Users create, store and access a lot of personal data, both on their devices and in the cloud. Although this provides tremendous benefits, it also creates risks to security and privacy, ranging from the inconvenient (private photos posted around the office) to the serious (loss of a job; withdrawal of college admission). Simply refusing to share personal data is not feasible or desirable, but sharing indiscriminately is equally problematic. Instead, users should be able to efficiently accomplish their primary goals without unnecessarily compromising their privacy. In this talk, I describe my work toward developing usable access-control mechanisms for personal data. I review the results of three user studies that provided insight into users’ policy needs and preferences. I then discuss the design and implementation of Penumbra, a distributed file system with built-in access control designed to support those needs. Penumbra has two key building blocks: semantic-tag-based policy specification and logic-based policy enforcement. Our results show that Penumbra can enforce users’ preferred policies securely with low overhead.
Michelle Mazurek is a Ph.D. candidate in Electrical and Computer Engineering at Carnegie Mellon University, co-advised by Lujo Bauer and Greg Ganger. Her research interests span security, systems, and HCI, with particular emphasis on designing systems from the ground up for usable security. She has worked on projects related to usable access control, distributed systems, and passwords.