Think about it: Who should be allowed to see photos of you drunk?
Now: Who should be able to see your "very drunk" pictures?
Enterprises have had sophisticated access-control tools for a long time. Researchers at Carnegie Mellon University and the University of North Carolina have now developed a way to apply fine-grained controls to the most sensitive data of all: your personal stuff.
The system, called Penumbra, is based on software that runs in the file system. Penumbra lets consumers apply tags to their content and set policies about who can access files based on those tags. The policies can also use automatically generated tags, such as those based on face recognition. The researchers' prototype system ran on a set of Linux desktops on a LAN, but it could also be implemented across tablets, smartphones and other devices. And the sweet spot for Penumbra could be cloud-based storage services.
In the past, controlling who saw a private photo or letter was relatively simple. Digital media and the Internet changed all that, said Carnegie Mellon graduate student Michelle Mazurek, who gave a presentation on Penumbra to the Usenix FAST conference this week in Santa Clara, California.
"The traditional physical and social boundaries for access control are really failing," Mazurek said. Consumers have content spread across multiple devices and online repositories, such as Web mail, photo sites and social-networking platforms. Instead of simply keeping an embarrassing photo in a drawer, users now have to understand multiple technologies and know how to use them.
"All of us .... are basically all our own access control administrators," Mazurek said. That job is hard even for IT administrators, let alone for consumers. When they try it and fail, things can get ugly. Along with the danger of employers and college admissions offices finding files that reflect poorly on applicants, Mazurek cited reports about a girl in the Netherlands who sent her Facebook friends a birthday party invitation without controlling who could receive it. About 30,000 people ultimately got the invitation, leading to a mob of 3,000 and a riot in which six people were injured.
The Carnegie Mellon researchers wanted to develop access controls that were easy to use and understand. They designed Penumbra to let consumers set up controls that match the way they organize and describe their own content. Rather than presenting users with predefined categories and rules, Penumbra gives them the flexibility to define whatever policies they like based on everyday terms, she said.
"The idea here is that we want to minimize the mismatch between the intended policy -- what the user thought of -- and the actual specified policy," Mazurek said.
By talking to users, Mazurek's team found out that access preferences can be very specific. For example, a preschool teacher wanted to be able to share photos of the children she taught, but only if the parents of those kids allowed it.
Another requested feature was more personal.
"One user ... told us that some friends were allowed to see 'drunk' photos, but not 'very drunk' photos. It's a subtle but apparently very important difference," Mazurek said.
Tags used in Penumbra are cryptographically signed credentials, so they can't be forged or spoofed, she said. Each user can assign different tags to the same file based on how they think about the content. The tags themselves can be secret in addition to the files they describe.
Penumbra controls access to files using software that issues challenges among devices to establish a user's identity and authorization to see a requested file. Those claims are validated through logical proofs. Permissions can be cached for a limited time so the proof doesn't always have to be repeated.
In most cases, users wouldn't notice a lag from using Penumbra, Mazurek said. A rule of thumb is that operations that take less than 100 milliseconds are invisible to users, and most of the system calls generated by Penumbra are well under that limit, she said. In the fastest case, for a user accessing his or her own files, the system works in about 1 millisecond, she said. If anyone turned the system into a product, they could put more effort into performance, Mazurek said.
The researchers don't expect all users to conscientiously tag all their content. Automatic tagging based on locations, keywords or facial recognition could make the process easier, and users could also be given reminders about the tags they use most often, Mazurek said. However, given the idiosyncrasies that came up when the team looked into people's personal data worries, offering default settings probably wouldn't help, she said.
"It's really hard to come up with defaults that make sense to a broad set of people," Mazurek said.
Stephen Lawson covers mobile, storage and networking technologies for The IDG News Service. Follow Stephen on Twitter at @sdlawsonmedia. Stephen's e-mail address is stephen_lawson@idg.com
Focus on your customer experience not your NPS score. Fix the fucking problems and the customer support requests will go away.I currently...
Chris B
Bringing community thinking to Optus' customer service team
Nice blog!Blog is really informative , valuable.keep updating us with such amazing blogs.influencer agency in Melbourne
Rajat Kumar
Why flipping Status Quo Bias is the key to B2B marketing success
good this information are very helpful for millions of peoples customer loyalty Consultant is an important part of every business.
Tom Devid
Report: 4 ways to generate customer loyalty
Great post, thanks for sharing such a informative content.
CodeWare Limited
APAC software company brings on first VP of growth
This article highlights Gartner’s latest digital experience platforms report and how they are influencing content operations ecosystems. ...
vikram Roy
Gartner 2022 Digital Experience Platforms reveals leading vendor players