User-controllable security and privacy for pervasive computing

We describe our current work in developing novel mechanisms for managing security and privacy in pervasive computing environments. More specifically, we have developed and evaluated three different applications, including a contextual instant messenger, a

Jason Cornwell, Ian Fette, Gary Hsieh, Madhu Prabaker, Jinghai Rao, Karen Tang, Kami Vaniea, Lujo Bauer, Lorrie Cranor, Jason Hong, Bruce McLaren, Mike Reiter, Norman Sadeh (2007). User-Controllable Security and Privacy for Pervasive Computing. In the Proceedings of the Eighth IEEE Workshop on Mobile Computing Systems and Applications (HotMobile), February 26-27, 2007, Tucson, Arizona.

USER-CONTROLLABLE SECURITY AND PRIVACY FOR PERVASIVE COMPUTING Jason Cornwell, Ian Fette, Gary Hsieh, Madhu Prabaker, Jinghai Rao, Karen Tang, Kami Vaniea,

Lujo Bauer, Lorrie Cranor, Jason Hong, Bruce McLaren, Mike Reiter, Norman Sadeh

School of Computer Science – Carnegie Mellon University – Pittsburgh, PA – USA

Email contact: sadeh@cs.cmu.edu

Abstract

We describe our current work in developing novel mechanisms for managing security and

privacy in pervasive computing environments. More specifically, we have developed and

evaluated three different applications, including a contextual instant messenger, a people finder application, and a phone-based application for access control. We also draw out some themes we have learned thus far for user-controllable security and privacy.

1. Introduction

Mobile devices and the services they support are increasingly becoming central in both

personal and business life. The dramatic market growth of smartphones and portable storage devices suggests that the number of devices that contribute to personal, enterprise, and

government computing environments will continue to increase. At the same time, the vast

majority of these devices are unmanaged, and so with these new applications comes the need to enable lay users to handle the inherent security and privacy implications.

Managing security and privacy policies is known to be difficult. Even in desktop computing environments, end-users have great difficulty using the Windows XP file permission system

[MR05]. In mobile and pervasive computing settings, this situation is often exacerbated by the limitations of devices and the numerous tasks users concurrently engage in. To make matters worse, desired security and privacy settings are not just difficult to articulate, but also tend to change over time. However, emerging demands for empowering end-users to set up policies are often unrealistic. This in turn may result in new sources of vulnerability and high levels of user frustration, if not outright distrust or even fear of pervasive computing technologies.

We believe it is important to develop new user interfaces to support lay users in

understanding and managing security and privacy policies – their own as well as those

implemented by systems and individuals with whom they interact. Previous solutions have taken a narrow view, e.g. limiting the expressiveness of policy languages, or restricting some decisions to specific roles within the enterprise. As systems grow more pervasive and more complex, and as demands for increasing flexibility and delegation continue to grow, we argue it is imperative to take a more fundamental view that weaves together issues of security, privacy, and usability.

In this paper, we report on our initial work in designing and evaluating novel mechanisms for managing security and privacy in pervasive computing environments. Our research combines the development of new user interfaces with learning, dialog, and explanation functionality to

empower users. We describe our current work with respect to three pervasive computing

scenarios, and then draw out themes that we have learned thus far. Our three applications are:

1. Contextual Instant Messaging: Users can inquire about each other’s context (e.g.

interruptability, location and current task) through an instant messaging service

2. People Finder Application: Users are equipped with location-aware smartphones. They

interact with their devices to inquire about the locations of others subject to privacy policies

User controllable security and privacy for pervasive computing相关文档

最新文档

返回顶部