Association for Computing Machinery
Access control is an area where one size does not t all. However, previous paper in access control has focused solely on expressiveness as an absolute measure. Thus, the authors discuss and justify the need for a new type of evaluation framework for access control, one that is application-aware. To this end, they apply previous paper in access control evaluation, as well as lessons learned from evaluation frameworks used in other domains. They describe the analysis components required by such a framework, the challenges involved in building it, and their preliminary work in realizing this ambitious goal.