SlideShare a Scribd company logo

User-Controllable Security and Privacy for Pervasive Computing, at Hotmobile2007

Download as PPT, PDF
Jason Hong
Jason Hong

We describe our current work in developing novel mechanisms for managing security and privacy in pervasive computing environments. More specifically, we have developed and evaluated three different applications, including a contextual instant messenger, a people finder application, and a phone-based application for access control. We also draw out some themes we have learned thus far for user-controllable security and privacy.

Technology
1 of 22
User-Controllable Security and Privacy forPervasive Computing http://www.cs.cmu.edu/~sadeh/user_controllable_security_and_privacy.htm © Ian Fette 2007, All Rights Reserved User-Controllable Security andUser-Controllable Security and Privacy for Pervasive ComputingPrivacy for Pervasive Computing Jason Cornwell,Jason Cornwell, Ian FetteIan Fette, Gary Hsieh, Madhu Prabaker,, Gary Hsieh, Madhu Prabaker, Jinghai Rao, Karen Tang, Kami Vaniea, Lujo Bauer, LorrieJinghai Rao, Karen Tang, Kami Vaniea, Lujo Bauer, Lorrie Cranor, Jason Hong, Bruce McLaren, Mike Reiter, NormanCranor, Jason Hong, Bruce McLaren, Mike Reiter, Norman SadehSadeh February 26, 2007 icf@cs.cmu.edu
• School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 2 What’s wrong?What’s wrong?
• School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 3 Even worse…Even worse…
• School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 4 The ProblemThe Problem  Mobile devices are becoming integrated intoMobile devices are becoming integrated into everyday lifeeveryday life  Mobile communications  Sharing location information with others  Remote access to home  Mobile e-commerce  Managing Security and privacy policies is hardManaging Security and privacy policies is hard  Preferences hard to articulate  Policies hard to specify  Limited input and output  Leads to new sources of vulnerability andLeads to new sources of vulnerability and frustrationfrustration
• School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 5 The ObjectiveThe Objective  ObjectiveObjective  Develop and validate techniques to empower end-users to manage their policies  Evaluate tradeoffs between expressiveness, tolerance for errors, burden on users and overall user acceptance  Understand how much we can realistically hope to delegate to users – business and policy implications  Large multi-disciplinary team and projectLarge multi-disciplinary team and project  Six faculty, 1.5 postdocs, 10 graduate students  Roughly 1.5 years into project
• School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 6 OverviewOverview  MotivationMotivation  Domains we’re InvestigatingDomains we’re Investigating  Contextual Instant Messaging  Access Control of Resources with Grey  People Finder  Problems We’re Looking At  Prior Studies in Lab  Difficulty of Specifying Preferences  Ability to Learn Preferences  Current Work  Field Deployment and Study  More Comprehensive Rule Specification Mechanism  Conclusions
• School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 7 Contextual Instant MessagingContextual Instant Messaging  Facilitate coordination and communication byFacilitate coordination and communication by letting people request contextual information vialetting people request contextual information via IMIM  Interruptibility (via SUBTLE toolkit)  Location (via Place Lab wifi positioning)  Active window  Developed a custom client and robot on top ofDeveloped a custom client and robot on top of AIMAIM  Client (Trillian plugin) captures and sends context to robot  People can query imbuddy411 robot for info  “howbusyis username”  Robot also contains privacy rules governing disclosure
• School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 8 Contextual Instant Messaging (2)Contextual Instant Messaging (2)
• School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 9 Access Control of Resources withAccess Control of Resources with GreyGrey Distributed smartphone-basedDistributed smartphone-based access control systemaccess control system  physical resources like office doors, computers, and coke machines  electronic ones like computer accounts and electronic files  currently only physical doors  Proofs assembled fromProofs assembled from credentialscredentials  No central access control list  End-users can create flexible policies
• School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 10 People FinderPeople Finder  Allow users to request eachAllow users to request each others’ locationothers’ location  Useful for meeting up  Checking up on someone  Involves…Involves…  Eliciting users’ privacy preferences  Allowing users to audit the incoming request history  Attempting to learn users’ preferences automatically  Making “smart” suggestions to users for how to fix problems  … and lots of behind-the-scenes work
• School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 11 People Finder (2)People Finder (2)  Problems we’re investigating:Problems we’re investigating:  How to allow users to specify rules  What to include in rules  Time  Date  Person / Group  Location  Calendar Activities  Anything else…  As an example, how to specify locations in rules?  Minimum Bounding Rectangles?  Labeled Spaces  … or more complex ontologies (“in a bar”, “at home”, “at a colleague’s house”…  …yet more expressiveness may not necessarily increase user’s sense of control and satisfaction.
• School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 12 People Finder (3)People Finder (3)  Current SystemCurrent System
• School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 13 People Finder (4)People Finder (4) • Results so far (lab study) – Users take a long time to specify rules – Users take a long time to revise rules 0 170 340 510 680 850 U ser2 U ser4 U ser6 U ser8 U ser10 U ser12 U ser14 Rule Creation Time Rule Revision Time Mean (sec) Standard Deviation (sec) Rule Creation 321.53 206.10 Rule Maintenance 101.15 110.02 Total 422.69 213.48
• School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 14 People Finder (5)People Finder (5)  …… and yet, even after spending all this time,and yet, even after spending all this time, users are still unable to craft policies thatusers are still unable to craft policies that completely express their intent…completely express their intent…  ……but there’s hope, as we seem to be able to do abut there’s hope, as we seem to be able to do a good job at learning preferences based on auditgood job at learning preferences based on audit historyhistory 0.0 7.5 15.0 22.5 30.0 U ser2U ser3U ser4U ser5U ser6U ser7U ser8U ser9U ser10U ser11U ser12U ser13U ser14 Original Rules Modified Rules (in-study) Modified Rules (post-study) Case-Based Reasoner 61 67 72 82 0 20 40 60 80 100 O riginalRules M odified Rules (in-study) M odified Rules (post-study)C ase-Based R easoner % Correct Disclosures
• School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 15 People Finder (6)People Finder (6)  Current WorkCurrent Work  Field Deployment and Study  Giving out cell phones to users  Observing the rule-creation behavior  Analyzing accuracy of rules, and attempting to use machine learning to do better than the users’ own rules  More Comprehensive Rule Specification Mechanism  Allow users to create hierarchal groups  Allow location to be a part of rule specification
• School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 16 People Finder (7)People Finder (7)  Current SystemCurrent System
• School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 17 People Finder (8)People Finder (8)
• School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 18 People Finder (9)People Finder (9)
• School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 19 People Finder (10)People Finder (10)  Future Work:Future Work:  Better visualization of policies  Better explanation of options to correct policies  Utilization of additional semantic information  Calendaring  Directory services  Location services
• School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 20 USABLE POLICY AUTHORING: A PEOPLE FINDER EXAMPLEUSABLE POLICY AUTHORING: A PEOPLE FINDER EXAMPLE Scenario Illustration New Technology Policy Creation Policy Enforcement Policy Auditing & Refinement My colleagues can see my location on weekdays between 8am and 5pm Jane Time Jane is in Oakland but I can’t access Eric’s location Jane and Eric are late for our meeting. Show me where they are! Bob’s Phone Bob Why couldn’t Bob see where I was? Bob is a colleague. So far only your friends can see where you are Eric Step What if my colleagues could see my location too?Eric In the past you denied access to your colleague Steve OK, make it just my superiors Policy Visualization Policy Enforcing Engines Explanation Dialog Learning from the past
• School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 21 ConclusionsConclusions  Traditional security paradigms do not directly translate to mobile andTraditional security paradigms do not directly translate to mobile and pervasive computingpervasive computing  Users are responsible for increasing number of policies, and needUsers are responsible for increasing number of policies, and need help to express their desireshelp to express their desires  Machine learning can be a part of helping users craft better policiesMachine learning can be a part of helping users craft better policies  Explanation technologies will be key to helping users understandExplanation technologies will be key to helping users understand problems and their solutionsproblems and their solutions  There is a tradeoff between expressiveness of policies and both theThere is a tradeoff between expressiveness of policies and both the ability of users to create these policies, and the accuracy of theability of users to create these policies, and the accuracy of the created policies, which must be further exploredcreated policies, which must be further explored  Better interfaces, combined with learning and explanation support,Better interfaces, combined with learning and explanation support, may alter the expressiveness-cost,accuracy tradeoffmay alter the expressiveness-cost,accuracy tradeoff
• School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 22 AcknowledgementsAcknowledgements  Thanks to the members of the team:Thanks to the members of the team:  Jason Cornwell, Ian Fette, Gary Hsieh, Madhu Prabaker, Jinghai Rao, Karen Tang, Kami Vaniea,Lujo Bauer, Lorrie Cranor, Jason Hong, Bruce McLaren, Mike Reiter, Norman Sadeh* *my advisor  Special thanks to Jason Hong and Norman Sadeh forSpecial thanks to Jason Hong and Norman Sadeh for sharing some of their slidessharing some of their slides  …… and to our sponsors.and to our sponsors.  This work is supported by NSF Cyber Trust grant CNS-0627513, NSF grant CNS-0433540, and ARO research grant DAAD19-02- 1-0389 to Carnegie Mellon University's CyLab. Contact: Ian Fette or Norman Sadeh (icf,sadeh)@cs.cmu.edu Carnegie Mellon University, School of Computer Science 5000 Forbes Ave, Pittsburgh PA 15213

Recommended

Printertainment, at CHI 1999
Printertainment, at CHI 1999Printertainment, at CHI 1999
Printertainment, at CHI 1999
Jason Hong
 
CANTINA: A Content-Based Approach to Detecting Phishing Web Sites, at WWW2007
CANTINA: A Content-Based Approach to Detecting Phishing Web Sites, at WWW2007CANTINA: A Content-Based Approach to Detecting Phishing Web Sites, at WWW2007
CANTINA: A Content-Based Approach to Detecting Phishing Web Sites, at WWW2007
Jason Hong
 
Usable Privacy and Security: A Grand Challenge for HCI, Human Computer Inter...
Usable Privacy and Security: A Grand Challenge for HCI, Human Computer Inter...Usable Privacy and Security: A Grand Challenge for HCI, Human Computer Inter...
Usable Privacy and Security: A Grand Challenge for HCI, Human Computer Inter...
Jason Hong
 
Using Text Mining to Infer the Purpose of Permission Use in Mobile Apps
Using Text Mining to Infer the Purpose of Permission Use in Mobile AppsUsing Text Mining to Infer the Purpose of Permission Use in Mobile Apps
Using Text Mining to Infer the Purpose of Permission Use in Mobile Apps
Jason Hong
 
Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...
Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...
Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...
Jason Hong
 
Social Cybersecurity, at Google Security Summit March 2015
Social Cybersecurity, at Google Security Summit March 2015Social Cybersecurity, at Google Security Summit March 2015
Social Cybersecurity, at Google Security Summit March 2015
Jason Hong
 
Siren: Context-aware Computing for Firefighting, at Pervasive2004
Siren: Context-aware Computing for Firefighting, at Pervasive2004Siren: Context-aware Computing for Firefighting, at Pervasive2004
Siren: Context-aware Computing for Firefighting, at Pervasive2004
Jason Hong
 
Intelligent Agents for Helping Humanity Reach Its Full Potential
Intelligent Agents for Helping Humanity Reach Its Full PotentialIntelligent Agents for Helping Humanity Reach Its Full Potential
Intelligent Agents for Helping Humanity Reach Its Full Potential
Jason Hong
 

Recommended

Printertainment, at CHI 1999
Printertainment, at CHI 1999Printertainment, at CHI 1999
Printertainment, at CHI 1999
Jason Hong
 
CANTINA: A Content-Based Approach to Detecting Phishing Web Sites, at WWW2007
CANTINA: A Content-Based Approach to Detecting Phishing Web Sites, at WWW2007CANTINA: A Content-Based Approach to Detecting Phishing Web Sites, at WWW2007
CANTINA: A Content-Based Approach to Detecting Phishing Web Sites, at WWW2007
Jason Hong
 
Usable Privacy and Security: A Grand Challenge for HCI, Human Computer Inter...
Usable Privacy and Security: A Grand Challenge for HCI, Human Computer Inter...Usable Privacy and Security: A Grand Challenge for HCI, Human Computer Inter...
Usable Privacy and Security: A Grand Challenge for HCI, Human Computer Inter...
Jason Hong
 
Using Text Mining to Infer the Purpose of Permission Use in Mobile Apps
Using Text Mining to Infer the Purpose of Permission Use in Mobile AppsUsing Text Mining to Infer the Purpose of Permission Use in Mobile Apps
Using Text Mining to Infer the Purpose of Permission Use in Mobile Apps
Jason Hong
 
Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...
Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...
Knock x Knock: The Design and Evaluation of a Unified Authentication Manageme...
Jason Hong
 
Social Cybersecurity, at Google Security Summit March 2015
Social Cybersecurity, at Google Security Summit March 2015Social Cybersecurity, at Google Security Summit March 2015
Social Cybersecurity, at Google Security Summit March 2015
Jason Hong
 
Siren: Context-aware Computing for Firefighting, at Pervasive2004
Siren: Context-aware Computing for Firefighting, at Pervasive2004Siren: Context-aware Computing for Firefighting, at Pervasive2004
Siren: Context-aware Computing for Firefighting, at Pervasive2004
Jason Hong
 
Intelligent Agents for Helping Humanity Reach Its Full Potential
Intelligent Agents for Helping Humanity Reach Its Full PotentialIntelligent Agents for Helping Humanity Reach Its Full Potential
Intelligent Agents for Helping Humanity Reach Its Full Potential
Jason Hong
 
A Study of Firefighting in the Coming Age of Ubiquitous Computing, 2002
A Study of Firefighting in the Coming Age of Ubiquitous Computing, 2002A Study of Firefighting in the Coming Age of Ubiquitous Computing, 2002
A Study of Firefighting in the Coming Age of Ubiquitous Computing, 2002
Jason Hong
 
Making Mashups with Marmite, at CHI 2007
Making Mashups with Marmite, at CHI 2007Making Mashups with Marmite, at CHI 2007
Making Mashups with Marmite, at CHI 2007
Jason Hong
 
PrivacyGrade and Social Cybersecurity, talk at FTC July 2015
PrivacyGrade and Social Cybersecurity, talk at FTC July 2015PrivacyGrade and Social Cybersecurity, talk at FTC July 2015
PrivacyGrade and Social Cybersecurity, talk at FTC July 2015
Jason Hong
 
The Role of Social Influence In Security Feature Adoption, at CSCW 2015
The Role of Social Influence In Security Feature Adoption, at CSCW 2015The Role of Social Influence In Security Feature Adoption, at CSCW 2015
The Role of Social Influence In Security Feature Adoption, at CSCW 2015
Jason Hong
 
Privacy, Ethics, and Big (Smartphone) Data, Keynote talk at ICISSP 2016
Privacy, Ethics, and Big (Smartphone) Data, Keynote talk at ICISSP 2016Privacy, Ethics, and Big (Smartphone) Data, Keynote talk at ICISSP 2016
Privacy, Ethics, and Big (Smartphone) Data, Keynote talk at ICISSP 2016
Jason Hong
 
Social Cybersecurity , or, A Computer Scientist's View of HCI and Theory, at ...
Social Cybersecurity , or, A Computer Scientist's View of HCI and Theory, at ...Social Cybersecurity , or, A Computer Scientist's View of HCI and Theory, at ...
Social Cybersecurity , or, A Computer Scientist's View of HCI and Theory, at ...
Jason Hong
 
Big Data for Privacy, at NSF Workshop on Big Data and Privacy, April 2015
Big Data for Privacy, at NSF Workshop on Big Data and Privacy, April 2015Big Data for Privacy, at NSF Workshop on Big Data and Privacy, April 2015
Big Data for Privacy, at NSF Workshop on Big Data and Privacy, April 2015
Jason Hong
 
Making Sense of Cyberspace, keynote for Software Engineering Institute Cyber ...
Making Sense of Cyberspace, keynote for Software Engineering Institute Cyber ...Making Sense of Cyberspace, keynote for Software Engineering Institute Cyber ...
Making Sense of Cyberspace, keynote for Software Engineering Institute Cyber ...Jason Hong
 
Towards a (united) federation of Bioinformatics resources
Towards a (united) federation of Bioinformatics resourcesTowards a (united) federation of Bioinformatics resources
Towards a (united) federation of Bioinformatics resources
Matthew Vaughn
 
Fsci 2018 wednesday1_august_am6
Fsci 2018 wednesday1_august_am6Fsci 2018 wednesday1_august_am6
Fsci 2018 wednesday1_august_am6
ARDC
 
Current and future challenges in data science
Current and future challenges in data scienceCurrent and future challenges in data science
Current and future challenges in data science
Nathaniel Shimoni
 
Bigger data as better data an exploration in the context of distance educatio...
Bigger data as better data an exploration in the context of distance educatio...Bigger data as better data an exploration in the context of distance educatio...
Bigger data as better data an exploration in the context of distance educatio...
Elizabeth Archer
 
Research Data Management: Policy Development
Research Data Management: Policy DevelopmentResearch Data Management: Policy Development
Research Data Management: Policy Development
Robin Rice
 
Usability test report for inno venture
Usability test report for inno ventureUsability test report for inno venture
Usability test report for inno ventureBrian Gaines
 
Nonprofit Data: What to Visualize
Nonprofit Data: What to VisualizeNonprofit Data: What to Visualize
Nonprofit Data: What to Visualize
Forum One
 
Web crawlingchapter
Web crawlingchapterWeb crawlingchapter
Web crawlingchapter
Borseshweta
 
Holmes "Institutional Infrastructure for Data Sharing"
Holmes "Institutional Infrastructure for Data Sharing"Holmes "Institutional Infrastructure for Data Sharing"
Holmes "Institutional Infrastructure for Data Sharing"
National Information Standards Organization (NISO)
 
Management and assessment-1
Management and assessment-1Management and assessment-1
Management and assessment-1Jamie Baker
 
FeduShare TechEx15
FeduShare TechEx15FeduShare TechEx15
FeduShare TechEx15
jbasney
 
Using technology to enhance classroom learning
Using technology to enhance classroom learningUsing technology to enhance classroom learning
Using technology to enhance classroom learningrachelt0626
 
Usability Studies for Public Libraries
Usability Studies for Public LibrariesUsability Studies for Public Libraries
Usability Studies for Public Libraries
ericareynolds1020
 
20190221 Data subject rights in practice
20190221 Data subject rights in practice20190221 Data subject rights in practice
20190221 Data subject rights in practice
Brussels Legal Hackers
 

More Related Content

Viewers also liked

A Study of Firefighting in the Coming Age of Ubiquitous Computing, 2002
A Study of Firefighting in the Coming Age of Ubiquitous Computing, 2002A Study of Firefighting in the Coming Age of Ubiquitous Computing, 2002
A Study of Firefighting in the Coming Age of Ubiquitous Computing, 2002
Jason Hong
 
Making Mashups with Marmite, at CHI 2007
Making Mashups with Marmite, at CHI 2007Making Mashups with Marmite, at CHI 2007
Making Mashups with Marmite, at CHI 2007
Jason Hong
 
PrivacyGrade and Social Cybersecurity, talk at FTC July 2015
PrivacyGrade and Social Cybersecurity, talk at FTC July 2015PrivacyGrade and Social Cybersecurity, talk at FTC July 2015
PrivacyGrade and Social Cybersecurity, talk at FTC July 2015
Jason Hong
 
The Role of Social Influence In Security Feature Adoption, at CSCW 2015
The Role of Social Influence In Security Feature Adoption, at CSCW 2015The Role of Social Influence In Security Feature Adoption, at CSCW 2015
The Role of Social Influence In Security Feature Adoption, at CSCW 2015
Jason Hong
 
Privacy, Ethics, and Big (Smartphone) Data, Keynote talk at ICISSP 2016
Privacy, Ethics, and Big (Smartphone) Data, Keynote talk at ICISSP 2016Privacy, Ethics, and Big (Smartphone) Data, Keynote talk at ICISSP 2016
Privacy, Ethics, and Big (Smartphone) Data, Keynote talk at ICISSP 2016
Jason Hong
 
Social Cybersecurity , or, A Computer Scientist's View of HCI and Theory, at ...
Social Cybersecurity , or, A Computer Scientist's View of HCI and Theory, at ...Social Cybersecurity , or, A Computer Scientist's View of HCI and Theory, at ...
Social Cybersecurity , or, A Computer Scientist's View of HCI and Theory, at ...
Jason Hong
 
Big Data for Privacy, at NSF Workshop on Big Data and Privacy, April 2015
Big Data for Privacy, at NSF Workshop on Big Data and Privacy, April 2015Big Data for Privacy, at NSF Workshop on Big Data and Privacy, April 2015
Big Data for Privacy, at NSF Workshop on Big Data and Privacy, April 2015
Jason Hong
 
Making Sense of Cyberspace, keynote for Software Engineering Institute Cyber ...
Making Sense of Cyberspace, keynote for Software Engineering Institute Cyber ...Making Sense of Cyberspace, keynote for Software Engineering Institute Cyber ...
Making Sense of Cyberspace, keynote for Software Engineering Institute Cyber ...Jason Hong
 

Viewers also liked (8)

A Study of Firefighting in the Coming Age of Ubiquitous Computing, 2002
A Study of Firefighting in the Coming Age of Ubiquitous Computing, 2002A Study of Firefighting in the Coming Age of Ubiquitous Computing, 2002
A Study of Firefighting in the Coming Age of Ubiquitous Computing, 2002
 
Making Mashups with Marmite, at CHI 2007
Making Mashups with Marmite, at CHI 2007Making Mashups with Marmite, at CHI 2007
Making Mashups with Marmite, at CHI 2007
 
PrivacyGrade and Social Cybersecurity, talk at FTC July 2015
PrivacyGrade and Social Cybersecurity, talk at FTC July 2015PrivacyGrade and Social Cybersecurity, talk at FTC July 2015
PrivacyGrade and Social Cybersecurity, talk at FTC July 2015
 
The Role of Social Influence In Security Feature Adoption, at CSCW 2015
The Role of Social Influence In Security Feature Adoption, at CSCW 2015The Role of Social Influence In Security Feature Adoption, at CSCW 2015
The Role of Social Influence In Security Feature Adoption, at CSCW 2015
 
Privacy, Ethics, and Big (Smartphone) Data, Keynote talk at ICISSP 2016
Privacy, Ethics, and Big (Smartphone) Data, Keynote talk at ICISSP 2016Privacy, Ethics, and Big (Smartphone) Data, Keynote talk at ICISSP 2016
Privacy, Ethics, and Big (Smartphone) Data, Keynote talk at ICISSP 2016
 
Social Cybersecurity , or, A Computer Scientist's View of HCI and Theory, at ...
Social Cybersecurity , or, A Computer Scientist's View of HCI and Theory, at ...Social Cybersecurity , or, A Computer Scientist's View of HCI and Theory, at ...
Social Cybersecurity , or, A Computer Scientist's View of HCI and Theory, at ...
 
Big Data for Privacy, at NSF Workshop on Big Data and Privacy, April 2015
Big Data for Privacy, at NSF Workshop on Big Data and Privacy, April 2015Big Data for Privacy, at NSF Workshop on Big Data and Privacy, April 2015
Big Data for Privacy, at NSF Workshop on Big Data and Privacy, April 2015
 
Making Sense of Cyberspace, keynote for Software Engineering Institute Cyber ...
Making Sense of Cyberspace, keynote for Software Engineering Institute Cyber ...Making Sense of Cyberspace, keynote for Software Engineering Institute Cyber ...
Making Sense of Cyberspace, keynote for Software Engineering Institute Cyber ...
 

Similar to User-Controllable Security and Privacy for Pervasive Computing, at Hotmobile2007

Towards a (united) federation of Bioinformatics resources
Towards a (united) federation of Bioinformatics resourcesTowards a (united) federation of Bioinformatics resources
Towards a (united) federation of Bioinformatics resources
Matthew Vaughn
 
Fsci 2018 wednesday1_august_am6
Fsci 2018 wednesday1_august_am6Fsci 2018 wednesday1_august_am6
Fsci 2018 wednesday1_august_am6
ARDC
 
Current and future challenges in data science
Current and future challenges in data scienceCurrent and future challenges in data science
Current and future challenges in data science
Nathaniel Shimoni
 
Bigger data as better data an exploration in the context of distance educatio...
Bigger data as better data an exploration in the context of distance educatio...Bigger data as better data an exploration in the context of distance educatio...
Bigger data as better data an exploration in the context of distance educatio...
Elizabeth Archer
 
Research Data Management: Policy Development
Research Data Management: Policy DevelopmentResearch Data Management: Policy Development
Research Data Management: Policy Development
Robin Rice
 
Usability test report for inno venture
Usability test report for inno ventureUsability test report for inno venture
Usability test report for inno ventureBrian Gaines
 
Nonprofit Data: What to Visualize
Nonprofit Data: What to VisualizeNonprofit Data: What to Visualize
Nonprofit Data: What to Visualize
Forum One
 
Web crawlingchapter
Web crawlingchapterWeb crawlingchapter
Web crawlingchapter
Borseshweta
 
Holmes "Institutional Infrastructure for Data Sharing"
Holmes "Institutional Infrastructure for Data Sharing"Holmes "Institutional Infrastructure for Data Sharing"
Holmes "Institutional Infrastructure for Data Sharing"
National Information Standards Organization (NISO)
 
Management and assessment-1
Management and assessment-1Management and assessment-1
Management and assessment-1Jamie Baker
 
FeduShare TechEx15
FeduShare TechEx15FeduShare TechEx15
FeduShare TechEx15
jbasney
 
Using technology to enhance classroom learning
Using technology to enhance classroom learningUsing technology to enhance classroom learning
Using technology to enhance classroom learningrachelt0626
 
Usability Studies for Public Libraries
Usability Studies for Public LibrariesUsability Studies for Public Libraries
Usability Studies for Public Libraries
ericareynolds1020
 
20190221 Data subject rights in practice
20190221 Data subject rights in practice20190221 Data subject rights in practice
20190221 Data subject rights in practice
Brussels Legal Hackers
 
IETC 2011-Making Information Work-Applying competency standards to improve te...
IETC 2011-Making Information Work-Applying competency standards to improve te...IETC 2011-Making Information Work-Applying competency standards to improve te...
IETC 2011-Making Information Work-Applying competency standards to improve te...Western Illinois University
 
Public Health Executives Association Site Visit at Ramathibodi (February 6, 2...
Public Health Executives Association Site Visit at Ramathibodi (February 6, 2...Public Health Executives Association Site Visit at Ramathibodi (February 6, 2...
Public Health Executives Association Site Visit at Ramathibodi (February 6, 2...
Nawanan Theera-Ampornpunt
 
Data Management and Horizon 2020
Data Management and Horizon 2020Data Management and Horizon 2020
Data Management and Horizon 2020
Sarah Jones
 
Voice Primer Labs Use It and Teach It.pptx
Voice Primer Labs Use It and Teach It.pptxVoice Primer Labs Use It and Teach It.pptx
Voice Primer Labs Use It and Teach It.pptx
acaldere
 
Data and communication of research: incentives and disincentives
Data and communication of research: incentives and disincentivesData and communication of research: incentives and disincentives
Data and communication of research: incentives and disincentives
Academy of Science of South Africa (ASSAf)
 
Healthcare CIO10 Site Visit at Ramathibodi Hospital (February 12, 2020)
Healthcare CIO10 Site Visit at Ramathibodi Hospital (February 12, 2020)Healthcare CIO10 Site Visit at Ramathibodi Hospital (February 12, 2020)
Healthcare CIO10 Site Visit at Ramathibodi Hospital (February 12, 2020)
Nawanan Theera-Ampornpunt
 

Similar to User-Controllable Security and Privacy for Pervasive Computing, at Hotmobile2007 (20)

Towards a (united) federation of Bioinformatics resources
Towards a (united) federation of Bioinformatics resourcesTowards a (united) federation of Bioinformatics resources
Towards a (united) federation of Bioinformatics resources
 
Fsci 2018 wednesday1_august_am6
Fsci 2018 wednesday1_august_am6Fsci 2018 wednesday1_august_am6
Fsci 2018 wednesday1_august_am6
 
Current and future challenges in data science
Current and future challenges in data scienceCurrent and future challenges in data science
Current and future challenges in data science
 
Bigger data as better data an exploration in the context of distance educatio...
Bigger data as better data an exploration in the context of distance educatio...Bigger data as better data an exploration in the context of distance educatio...
Bigger data as better data an exploration in the context of distance educatio...
 
Research Data Management: Policy Development
Research Data Management: Policy DevelopmentResearch Data Management: Policy Development
Research Data Management: Policy Development
 
Usability test report for inno venture
Usability test report for inno ventureUsability test report for inno venture
Usability test report for inno venture
 
Nonprofit Data: What to Visualize
Nonprofit Data: What to VisualizeNonprofit Data: What to Visualize
Nonprofit Data: What to Visualize
 
Web crawlingchapter
Web crawlingchapterWeb crawlingchapter
Web crawlingchapter
 
Holmes "Institutional Infrastructure for Data Sharing"
Holmes "Institutional Infrastructure for Data Sharing"Holmes "Institutional Infrastructure for Data Sharing"
Holmes "Institutional Infrastructure for Data Sharing"
 
Management and assessment-1
Management and assessment-1Management and assessment-1
Management and assessment-1
 
FeduShare TechEx15
FeduShare TechEx15FeduShare TechEx15
FeduShare TechEx15
 
Using technology to enhance classroom learning
Using technology to enhance classroom learningUsing technology to enhance classroom learning
Using technology to enhance classroom learning
 
Usability Studies for Public Libraries
Usability Studies for Public LibrariesUsability Studies for Public Libraries
Usability Studies for Public Libraries
 
20190221 Data subject rights in practice
20190221 Data subject rights in practice20190221 Data subject rights in practice
20190221 Data subject rights in practice
 
IETC 2011-Making Information Work-Applying competency standards to improve te...
IETC 2011-Making Information Work-Applying competency standards to improve te...IETC 2011-Making Information Work-Applying competency standards to improve te...
IETC 2011-Making Information Work-Applying competency standards to improve te...
 
Public Health Executives Association Site Visit at Ramathibodi (February 6, 2...
Public Health Executives Association Site Visit at Ramathibodi (February 6, 2...Public Health Executives Association Site Visit at Ramathibodi (February 6, 2...
Public Health Executives Association Site Visit at Ramathibodi (February 6, 2...
 
Data Management and Horizon 2020
Data Management and Horizon 2020Data Management and Horizon 2020
Data Management and Horizon 2020
 
Voice Primer Labs Use It and Teach It.pptx
Voice Primer Labs Use It and Teach It.pptxVoice Primer Labs Use It and Teach It.pptx
Voice Primer Labs Use It and Teach It.pptx
 
Data and communication of research: incentives and disincentives
Data and communication of research: incentives and disincentivesData and communication of research: incentives and disincentives
Data and communication of research: incentives and disincentives
 
Healthcare CIO10 Site Visit at Ramathibodi Hospital (February 12, 2020)
Healthcare CIO10 Site Visit at Ramathibodi Hospital (February 12, 2020)Healthcare CIO10 Site Visit at Ramathibodi Hospital (February 12, 2020)
Healthcare CIO10 Site Visit at Ramathibodi Hospital (February 12, 2020)
 

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 

User-Controllable Security and Privacy for Pervasive Computing, at Hotmobile2007

  • 1. User-Controllable Security and Privacy forPervasive Computing http://www.cs.cmu.edu/~sadeh/user_controllable_security_and_privacy.htm © Ian Fette 2007, All Rights Reserved User-Controllable Security andUser-Controllable Security and Privacy for Pervasive ComputingPrivacy for Pervasive Computing Jason Cornwell,Jason Cornwell, Ian FetteIan Fette, Gary Hsieh, Madhu Prabaker,, Gary Hsieh, Madhu Prabaker, Jinghai Rao, Karen Tang, Kami Vaniea, Lujo Bauer, LorrieJinghai Rao, Karen Tang, Kami Vaniea, Lujo Bauer, Lorrie Cranor, Jason Hong, Bruce McLaren, Mike Reiter, NormanCranor, Jason Hong, Bruce McLaren, Mike Reiter, Norman SadehSadeh February 26, 2007 icf@cs.cmu.edu
  • 2. • School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 2 What’s wrong?What’s wrong?
  • 3. • School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 3 Even worse…Even worse…
  • 4. • School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 4 The ProblemThe Problem  Mobile devices are becoming integrated intoMobile devices are becoming integrated into everyday lifeeveryday life  Mobile communications  Sharing location information with others  Remote access to home  Mobile e-commerce  Managing Security and privacy policies is hardManaging Security and privacy policies is hard  Preferences hard to articulate  Policies hard to specify  Limited input and output  Leads to new sources of vulnerability andLeads to new sources of vulnerability and frustrationfrustration
  • 5. • School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 5 The ObjectiveThe Objective  ObjectiveObjective  Develop and validate techniques to empower end-users to manage their policies  Evaluate tradeoffs between expressiveness, tolerance for errors, burden on users and overall user acceptance  Understand how much we can realistically hope to delegate to users – business and policy implications  Large multi-disciplinary team and projectLarge multi-disciplinary team and project  Six faculty, 1.5 postdocs, 10 graduate students  Roughly 1.5 years into project
  • 6. • School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 6 OverviewOverview  MotivationMotivation  Domains we’re InvestigatingDomains we’re Investigating  Contextual Instant Messaging  Access Control of Resources with Grey  People Finder  Problems We’re Looking At  Prior Studies in Lab  Difficulty of Specifying Preferences  Ability to Learn Preferences  Current Work  Field Deployment and Study  More Comprehensive Rule Specification Mechanism  Conclusions
  • 7. • School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 7 Contextual Instant MessagingContextual Instant Messaging  Facilitate coordination and communication byFacilitate coordination and communication by letting people request contextual information vialetting people request contextual information via IMIM  Interruptibility (via SUBTLE toolkit)  Location (via Place Lab wifi positioning)  Active window  Developed a custom client and robot on top ofDeveloped a custom client and robot on top of AIMAIM  Client (Trillian plugin) captures and sends context to robot  People can query imbuddy411 robot for info  “howbusyis username”  Robot also contains privacy rules governing disclosure
  • 8. • School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 8 Contextual Instant Messaging (2)Contextual Instant Messaging (2)
  • 9. • School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 9 Access Control of Resources withAccess Control of Resources with GreyGrey Distributed smartphone-basedDistributed smartphone-based access control systemaccess control system  physical resources like office doors, computers, and coke machines  electronic ones like computer accounts and electronic files  currently only physical doors  Proofs assembled fromProofs assembled from credentialscredentials  No central access control list  End-users can create flexible policies
  • 10. • School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 10 People FinderPeople Finder  Allow users to request eachAllow users to request each others’ locationothers’ location  Useful for meeting up  Checking up on someone  Involves…Involves…  Eliciting users’ privacy preferences  Allowing users to audit the incoming request history  Attempting to learn users’ preferences automatically  Making “smart” suggestions to users for how to fix problems  … and lots of behind-the-scenes work
  • 11. • School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 11 People Finder (2)People Finder (2)  Problems we’re investigating:Problems we’re investigating:  How to allow users to specify rules  What to include in rules  Time  Date  Person / Group  Location  Calendar Activities  Anything else…  As an example, how to specify locations in rules?  Minimum Bounding Rectangles?  Labeled Spaces  … or more complex ontologies (“in a bar”, “at home”, “at a colleague’s house”…  …yet more expressiveness may not necessarily increase user’s sense of control and satisfaction.
  • 12. • School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 12 People Finder (3)People Finder (3)  Current SystemCurrent System
  • 13. • School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 13 People Finder (4)People Finder (4) • Results so far (lab study) – Users take a long time to specify rules – Users take a long time to revise rules 0 170 340 510 680 850 U ser2 U ser4 U ser6 U ser8 U ser10 U ser12 U ser14 Rule Creation Time Rule Revision Time Mean (sec) Standard Deviation (sec) Rule Creation 321.53 206.10 Rule Maintenance 101.15 110.02 Total 422.69 213.48
  • 14. • School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 14 People Finder (5)People Finder (5)  …… and yet, even after spending all this time,and yet, even after spending all this time, users are still unable to craft policies thatusers are still unable to craft policies that completely express their intent…completely express their intent…  ……but there’s hope, as we seem to be able to do abut there’s hope, as we seem to be able to do a good job at learning preferences based on auditgood job at learning preferences based on audit historyhistory 0.0 7.5 15.0 22.5 30.0 U ser2U ser3U ser4U ser5U ser6U ser7U ser8U ser9U ser10U ser11U ser12U ser13U ser14 Original Rules Modified Rules (in-study) Modified Rules (post-study) Case-Based Reasoner 61 67 72 82 0 20 40 60 80 100 O riginalRules M odified Rules (in-study) M odified Rules (post-study)C ase-Based R easoner % Correct Disclosures
  • 15. • School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 15 People Finder (6)People Finder (6)  Current WorkCurrent Work  Field Deployment and Study  Giving out cell phones to users  Observing the rule-creation behavior  Analyzing accuracy of rules, and attempting to use machine learning to do better than the users’ own rules  More Comprehensive Rule Specification Mechanism  Allow users to create hierarchal groups  Allow location to be a part of rule specification
  • 16. • School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 16 People Finder (7)People Finder (7)  Current SystemCurrent System
  • 17. • School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 17 People Finder (8)People Finder (8)
  • 18. • School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 18 People Finder (9)People Finder (9)
  • 19. • School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 19 People Finder (10)People Finder (10)  Future Work:Future Work:  Better visualization of policies  Better explanation of options to correct policies  Utilization of additional semantic information  Calendaring  Directory services  Location services
  • 20. • School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 20 USABLE POLICY AUTHORING: A PEOPLE FINDER EXAMPLEUSABLE POLICY AUTHORING: A PEOPLE FINDER EXAMPLE Scenario Illustration New Technology Policy Creation Policy Enforcement Policy Auditing & Refinement My colleagues can see my location on weekdays between 8am and 5pm Jane Time Jane is in Oakland but I can’t access Eric’s location Jane and Eric are late for our meeting. Show me where they are! Bob’s Phone Bob Why couldn’t Bob see where I was? Bob is a colleague. So far only your friends can see where you are Eric Step What if my colleagues could see my location too?Eric In the past you denied access to your colleague Steve OK, make it just my superiors Policy Visualization Policy Enforcing Engines Explanation Dialog Learning from the past
  • 21. • School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 21 ConclusionsConclusions  Traditional security paradigms do not directly translate to mobile andTraditional security paradigms do not directly translate to mobile and pervasive computingpervasive computing  Users are responsible for increasing number of policies, and needUsers are responsible for increasing number of policies, and need help to express their desireshelp to express their desires  Machine learning can be a part of helping users craft better policiesMachine learning can be a part of helping users craft better policies  Explanation technologies will be key to helping users understandExplanation technologies will be key to helping users understand problems and their solutionsproblems and their solutions  There is a tradeoff between expressiveness of policies and both theThere is a tradeoff between expressiveness of policies and both the ability of users to create these policies, and the accuracy of theability of users to create these policies, and the accuracy of the created policies, which must be further exploredcreated policies, which must be further explored  Better interfaces, combined with learning and explanation support,Better interfaces, combined with learning and explanation support, may alter the expressiveness-cost,accuracy tradeoffmay alter the expressiveness-cost,accuracy tradeoff
  • 22. • School of Computer Science •© Ian C. Fette 2007, All Rights Reserved • http://www.ianfette.com/ 22 AcknowledgementsAcknowledgements  Thanks to the members of the team:Thanks to the members of the team:  Jason Cornwell, Ian Fette, Gary Hsieh, Madhu Prabaker, Jinghai Rao, Karen Tang, Kami Vaniea,Lujo Bauer, Lorrie Cranor, Jason Hong, Bruce McLaren, Mike Reiter, Norman Sadeh* *my advisor  Special thanks to Jason Hong and Norman Sadeh forSpecial thanks to Jason Hong and Norman Sadeh for sharing some of their slidessharing some of their slides  …… and to our sponsors.and to our sponsors.  This work is supported by NSF Cyber Trust grant CNS-0627513, NSF grant CNS-0433540, and ARO research grant DAAD19-02- 1-0389 to Carnegie Mellon University's CyLab. Contact: Ian Fette or Norman Sadeh (icf,sadeh)@cs.cmu.edu Carnegie Mellon University, School of Computer Science 5000 Forbes Ave, Pittsburgh PA 15213

Editor's Notes

  1. Slide 21: you may want to mention that the project is about throwing a bunch of different techniques at this problem (learning, dialogs, explanation and visualization + different levels of expressiveness and different types of application). Our hope is to develop families of technologies that can effectively and efficiently empower users to control their policies and also to better understand the likely limitations of these technologies across different types of environments (e.g. as user tolerance for errors varies across different domains).