What Users Want: Adapting Qualitative Research Methods to Security Policy Elicitation [chapter]

Vivien M. Rooney, Simon N. Foley
2017 Lecture Notes in Computer Science  
Recognising that the codes uncovered during a Grounded Theory analysis of semi-structured interview data can be interpreted as policy attributes, this paper describes how a Qualitative Research-based methodology can be extended to elicit Attribute Based Access Control style policies. In this methodology, user-participants are interviewed, and machine-learning is used to build a Bayesian Network based policy from the subsequent (Grounded Theory) analysis of the interview data.
doi:10.1007/978-3-319-72817-9_15 fatcat:5kzgenfucveh3jcgtenooauub4