Interaction Design Foundation
Free educational materials - made by the world's technology elite
 
Join us on Linkedin
Join us on Twitter
Join us on Google plus
Get our RSS Feed
 
 
ReferencesNavigation arrowAuthorsNavigation arrowPhilip Inglesant
May 20

The moment clients realize that revisions are not an all-you-can-eat buffet, suddenly they realize they are not hungry.

-- Lester Beall

 
 

Featured chapter

Read the fascinating history of Wearable Computing, told by its father, Steve Mann

Read Steve's chapter !

 
 

Help us help you!

 
 

Philip Inglesant

Picture of Philip Inglesant. Copyright unknown.
Add description
Add publication

Publications by Philip Inglesant (bibliography)

 what's this?
2010
 
Edit | Del

Brostoff, Sacha, Inglesant, Philip and Sasse, M. Angela (2010): Evaluating the usability and security of a graphical one-time PIN system. In: Proceedings of the HCI10 Conference on People and Computers XXIV 2010. pp. 88-97.

Traditional Personal Identification Numbers (PINs) are widely used, but the attacks in which they are captured have been increasing. One-time PINs offer better security, but potentially create greater workload for users. In this paper, we present an independent evaluation of a commercial system that makes PINs more resistant to observation attacks by using graphical passwords on a grid to generate a one-time PIN. 83 participants were asked to register with the system and log in at varying intervals. The successful login rate was approximately 91% after 3-4 days, and 97% after 9-10 days. Twenty five participants were retested after two years, and 27% of those were able to recall their pattern. We recorded 17 instances of failed attempts, and found that even though participants recalled the general shape of the pass-pattern in 13 of these instances, they could not recall its detailed location or sequence of cells. We conclude that GrIDsure is usable if people have one pass-pattern, but the level of security will depend on the context of use (it will work best in scenarios where repeated observations of transactions are unlikely), and the instructions given to users (without guidance, they are likely to chose from a small subset of the possible patterns which are easily guessed).

© All rights reserved Brostoff et al. and/or BCS

2008
 
Edit | Del

Inglesant, Philip, Sasse, M. Angela, Chadwick, David and Shi, Lei Lei (2008): Expressions of expertness: the virtuous circle of natural language for access control policy specification. In: Proceedings of the 2008 Symposium on Usable Privacy and Security 2008. pp. 77-88.

The implementation of usable security is particularly challenging in the growing field of Grid computing, where control is decentralised, systems are heterogeneous, and authorization applies across administrative domains. PERMIS, based on the Role-Based Access Control (RBAC) model, provides a unified infrastructure to address these challenges. Previous research has found that resource owners who do not understand the PERMIS RBAC model have difficulty expressing access control policies. We have addressed this issue by investigating the use of a controlled natural language parser for expressing these policies. In this paper, we describe our experiences in the design, implementation, and evaluation of this parser for the PERMIS Editor. We began by understanding Grid access control needs as expressed by resource owners, through interviews and focus groups with 45 Grid practitioners. We found that the many areas of Grid computing use present varied security requirements; this suggests a minimal, open design. We designed and implemented a controlled natural language system to support these needs, which we evaluated with a cross-section of 17 target users. We found that participants were not daunted by the text editor, and understood the syntax easily. However, some strict requirements of the controlled language were problematic. Using controlled natural language helps overcome some conceptual mis-matches between PERMIS RBAC and older paradigms; however, there are still subtleties which are not always understood. In conclusion, the parser is not sufficient on its own, and should be seen in the interplay with other parts of the PERMIS Editor, so that, iteratively, users are helped to understand the underlying PERMIS model and to express their security policies more accurately and more completely.

© All rights reserved Inglesant et al. and/or ACM Press

 
Edit | Del

Inglesant, Philip and Sasse, Martina Angela (): . In: . .

 
Add publication
Show this list on your homepage
 
 

Join the technology elite and advance:

 
1.

Your career

 
2.

Your network

 
 3.

Your skills

 
 
 
 
 
 

Changes to this page (author)

03 Apr 2012: Added
22 Feb 2010: Modified
08 Apr 2009: Added
12 May 2008: Added

Page Information

Page maintainer: The Editorial Team
URL: http://www.interaction-design.org/references/authors/philip_inglesant.html
May 20

The moment clients realize that revisions are not an all-you-can-eat buffet, suddenly they realize they are not hungry.

-- Lester Beall

 
 

Featured chapter

Read the fascinating history of Wearable Computing, told by its father, Steve Mann

Read Steve's chapter !

 
 

Help us help you!

 
 
 
 
About | Press kit / Media kit | Copyright/IP Policy | General Terms of Use / General Site Terms and Conditions | Privacy Policy

How to help | Site Map

RSS Subscribe through an RSS feed
 
.