The implementation of usable security is particularly challenging in the growing field of Grid computing, where control is decentralised, systems are heterogeneous, and authorization applies across administrative domains. PERMIS, based on the Role-Based Access Control (RBAC) model, provides a unified infrastructure to address these challenges. Previous research has found that resource owners who do not understand the PERMIS RBAC model have difficulty expressing access control policies. We have addressed this issue by investigating the use of a controlled natural language parser for expressing these policies. In this paper, we describe our experiences in the design, implementation, and evaluation of this parser for the PERMIS Editor. We began by understanding Grid access control needs as expressed by resource owners, through interviews and focus groups with 45 Grid practitioners. We found that the many areas of Grid computing use present varied security requirements; this suggests a minimal, open design. We designed and implemented a controlled natural language system to support these needs, which we evaluated with a cross-section of 17 target users. We found that participants were not daunted by the text editor, and understood the syntax easily. However, some strict requirements of the controlled language were problematic. Using controlled natural language helps overcome some conceptual mis-matches between PERMIS RBAC and older paradigms; however, there are still subtleties which are not always understood. In conclusion, the parser is not sufficient on its own, and should be seen in the interplay with other parts of the PERMIS Editor, so that, iteratively, users are helped to understand the underlying PERMIS model and to express their security policies more accurately and more completely.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Anne Adams , Martina Angela Sasse, Users are not the enemy, Communications of the ACM, v.42 n.12, p.40-46, Dec. 1999  [doi>10.1145/322796.322806]
	2	Adams, A. and Sasse, M. A. 2001. Privacy in Multimedia Communications: Protecting Users, not Just Data. In: People and Computers XV - Interaction without frontiers. Joint Proceedings of HCI 2001 and ICM 2001 (Lille, France, September, 2001), Springer, Berlin, Germany, 49--64
	3	Carolyn A. Brodie , Clare-Marie Karat , John Karat, An empirical study of natural language parsing of privacy policy rules using the SPARCLE policy workbench, Proceedings of the second symposium on Usable privacy and security, July 12-14, 2006, Pittsburgh, Pennsylvania  [doi>10.1145/1143120.1143123]
	4	Sacha Brostoff , M. Angela Sasse , David Chadwick , James Cunningham , Uche Mbanaso , Sassa Otenko, ‘R-What?’ Development of a role-based access control policy-writing tool for e-Scientists: Research Articles, Software—Practice & Experience, v.35 n.9, p.835-856, July 2005  [doi>10.1002/spe.v35:9]
	5	David W. Chadwick , Alexander Otenko, RBAC Policies in XML for X.509 Based Privilege Management, Proceedings of the IFIP TC11 17th International Conference on Information Security: Visions and Perspectives, p.39-54, May 07-09, 2002
	6	Chadwick, D. and Sasse, M. A. 2006. The Virtuous Circle of Expressing Authorisation Policies. In: Proceedings of Second Semantic Web Policy Workshop (SWPW'06) (Athens, GA, USA, November, 2006)
	7	David Chadwick , Gansen Zhao , Sassa Otenko , Romain Laborde , Linying Su , Tuan Anh Nguyen, PERMIS: a modular authorization infrastructure, Concurrency and Computation: Practice & Experience, v.20 n.11, p.1341-1357, August 2008  [doi>10.1002/cpe.v20:11]
	8	Louise Clark , Martina Angela Sasse, Conceptual Design Reconsidered: The Case of the Internet Session Directory Tool, Proceedings of HCI on People and Computers XII, p.67-84, January 1997
	9	Ivan Flechais , Cecilia Mascolo , M. Angela Sasse, Integrating security and usability into the requirements and design process, International Journal of Electronic Security and Digital Forensics, v.1 n.1, p.12-26, January 2007  [doi>10.1504/IJESDF.2007.013589]
	10	Funk, A., Tablan, V., Bontcheva, K., Cunningham, H., Davis, B., and Handschuh, S. 2007. CLOnE: Controlled Language for Ontology Editing. In: Proceedings of 6th International Semantic Web Conference (ISWC) (Busan, Korea, November, 2007)
	11	Dieter Gollmann, Computer security, John Wiley & Sons, Inc., New York, NY, 1999
	12	Marty Humphrey , Mary R. Thompson, Security Implications of Typical Grid Computing Usage Scenarios, Cluster Computing, v.5 n.3, p.257-264, July 2002  [doi>10.1023/A:1015621120332]
	13	Clare-Marie Karat , John Karat , Carolyn Brodie , Jinjuan Feng, Evaluating interfaces for privacy policy rule authoring, Proceedings of the SIGCHI conference on Human Factors in computing systems, April 22-27, 2006, Montréal, Québec, Canada  [doi>10.1145/1124772.1124787]
	14	Karat, J., Karat, C.-M., and Brodie, C. Human-Computer Interaction Viewed from the Intersection of Privacy, Security, and Trust. In The Human-Computer Interaction Handbook: Fundamentals, Evolving Technologies and Emerging Applications Sears, Andrew and Jacko, Julie A (Eds.) CRC Press, Boca Raton, FL, USA, 639--658
	15	Nielsen, J. Ten Usability Heuristics http://www.useit.com/papers/heuristic/heuristic_list.html
	16	John F. Pane , Brad A. Myers , Chotirat Ann Ratanamahatana, Studying the language and structure in non-programmers' solutions to programming problems, International Journal of Human-Computer Studies, v.54 n.2, p.237-264, Feb. 2001  [doi>10.1006/ijhc.2000.0410]
	17	Pulman, S. G. 1996. Controlled Language for Knowledge Representation. In: CLAW96: Proceedings of the First International Workshop on Controlled Language Applications (Leuven, Belgium, March, 1996), 233--242
	18	Jochen Rode , Mary Beth Rosson , Manuel A. Pérez-Quiñones, End-Users' Mental Models of Concepts Critical to Web Application Development, Proceedings of the 2004 IEEE Symposium on Visual Languages - Human Centric Computing, p.215-222, September 26-29, 2004  [doi>10.1109/VLHCC.2004.25]
	19	Saltzer, J. H. and Schroeder, M. D. 1975. The Protection of Information in Computer Systems. Proceedings of the IEEE 63, 9 (1975), 1278--1308
	20	Jean E. Sammet, The early history of COBOL, History of programming languages I, ACM, New York, NY, 1978  [doi>10.1145/800025.1198367]
	21	Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996  [doi>10.1109/2.485845]
	22	Whitten, A. and Tygar, J. D. 1999. Why Johnny Can't Encrypt. In: Proceedings of the 8th USENIX Security Symposium (Washington, DC, USA, August, 1999), 169--184
	23	Ka-Ping Yee, User Interaction Design for Secure Systems, Proceedings of the 4th International Conference on Information and Communications Security, p.278-290, December 09-12, 2002
	24	Zurko, M. E., Simon, R., and Sanfilippo, T. 1999. A User-Centered, Modular Authorization Service Built on an RBAC Foundation. In: IEEE Symposium on Security and Privacy (Oakland, CA, USA, May, 1999), IEEE, 57--71