Abstract
Tailor made security is being enabled by more options for specifying security policies and enhanced possibilities for negotiating security. On the other side these new options raise the complexity of transactions and systems: Users can be overwhelmed, which can lead to less security than before. This paper describes conclusions from a case study and trial of a personal reachability and security manager for telephone based communication. The device helped to negotiate and balance security requirements. The study analysed how much negotiation and detail users could handle during their day-to-day transactions and how they could be supported. Some results are strongly related to more ‘classic’ security techniques like access control that are becoming more and more interactive: When users learn to understand the consequences of their access control decisions and can tune their policies these mature to a satisfying level. When users see advantages for their daily activities they are willing to invest more time into understanding additional complexity.
Chapter PDF
References
Ammenwerth, E., Bludau, H.-B., Buchauer, A., Roßnagel, A.: Simulation Studies for the Evaluation of Security Technology. In: [MülRan99], pp. 547–560
Dufft, C., Espey, J., Neuf, H., Rudinger, G., Stapf, K.: Usability and Security. In: [MülRan99], pp. 531–545
Gattung, G., Grimm, R., Pordesch, U., Schneider, M.J.: Persönliche Sicherheitsmanager in der virtuellen Welt. S. 181-205. In: Müller, G., Pfitzmann, A. (eds.) Mehrseitige Sicherheit in der Kommunikationstechnik, Vol. I, Bonn (1997)
Gong, L.: Inside Java 2 Platform Security: Architecture, API Design and Implementation. Addison-Wesley, Reading (1999)
Müller, G., Rannenberg, K.: Multilateral Security in Communications. Addison-Wesley-Longman, München (1999) ISBN-3-8273-1360-0
Pordesch, U.: Negotiating security among end users: concept and test in a simulation study. Computer Networks and ISDN-Systems, 1597 - 1605 (30/1998)
Pordesch, U., Roßnagel, A., Schneider, M.J.: Simulationsstudie Mobile und sichere Kommunikation im Gesundheitswesen, DuD 1999, p. 76 (1999)
Rannenberg, K., Pfitzmann, A., Müller, G.: IT Security and Multilateral Security. In: [MülRan99], pp. 21–29
Reichenbach, M., Damker, H., Federrath, H., Rannenberg, K.: Individual Management of Personal Reachability in Mobile Communication. In: Yngström, L., Carlsen, J. (eds.) Information Security in Research and Business; Proceedings of the IFIP TC11 13th International Information Security Conference (SEC 1997), Copenhagen, Denmark, May 14-16, pp. 163–174. Chapman & Hall, London (1997) ISBN 0-412-8178-02
Roßnagel, A., Haux, R., Herzog, W. (eds.): Mobile und sichere Kommunikation im Gesundheitswesen, Braunschweig, Vieweg (1999)
Whitten, A., Tygar, D.: Why Johnny Can’t Encrypt: A Usability Evaluation of PGP5.0. In: Proceedings of the 8th USENIX Security Symposium (August 1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rannenberg, K. (2000). How Much Negotiation and Detail Can Users Handle? Experiences with Security Negotiation and the Granularity of Access Control in Communications. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds) Computer Security - ESORICS 2000. ESORICS 2000. Lecture Notes in Computer Science, vol 1895. Springer, Berlin, Heidelberg. https://doi.org/10.1007/10722599_3
Download citation
DOI: https://doi.org/10.1007/10722599_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-41031-7
Online ISBN: 978-3-540-45299-7
eBook Packages: Springer Book Archive