Michelle L. Mazurek
Richard Shay
Lujo Bauer
Lorrie Faith Cranor
ABSTRACT
As users store and share more digital content at home, access control becomes increasingly important. One promising approach for helping non-expert users create accurate access policies is reactive policy creation, in which users can update their policy dynamically in response to access requests that would not otherwise succeed. An earlier study suggested reactive policy creation might be a good fit for file access control at home. To test this, we conducted an experience-sampling study in which participants used a simulated reactive access-control system for a week. Our results bolster the case for reactive policy creation as one mode by which home users specify access-control policy. We found both quantitative and qualitative evidence of dynamic, situational policies that are hard to implement using traditional models but that reactive policy creation can facilitate. While we found some clear disadvantages to the reactive model, they do not seem insurmountable.
- M. S. Ackerman. The intellectual challenge of CSCW: the gap between social requirements and technical feasibility. Hum.-Comput. Inter., September 2000. Google Scholar
Digital Library
- S. Ahern, D. Eckles, N. S. Good, S. King, M. Naaman, and R. Nair. Over-exposed? privacy patterns and considerations in online and mobile photo sharing. In Proc. CHI, 2007. Google ScholarDigital Library
- L. Bauer, L. F. Cranor, M. K. Reiter, and K. Vaniea. Lessons learned from the deployment of a smartphone-based access-control system. In Proc. SOUPS, July 2007. Google ScholarDigital Library
- A. Brush and K. Inkpen. Yours, mine and ours? Sharing and use of technology in domestic environments. In Proc. UbiComp. 2007. Google ScholarDigital Library
- S. Consolvo, I. E. Smith, T. Matthews, A. LaMarca, J. Tabert, and P. Powledge. Location disclosure to social relations: why, when, & what people want to share. In Proc. CHI, 2005. Google ScholarDigital Library
- M. Csikszentmihalyi and R. Larson. Validity and reliability of the experience-sampling method. J Nerv Ment Dis, September 1987.Google Scholar
- S. Egelman, A. Brush, and K. Inkpen. Family accounts: A new paradigm for user accounts within the home environment. In Proc. CSCW, 2008. Google ScholarDigital Library
- B. W. Lampson. Dynamic protection structures. In Proc. AFIPS, 1969. Google ScholarDigital Library
- R. A. Maxion and R. W. Reeder. Improving user-interface dependability through mitigation of human error. Int. J. Hum.-Comput. Stud., 63, 2005. Google ScholarDigital Library
- M. L. Mazurek, J. P. Arsenault, J. Bresee, N. Gupta, I. Ion, C. Johns, D. Lee, Y. Liang, J. Olsen, B. Salmon, R. Shay, K. Vaniea, L. Bauer, L. F. Cranor, G. R. Ganger, and M. K. Reiter. Access control for home data sharing: Attitudes, needs and practices. In Proc. CHI, 2010. Google ScholarDigital Library
- J. S. Olson, J. Grudin, and E. Horvitz. A study of preferences for sharing and privacy. In Proc. CHI, 2005. Google ScholarDigital Library
- D. Povey. Optimistic security: A new access control paradigm. In Proc. NSPW, 2000. Google ScholarDigital Library
- M. N. Razavi and L. Iverson. A grounded theory of information sharing behavior in a personal learning space. In Proc. CSCW, 2006. Google ScholarDigital Library
- L. Richards. Handling Qualitative Data: A Practical Guide. Sage Publications, 2007.Google Scholar
- L. Richards and J. M. Morse. Readme First for a User's Guide to Qualitative Methods. Sage Publications, 2007.Google Scholar
- S. Voida, W. K. Edwards, M. W. Newman, R. E. Grinter, and N. Ducheneaut. Share and share alike: exploring the user interface affordances of file sharing. In Proc. CHI, 2006. Google ScholarDigital Library
Index Terms
- Exploring reactive access control
Recommendations
Access Control for Home Data Sharing: Attitudes, Needs and Practices
CHI '10: Proceedings of the SIGCHI Conference on Human Factors in Computing SystemsAs digital content becomes more prevalent in the home, non-technical users are increasingly interested in sharing that content with others and accessing it from multiple devices. Not much is known about how these users think about controlling access to ...
Exploring reactive access control
CHI EA '10: CHI '10 Extended Abstracts on Human Factors in Computing SystemsAs users store and share more digital content at home, effective access control becomes increasingly important. One promising mechanism for helping non-expert users create accurate access policies is reactive policy creation, in which users can update ...
Privacy Preserving Access Control Policy and Algorithms for Conflicting Problems
TRUSTCOM '11: Proceedings of the 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and CommunicationsThis paper proposes a framework for privacy preserving access control policies and mechanisms, and describes algorithms for access policy conflicting problems. The mechanism enforces access policy to data containing personally identifiable information. ...
Comments