This Article 
 Bibliographic References 
 Add to: 
What's Wrong with Access Control in the Real World?
July/August 2010 (vol. 8 no. 4)
pp. 74-77
Sara Sinclair, Dartmouth College
Sean W. Smith, Dartmouth College
This article enumerates some simplifying assumptions the security community has made in its effort to gain traction with the access control problem. For many environments, a dramatic and painful mismatch seems to exist between these simplifying assumptions and reality. The authors argue that effective security in these environments might therefore require rethinking these assumptions.

1. L. Cureton,, "Our Insecurities, or How to Stop Worrying and Love Compromised Cyber Environments," NASA CIO blog, 5 June 2010; postspost_1275770072399.html.
2. R. Koppel et al., "Workarounds to Barcode Medication Administration Systems: Their Occurrences, Causes, and Threats to Patient Safety," J. Am Medical Informatics Assoc., vol. 15, no. 4, 2008, pp. 408–423.

Index Terms:
access control, policy, least privilege, usable security.
Sara Sinclair, Sean W. Smith, "What's Wrong with Access Control in the Real World?," IEEE Security & Privacy, vol. 8, no. 4, pp. 74-77, July-Aug. 2010, doi:10.1109/MSP.2010.139
Usage of this product signifies your acceptance of the Terms of Use.