Michelle Mazurek Defense

Michelle Mazurek Defense

Starts at: May 6, 2014 10:00 AM

Ends at: 1:00 PM

Location: CIC 2101


People store and share ever-increasing numbers of digital documents, photos, and other content, both on personal devices and within online networks. In this environment, proper access control is critical to help users obtain the benefits of sharing varied content with different groups of people while avoiding trouble at work, embarrassment, identity theft, and other problems related to unintended disclosure. Current approaches often fail, either because they insufficiently protect data or because they confuse users about policy specification. Historically, correctly managing access control has proven difficult, time-consuming, and error-prone, even for experts; to make matters worse, access control remains a secondary task most non-expert users are unwilling to spend significant time on.

To solve this problem, access control for content-sharing tools and services should provide verifiable security, make policy configuration and management simple and understandable for users, reduce the risk of user error, and minimize the required user effort. In this thesis, I present a novel access-control mechanism designed to match users’ mental models while providing principled security. I first present three user studies that provide insight into people’s access-control needs and preferences. Drawing on the results of these studies, I present Penumbra, a prototype distributed file system that combines semantic, tag-based policy specification with logic-based access control, flexibly supporting intuitive policies while providing high assurance of correctness. To evaluate Penumbra, I present a set of detailed, realistic case studies drawn from prior research into users’ access-control preferences. Using microbenchmarks and traces generated from the case studies, I demon- strate that Penumbra can enforce users’ policies with overhead less than 5% for most system calls. Finally, I present lessons learned from my experiences, which can inform the further development of usable access-control mechanisms both for sharing files and in the broader context of personal data.