Computer Science Department
School of Computer Science, Carnegie Mellon University


A Prototype User Interface for Coarse-Grained
Desktop Access Control

A. Chris Long, Courtney Moskowitz, Gregory Ganger

November 2003

Keywords: User interface, security, desktop, low-fidelity prototyping, role-based access control, sandboxing, compartmented mode workstation

Viruses, trojan horses, and other malware are a growing problem for computer users, but current tools and research do not adequately aid users in fighting these threats. One approach to increasing security is to partition all applications and data based on general task types, or "roles," such as "Personal," "Work," and "Communications." This can limit the effects of malware to a single role rather than allowing it to affect the entire computer. We are developing a prototype to investigate the usability of this security model. Our initial investigation uses cognitive walkthrough and think-aloud user studies of paper prototypes to look at this model in the context of realistic tasks, and to compare different user interface mechanisms for managing data and applications in a role-based system. For most participants, our interface was simple to understand and use. In addition to a security model that is intrinsically useful, we believe development of this system will inform issues in the design and implementation of usable security interfaces, such as refinement of design guidelines.

18 pages

Return to: SCS Technical Report Collection
School of Computer Science homepage

This page maintained by