ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Lessons learned from the deployment of a smartphone-based access-control system
Full text PdfPdf (921 KB)
Source
ACM International Conference Proceeding Series; Vol. 229 archive
Proceedings of the 3rd symposium on Usable privacy and security table of contents
Pittsburgh, Pennsylvania
SESSION: Privacy and access control table of contents
Pages: 64 - 75  
Year of Publication: 2007
ISBN:978-1-59593-801-5
Authors
Lujo Bauer  Carnegie Mellon University
Lorrie Faith Cranor  Carnegie Mellon University
Michael K. Reiter  Carnegie Mellon University
Kami Vaniea  Carnegie Mellon University
Sponsor
: CyLab
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 25,   Downloads (12 Months): 144,   Citation Count: 2
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1280680.1280689
What is a DOI?

ABSTRACT

Grey is a smartphone-based system by which a user can exercise her authority to gain access to rooms in our university building, and by which she can delegate that authority to other users. We present findings from a trial of Grey, with emphasis on how common usability principles manifest themselves in a smartphone-based security application. In particular, we demonstrate aspects of the system that gave rise to failures, misunderstandings, misperceptions, and unintended uses; network effects and new flexibility enabled by Grey; and the implications of these for user behavior. We argue that the manner in which usability principles emerged in the context of Grey can inform the design of other such applications.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

1
Anne Adams , Martina Angela Sasse, Users are not the enemy, Communications of the ACM, v.42 n.12, p.40-46, Dec. 1999  [doi>10.1145/322796.322806]
 
2
A. Bandura. V. S. Ramachaudran (Ed.), Encyclopedia of Human Behavior, volume 4, chapter Self-Efficacy, pages 71--81. Academic Press, New York, 1994.
 
3
L. Bauer, L. Cranor, R. W. Reeder, M. K. Reiter, and K. Vaniea. Comparing access-control technologies: A study of keys and smartphones. Technical Report CMU-CYLAB-07-005, Carnegie Mellon University, 2007.
 
4
L. Bauer, S. Garriss, J. M. McCune, M. K. Reiter, J. Rouse, and P. Rutenbar. Device-enabled authorization in the Grey system. In Proceedings of the 8th Information Security Conference, pages 431--445, Sept. 2005.
 
5
L. R. Beach and T. R. Mitchell. A contingency model for the selection of decision strategies. The Academy of Management Review, 3:439--449, 1978.
 
6
Allan Beaufour , Philippe Bonnet, Personal Servers as Digital Keys, Proceedings of the Second IEEE International Conference on Pervasive Computing and Communications (PerCom'04), p.319, March 14-17, 2004
7
Christina Braz , Jean-Marc Robert, Security and usability: the case of the user authentication methods, Proceedings of the 18th International Conferenceof the Association Francophone d'Interaction Homme-Machine, p.199-203, April 18-21, 2006, Montreal, Canada  [doi>10.1145/1132736.1132768]
 
8
Smart mobile device market growth remains steady at 55%. Canalys Research Release 2006/071, July 2006. Available at http://www.canalys.com/pr/2006/r2006071.htm as of Sept. 23, 2006.
9
Xiang Cao , Lee Iverson, Intentional access management: making access control usable for end-users, Proceedings of the second symposium on Usable privacy and security, July 12-14, 2006, Pittsburgh, Pennsylvania  [doi>10.1145/1143120.1143124]
 
10
Jason Cornwell , Ian Fette , Gary Hsieh , Madhu Prabaker , Jinghai Rao , Karen Tang , Kami Vaniea , Lujo Bauer , Lorrie Cranor , Jason Hong , Bruce McLaren , Mike Reiter , Norman Sadeh, User-Controllable Security and Privacy for Pervasive Computing, Proceedings of the Eighth IEEE Workshop on Mobile Computing Systems and Applications, p.14-19, March 08-09, 2007  [doi>10.1109/HOTMOBILE.2007.21]
 
11
F. D. Davis. Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Quarterly, 13(3):319--340, Sep 1989.
 
12
Paul Dourish , E. Grinter , Jessica Delgado de la Flor , Melissa Joseph, Security in the wild: user strategies for managing security as an everyday, practical problem, Personal and Ubiquitous Computing, v.8 n.6, p.391-401, November 2004  [doi>10.1007/s00779-004-0308-5]
 
13
D. F. Ferraiolo, D. M. Gilbert, and N. Lynch. An examination of federal and commercial access control policy needs. In 16th National Computer Security Conference, pages 107--116, 1993.
14
Simson L. Garfinkel , Robert C. Miller, Johnny 2: a user test of key continuity management with S/MIME and Outlook Express, Proceedings of the 2005 symposium on Usable privacy and security, p.13-24, July 06-08, 2005, Pittsburgh, Pennsylvania  [doi>10.1145/1073001.1073003]
15
Shirley Gaw , Edward W. Felten , Patricia Fernandez-Kelly, Secrecy, flagging, and paranoia: adoption criteria in encrypted email, Proceedings of the SIGCHI conference on Human Factors in computing systems, April 22-27, 2006, Montréal, Québec, Canada  [doi>10.1145/1124772.1124862]
16
Erik Geelhoed , Peter Toft , Suzanne Roberts , Patrick Hyland, To influence time perception, Conference companion on Human factors in computing systems, p.272-273, May 07-11, 1995, Denver, Colorado, United States  [doi>10.1145/223355.223670]
17
Robert Geist , Robert Allen , Ronald Nowaczyk, Towards a model of user perception of computer systems response time, Proceedings of the SIGCHI/GI conference on Human factors in computing systems and graphics interface, p.249-253, April 05-09, 1987, Toronto, Ontario, Canada
18
Michael Hildebrandt , Alan Dix , Herbert A. Meyer, Time design, CHI '04 extended abstracts on Human factors in computing systems, April 24-29, 2004, Vienna, Austria  [doi>10.1145/985921.986208]
19
Apu Kapadia , Geetanjali Sampemane , Roy H. Campbell, KNOW Why your access was denied: regulating feedback for usable security, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA  [doi>10.1145/1030083.1030092]
 
20
M. L. Katz and C. Shapiro. Systems competition and network effects. Journal of Economic Perspectives, 8(2):93--115, Spring 1994.
 
21
Roy A. Maxion , Robert W. Reeder, Improving user-interface dependability through mitigation of human error, International Journal of Human-Computer Studies, v.63 n.1-2, p.25-50, July 2005  [doi>10.1016/j.ijhcs.2005.04.009]
 
22
J. Nielsen. Usability Engineering, chapter 5. Morgan Kaufmann, 1994.
 
23
U. Piazzalunga, P. Salveneschi, and P. Coffetti. The usability of security devices. In L. F. Cranor and S. Garfinkel, editors, Security and Usability: Designing Secure Systems that People Can Use, pages 221--241. O'Reilly, 2005.
 
24
C. Taylor. Global mobile phone connections hit 2.5bn. The Register, Sept. 2006. Available at http://www.theregister.co.uk/2006/09/08/mobile_connections_soar/ as of Sept. 27, 2006.
 
25
Bruce Tognazzini, TOG on Interface, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1992
 
26
Alma Whitten , J. D. Tygar, Why Johnny can't encrypt: a usability evaluation of PGP 5.0, Proceedings of the 8th conference on USENIX Security Symposium, p.14-14, August 23-26, 1999, Washington, D.C.
 
27
Feng Zhu , Matt W. Mutka , Lionel M. Ni, The Master Key: A Private Authentication Approach for Pervasive Computing Environments, Proceedings of the Fourth Annual IEEE International Conference on Pervasive Computing and Communications, p.212-221, March 13-17, 2006  [doi>10.1109/PERCOM.2006.47]

CITED BY  2
Lujo Bauer , Lorrie Faith Cranor , Robert W. Reeder , Michael K. Reiter , Kami Vaniea, A user study of policy creation in a flexible access-control system, Proceeding of the twenty-sixth annual SIGCHI conference on Human factors in computing systems, April 05-10, 2008, Florence, Italy
Lujo Bauer , Scott Garriss , Michael K. Reiter, Detecting and resolving policy misconfigurations in access-control systems, Proceedings of the 13th ACM symposium on Access control models and technologies, June 11-13, 2008, Estes Park, CO, USA

INDEX TERMS

Primary Classification:
  H. Information Systems
  H.1 MODELS AND PRINCIPLES
      H.1.2 User/Machine Systems
          Subjects: Human factors

Additional Classification:
  H. Information Systems
  H.5 INFORMATION INTERFACES AND PRESENTATION (I.7)
      H.5.2 User Interfaces (D.2.2, H.1.2, I.3.6)
      H.5.3 Group and Organization Interfaces

  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)
          Subjects: Authentication


General Terms:
Human Factors, Security


Keywords:
access control, mobile computing, security, smartphones, usability

Collaborative Colleagues:
Lujo Bauer: colleagues
Lorrie Faith Cranor: colleagues
Michael K. Reiter: colleagues
Kami Vaniea: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player