Access-control tool for personal stuff knows 'private' can mean 'it's complicated'

Researchers have developed tag-based software to control who can see your files

Think about it: Who should be allowed to see photos of you drunk?

Now: Who should be able to see your "very drunk" pictures?

Enterprises have had sophisticated access-control tools for a long time. Researchers at Carnegie Mellon University and the University of North Carolina have now developed a way to apply fine-grained controls to the most sensitive data of all: your personal stuff.

The system, called Penumbra, is based on software that runs in the file system. Penumbra lets consumers apply tags to their content and set policies about who can access files based on those tags. The policies can also use automatically generated tags, such as those based on face recognition. The researchers' prototype system ran on a set of Linux desktops on a LAN, but it could also be implemented across tablets, smartphones and other devices. And the sweet spot for Penumbra could be cloud-based storage services.

In the past, controlling who saw a private photo or letter was relatively simple. Digital media and the Internet changed all that, said Carnegie Mellon graduate student Michelle Mazurek, who gave a presentation on Penumbra to the Usenix FAST conference this week in Santa Clara, California.

"The traditional physical and social boundaries for access control are really failing," Mazurek said. Consumers have content spread across multiple devices and online repositories, such as Web mail, photo sites and social-networking platforms. Instead of simply keeping an embarrassing photo in a drawer, users now have to understand multiple technologies and know how to use them.

"All of us .... are basically all our own access control administrators," Mazurek said. That job is hard even for IT administrators, let alone for consumers. When they try it and fail, things can get ugly. Along with the danger of employers and college admissions offices finding files that reflect poorly on applicants, Mazurek cited reports about a girl in the Netherlands who sent her Facebook friends a birthday party invitation without controlling who could receive it. About 30,000 people ultimately got the invitation, leading to a mob of 3,000 and a riot in which six people were injured.

The Carnegie Mellon researchers wanted to develop access controls that were easy to use and understand. They designed Penumbra to let consumers set up controls that match the way they organize and describe their own content. Rather than presenting users with predefined categories and rules, Penumbra gives them the flexibility to define whatever policies they like based on everyday terms, she said.

"The idea here is that we want to minimize the mismatch between the intended policy -- what the user thought of -- and the actual specified policy," Mazurek said.

By talking to users, Mazurek's team found out that access preferences can be very specific. For example, a preschool teacher wanted to be able to share photos of the children she taught, but only if the parents of those kids allowed it.

Another requested feature was more personal.

"One user ... told us that some friends were allowed to see 'drunk' photos, but not 'very drunk' photos. It's a subtle but apparently very important difference," Mazurek said.

Tags used in Penumbra are cryptographically signed credentials, so they can't be forged or spoofed, she said. Each user can assign different tags to the same file based on how they think about the content. The tags themselves can be secret in addition to the files they describe.

Penumbra controls access to files using software that issues challenges among devices to establish a user's identity and authorization to see a requested file. Those claims are validated through logical proofs. Permissions can be cached for a limited time so the proof doesn't always have to be repeated.

In most cases, users wouldn't notice a lag from using Penumbra, Mazurek said. A rule of thumb is that operations that take less than 100 milliseconds are invisible to users, and most of the system calls generated by Penumbra are well under that limit, she said. In the fastest case, for a user accessing his or her own files, the system works in about 1 millisecond, she said. If anyone turned the system into a product, they could put more effort into performance, Mazurek said.

The researchers don't expect all users to conscientiously tag all their content. Automatic tagging based on locations, keywords or facial recognition could make the process easier, and users could also be given reminders about the tags they use most often, Mazurek said. However, given the idiosyncrasies that came up when the team looked into people's personal data worries, offering default settings probably wouldn't help, she said.

"It's really hard to come up with defaults that make sense to a broad set of people," Mazurek said.

Stephen Lawson covers mobile, storage and networking technologies for The IDG News Service. Follow Stephen on Twitter at @sdlawsonmedia. Stephen's e-mail address is stephen_lawson@idg.com

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments

Latest Videos

More Videos

Algorithms that can make sense of unstructured data is the future. It's great to see experts in the field getting together in Melbourne t...

Sumit Takim

In pictures: Harnessing AI for customer engagement - CMO roundtable Melbourne

Read more

Are you sure they wont start a platform that the cheese is white, pretty sure that is racist

Hite

New brand name for Coon Cheese revealed

Read more

Real digital transformation requires reshaping the way the business create value for customers. Achieving this requires that organization...

ravi H

10 lessons Telstra has learnt through its T22 transformation

Read more

thanks

Lillian Juliet

How Winedirect has lifted customer recency, frequency and value with a digital overhaul

Read more

Having an effective Point of Sale system implemented in your retail store can streamline the transactions and data management activities....

Sheetal Kamble

​Jurlique’s move to mobile POS set to enhance customer experience

Read more

Blog Posts

Brand storytelling lessons from Singapore’s iconic Fullerton hotel

In early 2020, I had the pleasure of staying at the newly opened Fullerton Hotel in Sydney. It was on this trip I first became aware of the Fullerton’s commitment to brand storytelling.

Gabrielle Dolan

Business storytelling leader

You’re doing it wrong: Emotion doesn’t mean emotional

If you’ve been around advertising long enough, you’ve probably seen (or written) a slide which says: “They won’t remember what you say, they’ll remember how you made them feel.” But it’s wrong. Our understanding of how emotion is used in advertising has been ill informed and poorly applied.

Zac Martin

Senior planner, Ogilvy Melbourne

Why does brand execution often kill creativity?

The launch of a new brand, or indeed a rebrand, is a transformation to be greeted with fanfare. So why is it that once the brand has launched, the brand execution phase can also be the moment at which you kill its creativity?

Rich Curtis

CEO, FutureBrand A/NZ

Sign in