Abstract
Access control policies perform a vital role in ensuring resources and sensitive data are secure and safeguarded within modern computer systems. However, the effectiveness of these policies in a personal smart space relies on the usability and security knowledge of users and not just the robustness of the policies.Given that access control policy administration involves defining, managing, and enforcing rules for resource accessibility, it is imperative to integrate usability principles to facilitate effective policy configuration and maintenance.
This thesis investigates usability in access control policy administration within smart homes, focusing on onboarding users with diverse technical backgrounds. Through a review of existing literature and industry practices, concerning access control, encompassing usability and risk management considerations, this research identifies challenges, existing research gaps, and weaknesses in prior studies.
A significant challenge identified is the dearth of a user centered approach in performing access control policy administration in a smart home. Existing research has predominantly focused on the technical aspects of access control policy design and implementation, often overlooking the crucial dimension of usability. Previous studies have predominantly emphasized technical aspects over usability, thereby neglecting the usability needs of users with varying levels of technical proficiency.\newline
The weaknesses inherent in prior research efforts underscore the pressing need for an approach that places equal emphasis on both security and usability considerations. This thesis addresses these challenges and gaps by proposing the use of a user centered design (Participatory Design) that integrates usability and security considerations. It aims to provide an alternative user centered practice and mechanism tailored for smart home environments. By conducting empirical investigations, including surveys and user studies, this research offers concrete recommendations for enhancing usability when users are performing access control policy administration.
The outcome of this thesis provides evidence as to the influence usability has in policy administration involving users of diverse technical backgrounds. The introduction of usability considerations resulted in a significant improvement, with users achieving average scores of 81.2\% and 84.3\% when performing policy administration tasks using the access-based approach and policy management approach respectively. Additionally, the paper provides comprehensive data representing the security knowledge of users in a smart home environment and their technical capabilities.
The contribution of this work extends beyond academia to research communities and industries alike. It provides valuable guidance for designing more user-friendly and secure smart home systems, thereby fostering a safer and more accessible environment for end-users. By prioritizing usability alongside security, this research aims to bridge the gap between theory and practice in access control policy administration, ultimately enhancing the overall quality and effectiveness of smart home ecosystems.
Date of Award | 19 Jul 2024 |
---|---|
Original language | English |
Supervisor | Simon Parkinson (Main Supervisor) & Andrew Crampton (Co-Supervisor) |