Menu
Access-control tool for personal stuff knows 'private' can mean 'it's complicated'

Access-control tool for personal stuff knows 'private' can mean 'it's complicated'

Researchers have developed tag-based software to control who can see your files

Think about it: Who should be allowed to see photos of you drunk?

Now: Who should be able to see your "very drunk" pictures?

Enterprises have had sophisticated access-control tools for a long time. Researchers at Carnegie Mellon University and the University of North Carolina have now developed a way to apply fine-grained controls to the most sensitive data of all: your personal stuff.

The system, called Penumbra, is based on software that runs in the file system. Penumbra lets consumers apply tags to their content and set policies about who can access files based on those tags. The policies can also use automatically generated tags, such as those based on face recognition. The researchers' prototype system ran on a set of Linux desktops on a LAN, but it could also be implemented across tablets, smartphones and other devices. And the sweet spot for Penumbra could be cloud-based storage services.

In the past, controlling who saw a private photo or letter was relatively simple. Digital media and the Internet changed all that, said Carnegie Mellon graduate student Michelle Mazurek, who gave a presentation on Penumbra to the Usenix FAST conference this week in Santa Clara, California.

"The traditional physical and social boundaries for access control are really failing," Mazurek said. Consumers have content spread across multiple devices and online repositories, such as Web mail, photo sites and social-networking platforms. Instead of simply keeping an embarrassing photo in a drawer, users now have to understand multiple technologies and know how to use them.

"All of us .... are basically all our own access control administrators," Mazurek said. That job is hard even for IT administrators, let alone for consumers. When they try it and fail, things can get ugly. Along with the danger of employers and college admissions offices finding files that reflect poorly on applicants, Mazurek cited reports about a girl in the Netherlands who sent her Facebook friends a birthday party invitation without controlling who could receive it. About 30,000 people ultimately got the invitation, leading to a mob of 3,000 and a riot in which six people were injured.

The Carnegie Mellon researchers wanted to develop access controls that were easy to use and understand. They designed Penumbra to let consumers set up controls that match the way they organize and describe their own content. Rather than presenting users with predefined categories and rules, Penumbra gives them the flexibility to define whatever policies they like based on everyday terms, she said.

"The idea here is that we want to minimize the mismatch between the intended policy -- what the user thought of -- and the actual specified policy," Mazurek said.

By talking to users, Mazurek's team found out that access preferences can be very specific. For example, a preschool teacher wanted to be able to share photos of the children she taught, but only if the parents of those kids allowed it.

Another requested feature was more personal.

"One user ... told us that some friends were allowed to see 'drunk' photos, but not 'very drunk' photos. It's a subtle but apparently very important difference," Mazurek said.

Tags used in Penumbra are cryptographically signed credentials, so they can't be forged or spoofed, she said. Each user can assign different tags to the same file based on how they think about the content. The tags themselves can be secret in addition to the files they describe.

Penumbra controls access to files using software that issues challenges among devices to establish a user's identity and authorization to see a requested file. Those claims are validated through logical proofs. Permissions can be cached for a limited time so the proof doesn't always have to be repeated.

In most cases, users wouldn't notice a lag from using Penumbra, Mazurek said. A rule of thumb is that operations that take less than 100 milliseconds are invisible to users, and most of the system calls generated by Penumbra are well under that limit, she said. In the fastest case, for a user accessing his or her own files, the system works in about 1 millisecond, she said. If anyone turned the system into a product, they could put more effort into performance, Mazurek said.

The researchers don't expect all users to conscientiously tag all their content. Automatic tagging based on locations, keywords or facial recognition could make the process easier, and users could also be given reminders about the tags they use most often, Mazurek said. However, given the idiosyncrasies that came up when the team looked into people's personal data worries, offering default settings probably wouldn't help, she said.

"It's really hard to come up with defaults that make sense to a broad set of people," Mazurek said.

Stephen Lawson covers mobile, storage and networking technologies for The IDG News Service. Follow Stephen on Twitter at @sdlawsonmedia. Stephen's e-mail address is stephen_lawson@idg.com

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags University of North CarolinaCarnegie Mellon Universitysecurityinternetprivacy

Featured

Slideshows

Reseller News launches inaugural Hall of Fame lunch

Reseller News launches inaugural Hall of Fame lunch

Reseller News welcomed 2015 and 2016 inductees - Darryl Swann, Dave Rosenberg, Gary Bigwood, Keith Watson, Mike Hill and Scott Green - to the inaugural Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed how the channel can collectively work together to benefit New Zealand, the Kiwi skills shortage and the future of the industry. Photos by Maria Stefina.

Reseller News launches inaugural Hall of Fame lunch
Educating from the epicentre - Why distributors are the pulse checkers of the channel

Educating from the epicentre - Why distributors are the pulse checkers of the channel

​As the channel changes and industry voices deepen, the need for clarity and insight heightens. Market misconceptions talk of an “under pressure” distribution space, with competitors in that fateful “race for relevance” across New Zealand. Amidst the cliched assumptions however, distribution is once again showing its strength, as a force to be listened to, rather than questioned. Traditionally, the role was born out of a need for vendors and resellers to find one another, acting as a bridge between the testing lab and the marketplace. Yet despite new technologies and business approaches shaking the channel to its very core, distributors remain tied to the epicentre - providing the voice of reason amidst a seismic industry shift. In looking across both sides of the vendor and partner fences, the middle concept of the three-tier chain remains centrally placed to understand the metrics of two differing worlds, as the continual pulse checkers of the local channel. This exclusive Reseller News Roundtable, in association with Dicker Data and rhipe, examined the pivotal role of distribution in understanding the health of the channel, educating from the epicentre as the market transforms at a rapid rate.

Educating from the epicentre - Why distributors are the pulse checkers of the channel
Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Show Comments