paper describes conclusions from a case study and trial of a personal reachability and security manager for telephone based communication. The device helped to negotiate and balance security requirements. The study analysed how much negotiation and detail users could handle during their day-to-day transactions and how they could be supported. Some results are strongly related to more ‘classic’ security techniques like access control that are becoming more and more interactive: When users learn to understand the consequences of their access control decisions and can tune their policies these mature to a satisfying level. When users see advantages for their daily activities they are willing to invest more time into understanding additional complexity.
Year: 2000
Link External Source: Online Version
Book Title: Computer Security - ESORICS 2000
ISBN: 978-3540410317
Adress: Berlin Heidelberg 2000
Editor: Cuppens, Frédéric / Deswarte, Yves / Gollmann, Dieter / Waidner, Michael
Publisher: Springer
Pages: 37 - 54