[CSEE Talk] Talk: Strong, usable access control for personal data, 1pm Thr 3/6, ITE325b, UMBC

[Tim Finin]

	     Computer Science and Electrical Engineering
	       University of Maryland, Baltimore County


	TOWARD STRONG, USABLE ACCESS CONTROL FOR PERSONAL DATA

			   Michelle Mazurek
		      Carnegie Mellon University

	    1:00pm Thursday, 6 March 2014, IRE 325b, UMBC


Users create, store and access a lot of personal data, both on their
devices and in the cloud. Although this provides tremendous benefits,
it also creates risks to security and privacy, ranging from the
inconvenient (private photos posted around the office) to the serious
(loss of a job; withdrawal of college admission). Simply refusing to
share personal data is not feasible or desirable, but sharing
indiscriminately is equally problematic. Instead, users should be able
to efficiently accomplish their primary goals without unnecessarily
compromising their privacy.  In this talk, I describe my work toward
developing usable access-control mechanisms for personal data. I
review the results of three user studies that provided insight into
users' policy needs and preferences. I then discuss the design and
implementation of Penumbra, a distributed file system with built-in
access control designed to support those needs.  Penumbra has two key
building blocks: semantic-tag-based policy specification and
logic-based policy enforcement. Our results show that Penumbra can
enforce users' preferred policies securely with low overhead.


Michelle Mazurek is a Ph.D. candidate in Electrical and Computer
Engineering at Carnegie Mellon University, co-advised by Lujo Bauer
and Greg Ganger. Her research interests span security, systems, and
HCI, with particular emphasis on designing systems from the ground up
for usable security. She has worked on projects related to usable
access control, distributed systems, and passwords.

Host: Penny Rheingans, rheingan at cs.umbc.edu

     -- more information and directions: http://bit.ly/UMBCtalks --