skip to main content
10.1145/1456377.1456380acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

User-controllable learning of security and privacy policies

Published: 27 October 2008 Publication History

Abstract

Studies have shown that users have great difficulty specifying their security and privacy policies in a variety of application domains. While machine learning techniques have successfully been used to refine models of user preferences, such as in recommender systems, they are generally configured as "black boxes" that take control over the entire policy and severely restrict the ways in which the user can manipulate it. This article presents an alternative approach, referred to as user-controllable policy learning. It involves the incremental manipulation of policies in a context where system and user refine a common policy model. The user regularly provides feedback on decisions made based on the current policy. This feedback is used to identify (learn) incremental policy improvements which are presented as suggestions to the user. The user, in turn, can review these suggestions and decide which, if any, to accept. The incremental nature of the suggestions enhances usability, and because the user and the system manipulate a common policy representation, the user retains control and can still make policy modifications by hand. Results obtained using a neighborhood search implementation of this approach are presented in the context of data derived from the deployment of a friend finder application, where users can share their locations with others, subject to privacy policies they refine over time. We present results showing policy accuracy, which averages 60% upon initial definition by our users climbing as high as 90% using our technique.

References

[1]
G. Adomavicius and A. Tuzhilin. Toward the next generation of recommender systems: a survey of the state-of-the-art and possible extensions. Knowledge and Data Engineering, IEEE Transactions on, 17(6):734--749, 2005.
[2]
Boi Faltings, Pearl Pu, Marc Torrens, and Paolo Viappiani. Designing example-critiquing interaction. In Proceedings of the 2004 International Conference on Intelligent User Interfaces, User modeling I, pages 22--29, 2004.
[3]
Jonathan L. Herlocker, Joseph A. Konstan, and John Riedl. Explaining collaborative filtering recommendations. In CSCW '00: Proceedings of the 2000 ACM conference on Computer supported cooperative work, pages 241--250, New York, NY, USA, 2000. ACM.
[4]
G. Linden, B. Smith, and J. York. Amazon.com recommendations: item-to-item collaborative filtering. Internet Computing, IEEE, 7(1):76--80, 2003.
[5]
Roy A. Maxion and Robert W. Reeder. Improving user-interface dependability through mitigation of human error. International Journal of Man-Machine Studies, 63(1-2):25--50, 2005.
[6]
Christena Nippert-Eng. Privacy in the United States: Some implications for design. International Journal of Design, {Online} 1:2, Aug 2007. Available at http://www.ijdesign.org/ojs/index.php/IJDesign/article/view/67/30.
[7]
Michael J. Pazzani. Representation of electronic mail filtering profiles: a user study. In IUI '00: Proceedings of the 5th international conference on Intelligent user interfaces, pages 202--206, New York, NY, USA, 2000. ACM.
[8]
Michael J. Pazzani and Daniel Billsus. Learning and revising user profiles: The identification of interesting web sites. Machine Learning, 27(3):313--331, 1997.
[9]
Al Mamunur Rashid, Istvan Albert, Dan Cosley, Shyong K. Lam, Sean M. McNee, Joseph A. Konstan, and John Riedl. Getting to know you: learning new user preferences in recommender systems. In IUI, pages 127--134, 2002.
[10]
Norman Sadeh, Jason Hong, Lorrie Cranor, Ian Fette, Patrick Kelley, Madhu Prabaker, and Jinghai Rao. Understanding and capturing people's privacy policies in a people finder application. In Proceedings of the 5th International Workshop on Privacy in UbiComp (UbiPriv'07), September 2007.
[11]
J. Ben Schafer, Joseph A. Konstan, and John Riedl. E-commerce recommendation applications. Data Min. Knowl. Discov, 5(1/2):115--153, 2001.
[12]
Simone Stumpf, Vidya Rajaram, Lida Li, Margaret Burnett, Thomas Dietterich, Erin Sullivan, Russell Drummond, and Jonathan Herlocker. Toward harnessing user feedback for machine learning. In IUI '07: Proceedings of the 12th international conference on Intelligent user interfaces, pages 82--91, New York, NY, USA, 2007. ACM.
[13]
Paolo Viappiani, Boi Faltings, and Pearl Pu. Preference-based search using example-critiquing with suggestions. J. Artif. Intell. Res. (JAIR), 27:465--503, 2006.

Cited By

View all
  • (2024)A Survey on Trustworthy Recommender SystemsACM Transactions on Recommender Systems10.1145/36528913:2(1-68)Online publication date: 13-Apr-2024
  • (2022)Automated privacy negotiations with preference uncertaintyAutonomous Agents and Multi-Agent Systems10.1007/s10458-022-09579-136:2Online publication date: 1-Oct-2022
  • (2021)User-Tailored PrivacyModern Socio-Technical Perspectives on Privacy10.1007/978-3-030-82786-1_16(367-393)Online publication date: 29-Jul-2021
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
AISec '08: Proceedings of the 1st ACM workshop on Workshop on AISec
October 2008
84 pages
ISBN:9781605582917
DOI:10.1145/1456377
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 October 2008

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. security and privacy policies
  2. usable security
  3. user-controllable learning

Qualifiers

  • Research-article

Conference

CCS08
Sponsor:

Acceptance Rates

AISec '08 Paper Acceptance Rate 9 of 20 submissions, 45%;
Overall Acceptance Rate 94 of 231 submissions, 41%

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)8
  • Downloads (Last 6 weeks)0
Reflects downloads up to 16 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2024)A Survey on Trustworthy Recommender SystemsACM Transactions on Recommender Systems10.1145/36528913:2(1-68)Online publication date: 13-Apr-2024
  • (2022)Automated privacy negotiations with preference uncertaintyAutonomous Agents and Multi-Agent Systems10.1007/s10458-022-09579-136:2Online publication date: 1-Oct-2022
  • (2021)User-Tailored PrivacyModern Socio-Technical Perspectives on Privacy10.1007/978-3-030-82786-1_16(367-393)Online publication date: 29-Jul-2021
  • (2020)Mobile User Location Inference Attacks Fusing with Multiple Background Knowledge in Location-Based Social NetworksMathematics10.3390/math80202628:2(262)Online publication date: 17-Feb-2020
  • (2020)Interpretable Machine Learning for Privacy-Preserving Pervasive SystemsIEEE Pervasive Computing10.1109/MPRV.2019.291854019:1(73-82)Online publication date: Jan-2020
  • (2019)Moving Beyond Set-It-And-Forget-It Privacy Settings on Social MediaProceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security10.1145/3319535.3354202(991-1008)Online publication date: 6-Nov-2019
  • (2019)Adaptive and Intelligible Prioritization for Network Security Incidents2019 International Conference on Cyber Security and Protection of Digital Services (Cyber Security)10.1109/CyberSecPODS.2019.8885208(1-8)Online publication date: Jun-2019
  • (2018)Privacy in Mobile and Pervasive ComputingSynthesis Lectures on Mobile and Pervasive Computing10.2200/S00882ED1V01Y201810MPC01310:1(1-139)Online publication date: 3-Dec-2018
  • (2017)Study on privacy preserving recommender systems datasets2017 International Conference on Inventive Computing and Informatics (ICICI)10.1109/ICICI.2017.8365367(335-338)Online publication date: Nov-2017
  • (2017)Tools for Achieving Usable Ex Post Transparency: A SurveyIEEE Access10.1109/ACCESS.2017.27655395(22965-22991)Online publication date: 2017
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media