Generation of usable policy administration points for security and privacy
- Authors
- Publication Date
- Jan 01, 2020
- Source
- Fraunhofer-ePrints
- Keywords
- Language
- English
- License
- Unknown
- External links
Abstract
Users want to gain more self-determination in the form of self-responsible definition and control of their security and privacy demands. Policy Administration Points (PAPs) for the specification of security and privacy policies exist; however, users face usability problems using these tools. PAPs provide different specification paradigms, which determine the specification process for the task of policy specification including the levels of expressiveness and guidance for the user. This dissertation addresses the topic of automated creation of usable PAPs. First, we focus on the mapping of specification paradigms to user groups for increasing the usability by means of effectiveness, efficiency and satisfaction. Second, we propose a method for the automated creation of PAPs. This includes a method for eliciting security and privacy policy templates from an application domain, a policy template model for formalizing these policy templates as well as a PAP generation framework for the automated creation of policy specification interfaces within PAPs based on a policy template model instance. Last, we empirically confirm our findings in four case studies and one experiment.