What's Wrong with Access Control in the Real World?

Security&Privacy
2010
Issue No. 4 - July/August
Abstract - What's Wrong with Access Control in the Real World?

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Sara Sinclair Articles by Sean W. Smith

What's Wrong with Access Control in the Real World?

July/August 2010 (vol. 8 no. 4)

pp. 74-77

	ASCII Text	x
	Sara Sinclair, Sean W. Smith, "What's Wrong with Access Control in the Real World?," IEEE Security & Privacy, vol. 8, no. 4, pp. 74-77, July/August, 2010.

	BibTex	x
	@article{ 10.1109/MSP.2010.139, author = {Sara Sinclair and Sean W. Smith}, title = {What's Wrong with Access Control in the Real World?}, journal ={IEEE Security & Privacy}, volume = {8}, number = {4}, issn = {1540-7993}, year = {2010}, pages = {74-77}, doi = {http://doi.ieeecomputersociety.org/10.1109/MSP.2010.139}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - MGZN JO - IEEE Security & Privacy TI - What's Wrong with Access Control in the Real World? IS - 4 SN - 1540-7993 SP74 EP77 EPD - 74-77 A1 - Sara Sinclair, A1 - Sean W. Smith, PY - 2010 KW - access control KW - policy KW - least privilege KW - usable security. VL - 8 JA - IEEE Security & Privacy ER -

Sara Sinclair, Dartmouth College

Sean W. Smith, Dartmouth College

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2010.139

This article enumerates some simplifying assumptions the security community has made in its effort to gain traction with the access control problem. For many environments, a dramatic and painful mismatch seems to exist between these simplifying assumptions and reality. The authors argue that effective security in these environments might therefore require rethinking these assumptions.

1. L. Cureton,, "Our Insecurities, or How to Stop Worrying and Love Compromised Cyber Environments," NASA CIO blog, 5 June 2010; http://wiki.nasa.gov/cm/blog/NASA-CIO-Blog/ postspost_1275770072399.html.
2. R. Koppel et al., "Workarounds to Barcode Medication Administration Systems: Their Occurrences, Causes, and Threats to Patient Safety," J. Am Medical Informatics Assoc., vol. 15, no. 4, 2008, pp. 408–423.

Index Terms:

access control, policy, least privilege, usable security.

Citation:

Sara Sinclair, Sean W. Smith, "What's Wrong with Access Control in the Real World?," IEEE Security & Privacy, vol. 8, no. 4, pp. 74-77, July-Aug. 2010, doi:10.1109/MSP.2010.139

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.

Print and Online Advertising Opportunities