Computer Science Colloquia
Michele Mazurek, Carnegie Mellon University
Wednesday, March 19, 2014
3:30 PM, Rice Hall, Rm. 130 (Light refreshments after the seminar Rice Hall 4th floor atrium)
HOST: abhi shelat
Toward strong, usable access control for personal data
Users create, store and access a lot of personal data, both on
their devices and in the cloud. Although this provides tremendous
benefits, it also creates risks to security and privacy, ranging from
the inconvenient (private photos posted around the office) to the
serious (loss of a job; withdrawal of college admission). Simply
refusing to share personal data is not feasible or desirable, but
sharing indiscriminately is equally problematic. Instead, users should
be able to efficiently accomplish their primary goals without
unnecessarily compromising their privacy. In this talk, I describe my
work toward developing usable access-control mechanisms for personal
data. I review the results of three user studies that provided insight
into users' policy needs and preferences. I then discuss the design and
implementation of Penumbra, a distributed file system with built-in
access control designed to support those needs. Penumbra has two key
building blocks: semantic-tag-based policy specification and logic-based
policy enforcement. Our results show that Penumbra can enforce users'
preferred policies securely with low overhead.
Bio: Michelle Mazurek is a Ph.D. candidate in Electrical and Computer Engineering at Carnegie Mellon University, co-advised by Lujo Bauer and Greg Ganger. Her research interests span security, systems, and HCI, with particular emphasis on designing systems from the ground up for usable security. She has worked on projects related to usable access control, distributed systems, and passwords.