| |
User Controllable Security and Privacy | |||
|
Overview We believe it is important that new user interfaces be developed to effectively and efficiently support lay users in understanding and managing security and privacy policies – their own as well as those implemented by systems and individuals with whom they interact. Solutions in this area have traditionally taken a relatively narrow view of the problem by limiting the expressiveness of policy languages or the number of options available in templates, restricting some decisions to specific roles within the enterprise, etc. As systems grow more pervasive and more complex, and as demands for increasing flexibility and delegation continue to grow, it is imperative to take a more fundamental view that weaves together issues of security, privacy and usability to:
The objective of this project is to develop new interfaces that combine user-centered design principles with dialog, explanation and learning technologies to assist users in specifying and refining policies. This involves developing policy authoring tools for a growing collection of pervasive computing applications and evaluating the effectiveness of these tools with users in longitudinal studies. Evaluation metrics look at both accuracy and overall user acceptance, including user burden. Users should feel that they have adequate control over the behavior of the applications they interact with. |
||||
|
||||
|
Mobile and pervasive computing applications, such as mobile social software that enables users to share their locations with others, are raising a number of challenging security and privacy issues. Get a glimpse of emerging policy issues in this space as they were discussed at the "Location Meets Social Networking: A Wireless Policy and Practices Dialogue" meeting recently organized by the Advisory Committee to the Congressional Internet Caucus, including a video of our own presentation. |
||||
|
||||
| Partnership
Opportunities We are looking for companies interested in partnering with us in our research or in licensing our technology. For further details, please contact Norman M. Sadeh |
||||
|
1. Jason Cornwell, Ian Fette, Gary Hsieh, Madhu Prabaker, Jinghai Rao, Karen Tang, Kami Vaniea, Lujo Bauer, Lorrie Cranor, Jason Hong, Bruce McLaren, Mike Reiter, Norman Sadeh, "User-Controllable Security and Privacy for Pervasive Computing", Proceedings of the 8th IEEE Workshop on Mobile Computing Systems and Applications (HotMobile 2007), February 2007. 2.Lujo Bauer, Lorrie Cranor, Robert W. Reeder, Michael K. Reiter, Kami Vaniea, "Comparing Access-Control Technologies: A Study of Keys and Smartphones", CMU-CyLab-07-005, February, 2007.
4. L. Bauer, L. F. Cranor, M. K. Reiter, and K. Vaniea. Lessons Learned from the Deployment of a Smartphone-Based Access-Control System. In Proceedings of the 2007 Symposium On Usable Privacy and Security, Pittsburgh, PA, July 18-20, 2007. 5. L. Bauer, L.F. Cranor, R.W. Reeder, M.K. Reiter, and K. Vaniea. A User Study of Policy Creation in a Flexible Access-Control System. ACM SIGCHI Conference on Human Factors in Computing Systems (CHI '08). 6. R. W. Reeder, L. Bauer, L.F. Cranor, M.K. Reiter, K. Bacon, K. How, and H. Strong. Expandable Grids for Visualizing and Authoring Computer Security Policies. ACM SIGCHI Conference on Human Factors in Computing Systems (CHI '08). 2008. |
||||
| Sponsors
US National Science Foundation (Cyber Trust initiative), ARO/CyLab, IBM, France Telecom, and Nokia. |
||||
| Project Openings
This project has openings for graduate and undergraduate students as well as for a (senior) research programmer and a postdoctoral candidate |