研究生: |
張岑軒 Tsen-Hsuan Chang |
---|---|
論文名稱: |
使用者友善之風險導向存取控制政策管理介面 On design a User-friendly Interface for Risk-based Access Control Policy Management |
指導教授: |
查士朝
Shi-Cho Cha 洪政煌 Cheng-Huang Hung |
口試委員: |
查士朝
Shi-Cho Cha 洪政煌 Cheng-Huang Hung 黃政嘉 Jheng-Jia Huang |
學位類別: |
碩士 Master |
系所名稱: |
管理學院 - 資訊管理系 Department of Information Management |
論文出版年: | 2023 |
畢業學年度: | 112 |
語文別: | 中文 |
論文頁數: | 65 |
中文關鍵詞: | 存取控制 、零信任 、使用者體驗 、介面設計 、易用性 |
外文關鍵詞: | Access Control, Zero Trust, User Experience, User Interface Design, Usability |
相關次數: | 點閱:93 下載:5 |
分享至: |
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
隨著科技的發展,檔案分享變得越來越便捷,然而這也帶來了新的挑戰。在使用存取控制機制進行檔案管理時,使用者往往忽視潛在風險。為了解決這個問題,本研究試圖結合零信任框架和易用性設計原則,以設計一個易於使用且能有效控制風險的存取控制介面。
本研究先根據文獻回顧與演變的風險自適應存取控制(Evolutionary Risk Adaptive Access Control, ERAdAC)架構,分析了當前的存取控制模型,並根據所得結果,作為焦點小組討論之方向,用以了解使用者在使用存取控制時遇到的問題以及他們的需求。根據這些需求,本研究提出新的存取控制介面並進行易用性評估測試。
本實驗的參與者主要為具有電腦知識和存取控制使用經驗的使用者,他們被要求完成一系列的任務,過程中記錄操作時間及行為態度等資料,並在任務結束後進行半結構式訪談,以揭示易用性問題。本研究使用單向任務評估(Single Ease Question, SEQ)、淨推薦分數(Net Promoter Score, NPS)和系統可用性量表(System Usability Scale, SUS)作為評估新介面設計易用性的工具。
經過以上的實驗流程,本研究得出以下結論:(1)新的存取控制介面設計在操作時間、成功率上都有表明使用過程的效率提升。(2)根據NPS和SUS的評估結果,使用者對新的介面設計給予了正面的回饋。
With the development of technology, file sharing has become more and more convenient. However, this also brings new challenges. Users often overlook the potential risks when managing files through access control mechanisms. In order to solve this problem, this study attempts to combine the Zero Trust Architecture and Ease-of-Use design principles to design an easy-to-use and risk-controlled access control interface.
An analysis of current access control models, using literature reviews and the Evolutionary Risk Adaptive Access Control (ERAdAC) framework, led to a focus group discussion to identify user needs and problems. This informed the design of a new access control interface, which was then subjected to usability testing.
The study recruited knowledgeable participants with experience in using access control. They completed a series of tasks while their operation time and behavioral attitudes were recorded. Post-task semi-structured interviews exposed usability issues. The Single Ease Question (SEQ), Net Promoter Score (NPS), and System Usability Scale (SUS) were used to evaluate the new interface design's usability.
After the above experimental process, this study draws the following conclusions: (1) The new access control interface design has shown the efficiency improvement of the usage process in terms of operation time and success rate. (2) According to the evaluation results of NPS and SUS, users gave positive feedback to the new interface design.
[1] “What is NAS? - Network-Attached Storage Explained - AWS,” Amazon Web Services, Inc. Accessed: Jun. 19, 2023. [Online]. Available: https://aws.amazon.com/what-is/nas/
[2] R. Vanickis, P. Jacob, S. Dehghanzadeh, and B. Lee, “Access Control Policy Enforcement for Zero-Trust-Networking,” in 2018 29th Irish Signals and Systems Conference (ISSC), Jun. 2018, pp. 1–6. doi: 10.1109/ISSC.2018.8585365.
[3] N. Alharbe, A. Aljohani, M. A. Rakrouki, and M. Khayyat, “An Access Control Model Based on System Security Risk for Dynamic Sensitive Data Storage in the Cloud,” Appl. Sci., vol. 13, no. 5, Art. no. 5, Jan. 2023, doi: 10.3390/app13053187.
[4] Kapil Raina, “What is Zero Trust Security? Principles of the Zero Trust Model,” crowdstrike.com. Accessed: Jul. 04, 2023. [Online]. Available: https://www.crowdstrike.com/cybersecurity-101/zero-trust-security/
[5] Y. G. Wu, W. H. Yan, and J. Z. Wang, “Real identity based access control technology under zero trust architecture,” in 2021 International Conference on Wireless Communications and Smart Grid (ICWCSG), Aug. 2021, pp. 18–22. doi: 10.1109/ICWCSG53609.2021.00011.
[6] S. Furnell, “Security Fatigue,” in Encyclopedia of Cryptography, Security and Privacy, S. Jajodia, P. Samarati, and M. Yung, Eds., Berlin, Heidelberg: Springer, 2019, pp. 1–5. doi: 10.1007/978-3-642-27739-9_1591-1.
[7] Shi-Cho Cha, Yi-Hsuan Hsuan, Kuo-Hui Yeh, Takeshi Ishihara, Ohba Yoshihiro, and Wei-Nin Chen, “An Evolutionary Risk-based Access Control Framework for Enterprise File Systems,” in IEEE 8th World Forum on Internet of Things, Yokohama, Japan, Oct. 2022.
[8] Y. Zhao and W. Zhou, “Interaction Design System for Artificial Intelligence User Interfaces Based on UML Extension Mechanisms,” Mob. Inf. Syst., vol. 2022, Spring 2022, doi: 10.1155/2022/3534167.
[9] David Heath, “The Evolution of Zero Trust and the Frameworks that Guide It.” Accessed: Jun. 19, 2023. [Online]. Available: https://www.ibm.com/cloud/blog/the-evolution-of-zero-trust-and-the-frameworks-that-guide-it
[10] S. Rose, O. Borchert, S. Mitchell, and S. Connelly, “Zero Trust Architecture,” National Institute of Standards and Technology, Aug. 2020. doi: 10.6028/NIST.SP.800-207.
[11] 羅正漢, “【ZTA 101】NIST SP 800-207第二章:零信任基礎認知,” iThome. Accessed: Jun. 18, 2023. [Online]. Available: https://www.ithome.com.tw/tech/152242
[12] NIST COMPUTER SECURITY RESOURCE CENTER, “mandatory access control (MAC) - Glossary | CSRC.” Accessed: Jun. 20, 2023. [Online]. Available: https://csrc.nist.gov/glossary/term/mandatory_access_control
[13] NIST COMPUTER SECURITY RESOURCE CENTER, “discretionary access control (DAC) - Glossary | CSRC.” Accessed: Jun. 20, 2023. [Online]. Available: https://csrc.nist.gov/glossary/term/discretionary_access_control
[14] “RBAC vs. ABAC: The Complete Guide,” Satori. Accessed: Jun. 19, 2023. [Online]. Available: https://satoricyber.com/data-protect-guide/rbac-vs-abac-the-complete-guide/
[15] NIST COMPUTER SECURITY RESOURCE CENTER, “Risk Adaptive (Adaptable) Access Control - Glossary | CSRC.” Accessed: Jun. 20, 2023. [Online]. Available: https://csrc.nist.gov/glossary/term/risk_adaptive_adaptable_access_control
[16] K. Baxter, C. Courage, and K. Caine, Understanding Your Users: A Practical Guide to User Research Methods. Amsterdam ; Boston, 2015.
[17] B. Shneiderman, C. Plaisant, M. Cohen, and S. Jacobs, Designing the User Interface: Strategies for Effective Human-Computer Interaction. Boston, 2009.
[18] T. Tullis and B. Albert, “Chapter 1 - Introduction,” in Measuring the User Experience (Second Edition), T. Tullis and B. Albert, Eds., in Interactive Technologies. , Boston: Morgan Kaufmann, 2013, pp. 1–14. doi: 10.1016/B978-0-12-415781-1.00001-7.
[19] T. Tullis and B. Albert, “Chapter 3 - Planning,” in Measuring the User Experience (Second Edition), T. Tullis and B. Albert, Eds., in Interactive Technologies. , Boston: Morgan Kaufmann, 2013, pp. 41–62. doi: 10.1016/B978-0-12-415781-1.00003-0.
[20] “ISO 9241-11:2018(en), Ergonomics of human-system interaction — Part 11: Usability: Definitions and concepts.” Accessed: Jun. 27, 2023. [Online]. Available: https://www.iso.org/obp/ui/#iso:std:iso:9241:-11:ed-2:v1:en
[21] J. Sauro and J. R. Lewis, “Chapter 2 - Quantifying User Research,” in Quantifying the User Experience, J. Sauro and J. R. Lewis, Eds., Boston: Morgan Kaufmann, 2012, pp. 9–18. doi: 10.1016/B978-0-12-384968-7.00002-3.
[22] Jakob Nielsen, “10 Usability Heuristics for User Interface Design.” Accessed: Jun. 18, 2023. [Online]. Available: https://www.nngroup.com/articles/ten-usability-heuristics/
[23] “eXtensible Access Control Markup Language (XACML) Version 3.0.” Accessed: Jun. 28, 2023. [Online]. Available: http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html#_Toc325047090
[24] “Policy Language,” Open Policy Agent. Accessed: Jun. 28, 2023. [Online]. Available: https://www.openpolicyagent.org/docs/latest/policy-language/
[25] R. K. Merton, “The Focussed Interview and Focus Groups: Continuities and Discontinuities,” Public Opin. Q., vol. 51, no. 4, pp. 550–566, 1987.
[26] R. A. Krueger and M. A. Casey, Focus Groups: A Practical Guide for Applied Research. Thousand Oaks, Calif, 2000.
[27] R. A. POWELL and H. M. SINGLE, “Focus Groups,” Int. J. Qual. Health Care, vol. 8, no. 5, pp. 499–504, Jan. 1996, doi: 10.1093/intqhc/8.5.499.
[28] “Material Design,” Material Design. Accessed: Jul. 06, 2023. [Online]. Available: https://m3.material.io/get-started
[29] T. Benson, “Digital innovation evaluation: user perceptions of innovation readiness, digital confidence, innovation adoption, user experience and behaviour change,” BMJ Health Care Inform., vol. 26, no. 1, p. e000018, Apr. 2019, doi: 10.1136/bmjhci-2019-000018.
[30] J. Nielsen and T. K. Landauer, “A mathematical model of the finding of usability problems,” in Proceedings of the INTERACT ’93 and CHI ’93 Conference on Human Factors in Computing Systems, in CHI ’93. New York, NY, USA: Association for Computing Machinery, Spring 1993, pp. 206–213. doi: 10.1145/169059.169166.
[31] Grigore, “What is a Good Net Promoter Score? (2023 NPS Benchmark),” Retently. Accessed: Jul. 18, 2023. [Online]. Available: https://www.retently.com/blog/good-net-promoter-score/