Michelle L. Mazurek
Richard Shay
Kami Vaniea
Lujo Bauer
Lorrie Faith Cranor
Michael K. Reiter
ABSTRACT
As digital content becomes more prevalent in the home, non-technical users are increasingly interested in sharing that content with others and accessing it from multiple devices. Not much is known about how these users think about controlling access to this data. To better understand this, we conducted semi-structured, in-situ interviews with 33 users in 15 households. We found that users create ad-hoc access-control mechanisms that do not always work; that their ideal policies are complex and multi-dimensional; that a priori policy specification is often insufficient; and that people's mental models of access control and security are often misaligned with current systems. We detail these findings and present a set of associated guidelines for designing usable access-control systems for the home environment.
- ABI Research. Home networking end-user snapshot: Consumer adoption of home and media networking, June 2008. http://www.abiresearch.com/research/1000323-Home+Networking+End-User+Snapshot.Google Scholar
- D.B. Baker. Fortresses built upon sand. In Proc. NSPW, pages 148--153, 1996. Google ScholarDigital Library
- L. Bauer, L.F. Cranor, R.W. Reeder, M.K. Reiter, and K. Vaniea. A user study of policy creation in a flexible access-control system. In Proc. CHI, 2008. Google ScholarDigital Library
- L. Bauer, S. Garriss, and M.K. Reiter. Distributed proving in access-control systems. In Proc. IEEE Symposium on Security & Privacy, 2005. Google ScholarDigital Library
- K. Beznosov and O. Beznosova. On the imbalance of the security problem space and its expected consequences. Information Management & Computer Security, 15:420--431, 2007.Google ScholarCross Ref
- A. Brush and K. Inkpen. Yours, mine and ours? Sharing and use of technology in domestic environments. In Proc. Ubicomp, 2007. Google ScholarDigital Library
- D. Dearman and J. S. Pierce. "It's on my other computer!": Computing with multiple devices. In Proc. CHI, 2008. Google ScholarDigital Library
- P. Dourish, E. Grinter, J. Delgado de la Flor, and M. Joseph. Security in the wild: user strategies for managing security as an everyday, practical problem. Personal Ubiquitous Computing, 8:391--401, 2004. Google ScholarCross Ref
- S. Egelman, A. Brush, and K. Inkpen. Family accounts: A new paradigm for user accounts within the home environment. In Proc. CSCW, 2008. Google ScholarDigital Library
- R. Geambasu, M. Balazinska, S.D. Gribble, and H.M. Levy. HomeViews: Peer-to-peer middleware for personal data sharing applications. In Proc. SIGMOD, 2007. Google ScholarDigital Library
- A.K. Karlson, A.B. Brush, and S. Schechter. Can I borrow your phone? Understanding concerns when sharing mobile phones. In Proc. CHI, pages 1647--1650, 2009. Google ScholarDigital Library
- L. Little, E. Sillence, and P. Briggs. Ubiquitous systems and the family: thoughts about the networked home. In Proc. SOUPS, 2009. Google ScholarDigital Library
- R.A. Maxion and R.W. Reeder. Improving user-interface dependability through mitigation of human error. Int. J. Hum.-Comput. Stud., 63:25--50, 2005. Google ScholarDigital Library
- J.S. Olson, J. Grudin, and E. Horvitz. A study of preferences for sharing and privacy. In Proc. CHI, 2005. Google ScholarDigital Library
- E.S. Poole, M. Chetty, T. Morgan, R.E. Grinter, and W.K. Edwards. Computer help at home: methods and motivations for informal technical support. In Proc. CHI, 2009. Google ScholarDigital Library
- V. Ramasubramanian, T. Rodeheffer, D.B. Terry, M. Walraed-Sullivan, T. Wobber, C. Marshall, and A. Vahdat. Cimbiosys: A platform for content-based partial replication. Technical Report MSR-TR-2008-116, Microsoft Research, August 2008.Google ScholarDigital Library
- M.N. Razavi and L. Iverson. A grounded theory of information sharing behavior in a personal learning space. In Proc. CSCW, pages 459--468, 2006. Google ScholarDigital Library
- L. Richards. Handling Qualitative Data: A Practical Guide. Sage Publications, 2007.Google Scholar
- L. Richards and J.M. Morse. Readme First for a User's Guide to Qualitative Methods. Sage Publications, Thousand Oaks, 2007.Google Scholar
- B. Salmon, F. Hady, and J. Melican. Learning to share: A study of sharing among home storage devices. Technical Report CMU-PDL-07-107, Carnegie Mellon University Parallel Data Lab, October 2007.Google Scholar
- B. Salmon, S.W. Schlosser, L.F. Cranor, and G.R. Ganger. Perspective: Semantic data management for the home. In Proc. FAST, 2009. Google ScholarDigital Library
- S. Voida, W.K. Edwards, M.W. Newman, R.E. Grinter, and N. Ducheneaut. Share and share alike: exploring the user interface affordances of file sharing. In Proc. CHI, 2006. Google ScholarDigital Library
Index Terms
- Access Control for Home Data Sharing: Attitudes, Needs and Practices
Recommendations
An Evaluation of Role Based Access Control Towards Easier Management Compared to Tight Security
ICFNDS '17: Proceedings of the International Conference on Future Networks and Distributed SystemsRole-based access control (RBAC) is a widely-used protocol to design and build an access control for providing the system security regarding authorization. Even though in the context of internet resources access, the authentication and access control ...
Context-Specific Access Control: Conforming Permissions With User Expectations
SPSM '15: Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile DevicesCurrent mobile platforms take an all-or-nothing approach to assigning permissions to applications. Once a user grants an application permission to access a particular resource, the application can use that permission whenever it executes thereafter. ...
An authorization mechanism for a relational database system
A multiuser database system must selectively permit users to share data, while retaining the ability to restrict data access. There must be a mechanism to provide protection and security, permitting information to be accessed only by properly authorized ...
Comments