Proximity Displays for Access Control

Abstract

Managing access to shared digital information, such as photographs and documents, is di cult for end users who are accumulating an increasingly large and diverse collection of data that they want to share with others. Current policy-management solutions require a user to proactively seek out and open a separate policy-management interface when she wants to review or change her access-control policy. However, end users treat access control as a secondary task, and rarely visit a website for the primary task of managing security. Historically, security administrators and auditors were available to check for access-control issues on behalf of users, but in the age of Facebook and Flickr people are responsible for their own content. Users need a way to review their access-control policies that ts into their normal work ows. This thesis proposes the use of proximity information displays | small interface components spatially located near the data elements (or near a representation of data, e.g., le name in a le manager or thumbnail photo in a photo album) that contain information about who currently has access or who could access the data. These displays are intended to help users become more aware of how their data has been used in the past and how the data could be used in the future. We present empirical studies that test the hypothesis Users of a system that includes proximity information displays of access control-information will implement policies that result in grant/deny actions that better match their preferences than will users of a system where access-control information is available only on a secondary interface. The focus of this thesis is understanding the impact of proximity displays on people's permission-modi cation behavior.

Document Details

Document Type

Technical Report

Publication Date

Sep 01, 2012

Accession Number

ADA570051

Entities

Tags