Access-control tool for personal stuff knows 'private' can mean 'it's complicated'

Researchers have developed tag-based software to control who can see your files

Think about it: Who should be allowed to see photos of you drunk?

Now: Who should be able to see your "very drunk" pictures?

Enterprises have had sophisticated access-control tools for a long time. Researchers at Carnegie Mellon University and the University of North Carolina have now developed a way to apply fine-grained controls to the most sensitive data of all: your personal stuff.

The system, called Penumbra, is based on software that runs in the file system. Penumbra lets consumers apply tags to their content and set policies about who can access files based on those tags. The policies can also use automatically generated tags, such as those based on face recognition. The researchers' prototype system ran on a set of Linux desktops on a LAN, but it could also be implemented across tablets, smartphones and other devices. And the sweet spot for Penumbra could be cloud-based storage services.

In the past, controlling who saw a private photo or letter was relatively simple. Digital media and the Internet changed all that, said Carnegie Mellon graduate student Michelle Mazurek, who gave a presentation on Penumbra to the Usenix FAST conference this week in Santa Clara, California.

"The traditional physical and social boundaries for access control are really failing," Mazurek said. Consumers have content spread across multiple devices and online repositories, such as Web mail, photo sites and social-networking platforms. Instead of simply keeping an embarrassing photo in a drawer, users now have to understand multiple technologies and know how to use them.

"All of us .... are basically all our own access control administrators," Mazurek said. That job is hard even for IT administrators, let alone for consumers. When they try it and fail, things can get ugly. Along with the danger of employers and college admissions offices finding files that reflect poorly on applicants, Mazurek cited reports about a girl in the Netherlands who sent her Facebook friends a birthday party invitation without controlling who could receive it. About 30,000 people ultimately got the invitation, leading to a mob of 3,000 and a riot in which six people were injured.

The Carnegie Mellon researchers wanted to develop access controls that were easy to use and understand. They designed Penumbra to let consumers set up controls that match the way they organize and describe their own content. Rather than presenting users with predefined categories and rules, Penumbra gives them the flexibility to define whatever policies they like based on everyday terms, she said.

"The idea here is that we want to minimize the mismatch between the intended policy -- what the user thought of -- and the actual specified policy," Mazurek said.

By talking to users, Mazurek's team found out that access preferences can be very specific. For example, a preschool teacher wanted to be able to share photos of the children she taught, but only if the parents of those kids allowed it.

Another requested feature was more personal.

"One user ... told us that some friends were allowed to see 'drunk' photos, but not 'very drunk' photos. It's a subtle but apparently very important difference," Mazurek said.

Tags used in Penumbra are cryptographically signed credentials, so they can't be forged or spoofed, she said. Each user can assign different tags to the same file based on how they think about the content. The tags themselves can be secret in addition to the files they describe.

Penumbra controls access to files using software that issues challenges among devices to establish a user's identity and authorization to see a requested file. Those claims are validated through logical proofs. Permissions can be cached for a limited time so the proof doesn't always have to be repeated.

In most cases, users wouldn't notice a lag from using Penumbra, Mazurek said. A rule of thumb is that operations that take less than 100 milliseconds are invisible to users, and most of the system calls generated by Penumbra are well under that limit, she said. In the fastest case, for a user accessing his or her own files, the system works in about 1 millisecond, she said. If anyone turned the system into a product, they could put more effort into performance, Mazurek said.

The researchers don't expect all users to conscientiously tag all their content. Automatic tagging based on locations, keywords or facial recognition could make the process easier, and users could also be given reminders about the tags they use most often, Mazurek said. However, given the idiosyncrasies that came up when the team looked into people's personal data worries, offering default settings probably wouldn't help, she said.

"It's really hard to come up with defaults that make sense to a broad set of people," Mazurek said.

Stephen Lawson covers mobile, storage and networking technologies for The IDG News Service. Follow Stephen on Twitter at @sdlawsonmedia. Stephen's e-mail address is stephen_lawson@idg.com

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments

Blog Posts

5 things every business can do to drive brand loyalty

If you’re in any customer-centric role, you’ll likely be familiar with the Net Promoter Score (NPS) – one of the most popular tools for brands to measure their customer sentiment.

Catherine Anderson

Chief customer officer, Powershop Australia

What the modern gig economy is doing to customer experience

Most marketing theory was established in the context of stable employment relationships. From front-line staff to marketing strategists and brand managers, employees generally enjoyed job security with classic benefits such as superannuation plans, stable income streams, employment rights, training, sabbaticals and long-service leave.

Dr Chris Baumann

Associate professor, Macquarie University

The new data hierarchy

We are all digital lab rats spewing treasure troves of personal data wherever we go.

Gerry Murray

Research director, marketing and sales technology services, IDC

Thank you! That was useful to know.

Belia Adam

Why your best social marketing brand tool could be hiding in plain sight

Read more

Because you are missing the point of the term "disruption"

Sean

Uber for the truckies: How one Aussie startup is disrupting the freight industry

Read more

Absolutely agree with this ... Facebook doesn't care what adds they show. You report an add for fake news/scam and it just remains "open...

Quasi Carbon

Unilever CMO threatens Facebook, Google with digital advertising boycott

Read more

How to create Pinball game in 4 minshttps://youtu.be/S1bsp7del3M

Alex Atmavan

Rethinking gamification in marketing

Read more

True Local - one of the least credible review sites on the entire internet.

MyNameIsStomp

Former Virgin Mobile CMO and CEO joins oOh! as first customer chief

Read more

Latest Podcast

More podcasts

Sign in