Usable security for digital home storage
We are exploring architecture, mechanisms, and interfaces for making access control usable by laypeople faced with increasing reliance on data created, stored, and accessed via home and personal consumer electronics. Digital content is becoming common in the home, as new content is created in digital form and people digitize existing content (e.g., photographs and personal records). Interesting and fun new devices make creating digital content easier and interacting with it much more flexible than ever before. The transition to digital homes is exciting, but brings many challenges. Perhaps the biggest challenge is dealing with access control. Users want to be able to access their content easily from any of their devices, including shared devices (e.g., the family DVR), and yet they also want to be able to restrict access to certain data among household members and visitors. They also want to be able to share data (e.g., photographs) selectively with friends and family outside their home. Unfortunately, studies repeatedly show that computer users have trouble specifying access-control policies. Worse, we are now injecting the need to do so into an environment with users who are much less technically experienced and notoriously impatient with complex interfaces. Without a holistic, usable approach to access control management, adoption of new technology in the home will be slowed and there will be no effective data security once the transition inevitably occurs. This project builds on the Perspective data management system developed by CMU's Parallel Data Lab.
P. Klemperer, Y. Liang, M. Mazurek, M. Sleeper, B. Ur, L. Bauer, L.F. Cranor, N. Gupta, and M. Reiter. Tag, You Can See It! Using Tags for Access Control in Photo Sharing. CHI 2012.
M. Mazurek, J.P. Arsenault, J. Bresee, N. Gupta, I. Ion, C. Johns, D. Lee, Y. Liang, J. Olsen, B. Salmon, R. Shay, K. Vaniea, L. Bauer, L.F. Cranor, G.R. Ganger, and M.K. Reiter. Access Control for Home Data Sharing: Attitudes, Needs and Practices. CHI 2010.
Perspective: Semantic Data Management for the Home. Brandon Salmon, Steven W. Schlosser, Lorrie Faith Cranor, Gregory R. Ganger. 7th USENIX Conference on File and Storage Technologies (FAST '09). February 23-27, 2009, San Francisco, CA.
S. Egelman, A.J. Brush, and K. Inkpen. Family Accounts: A new paradigm for user accounts within the home environment. CSCW '08: Proceedings of the 2008 conference on Computer Supported Cooperative Work. 2008.