Best answer: Several tips here. First I'd suggest getting the book Security and Usability.

Lorrie Cranor (one of the co-authors of the above book) and I have also taught a course on Usable Privacy and Security, the slides are all online.

I'd also recommend this paper by one of our PhD students, Rob Reeder, looking at the Windows XP access control user interface (and why it's broken). Reeder, R.W. and Maxion, R.A. User Interface Dependability through Goal-Error Prevention. Presented at International Conference on Dependable Systems and Networks (DSN'05) (Yokohama, Japan, June 28 - July 1, 2005). 2005.

You should also consider whether you want to have positive rules only (allow x, allow y), or negative rules only (do not allow x, do not allow y). A mix of the two can allow possible conflicts to occur.

There are also issues of mandatory access control (typically centrally controlled) vs discretionary (where end-users can also specify policies); role-based access control (do a Google search on RBAC); and optimistic vs pessimistic access control. For this last issue, it's basically do you think that people accessing the system are generally trustworthy and you only need to detect and then fix abuses after the case (optimistic), or do you need to prevent abuses and hence state rules up front (pessimistic).
posted by jasonhong at 8:14 AM on January 17, 2008