Norman M. Sadeh ISR - School of Computer Science Carnegie Mellon University User-Controllable Security and Privacy.

Slides:



Advertisements
Similar presentations
Norman Sadeh – Carnegie Mellon University – DAML PI Meeting- Feb. 13, 2002 DAML PI Meeting Status Briefing A Semantic Web Environment for Mobile Context-Aware.
Advertisements

Information technology solutions development Fundamentals of Information Technology Session 3.
Manuela Veloso, Anthony Stentz, Alexander Rudnicky Brett Browning, M. Bernardine Dias Faculty Thomas Harris, Brenna Argall, Gil Jones Satanjeev Banerjee.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Privacy Authorization Languages.
Beyond Prototypes: Challenges in Deploying Ubiquitous Systems N. Davies and H. Gellersen IEEE pervasive computing, 2002 Presenter: Min Zhang
Health Information Security & Privacy February 9, 2014 ONC Policy HIT Policy Committee Privacy and Security Workgroup Denise Anthony Sociology and ISTS.
A Semantic e-Wallet to Reconcile Privacy and Context Awareness Fabien L. Gandon & Norman M. Sadeh Mobile Commerce Lab. – Carnegie Mellon University.
Usable Security (Part 1 – Oct. 30/07) Dr. Kirstie Hawkey Content primarily from Teaching Usable Privacy and Security: A guide for instructors (
Norman M. Sadeh Mobile Commerce Lab. ISR - School of Computer Science Carnegie Mellon University User-Controllable Privacy: A Multi-Disciplinary.
UI Standards & Tools Khushroo Shaikh.
Development and Evaluation of Emerging Design Patterns for Ubiquitous Computing Eric Chung Carnegie Mellon Jason Hong Carnegie Mellon Madhu Prabaker University.
Privacy and Ubiquitous Computing Jason I. Hong. Ubicomp Privacy is a Serious Concern “[Active Badge] could tell when you were in the bathroom, when you.
Research on access control policy configuration Manya and Shuai.
Usable Privacy and Security Carnegie Mellon University Spring 2006 Cranor/Hong/Reiter 1 Course Overview January.
1RADAR – Scheduling Task © 2003 Carnegie Mellon University RADAR – Scheduling Task May 20, 2003 Manuela Veloso, Stephen Smith, Jaime Carbonell, Brett Browning,
Oxford eResearch Conference 2008 Paper Session 4A: NCeSS Oxford, UK, ( ) Experience of e-Social Science: A Case of Andy Turner and MoSeS Andy.
Usable Privacy and Security Carnegie Mellon University Spring 2008 Lorrie Cranor 1 Designing user studies February.
FI-WARE – Future Internet Core Platform FI-WARE Security July 2011 High-level Description.
Usable Privacy and Security: Trust, Phishing, and Pervasive Computing Jason I. Hong Carnegie Mellon University.
User- Controllable Privacy and Security for Pervasive Computing Jason I. Hong Carnegie Mellon University.
Usable Privacy and Security: Trust, Phishing, and Pervasive Computing Jason I. Hong Carnegie Mellon University.
Copyright © Norman Sadeh Semantic Web Technologies to Reconcile Privacy and Context Awareness Norman M. Sadeh ISRI- School of Computer Science.
Control of Personal Information in a Networked World Rebecca Wright Boaz Barak Jim Aspnes Avi Wigderson Sanjeev Arora David Goodman Joan Feigenbaum ToNC.
Four Two Rants on Mobile Computing Jason I. Hong Feb Carnegie Mellon University Intel Ultra-Mobile Devices Workshop.
Who’s Viewed You? The Impact of Feedback in a Mobile Location-Sharing Application Date : 2011/09/06 Reporter : Lin Kelly.
Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 Course Overview January 16, 2007.
The University of California Strengthening Business Practices: The Language of Our Control Environment Dan Sampson Assistant Vice President Financial Services.
Social Science Research Design and Statistics, 2/e Alfred P. Rovai, Jason D. Baker, and Michael K. Ponton Internal Consistency Reliability Analysis PowerPoint.
Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Smart Phones Edgardo Vega Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura.
Semantic Web Technologies Lecture # 2 Faculty of Computer Science, IBA.
Human-Computer Interaction Breakout Clare-Marie Karat, Charles Wiecha Wanda Dunn, Jason Hong, Bonnie John, Bob Kraut, Brad Myers, Norman Sadeh.
An Intelligent Broker Architecture for Context-Aware Systems A PhD. Dissertation Proposal in Computer Science at the University of Maryland Baltimore County.
P2P Systems Meet Mobile Computing A Community-Oriented Software Infrastructure for Mobile Social Applications Cristian Borcea *, Adriana Iamnitchi + *
Mobile and Location-Based Services Jason I. Hong May
Privacy-Triggered Communications in Pervasive Social Networks Murtuza Jadliwala, Julien Freudiger, Imad Aad, Jean-Pierre Hubaux and Valtteri Niemi.
Carnegie MellonCarnegie Mellon 1 Business Meeting Organizer A Multi-Agent Meeting Scheduler using Mobile Context Kathleen Yang
Page 1 Login Security Usability Test Results | August 2014 Login Security Usability Test Results Conducted by Jayne Schurick Usability Consultant
Data Security and Privacy in Academic Computing Terry Benzel Deputy Director Internet and Networked Systems Division Information Sciences Institute John.
Tim Finin University of Maryland, Baltimore County 29 January 2013 Joint work with Anupam Joshi, Laura Zavala and our students SRI Social Media Workshop.
Nudging People Janne Lindqvist WINLAB, Dept. of ECE, Rutgers University NSF/DIMACS Workshop for Aspiring PIs in Secure and Trustworthy Cyberspace October.
UMBC iConnect Audumbar Chormale, Dr. A. Joshi, Dr. T. Finin, Dr. Z. Segall.
 CS 5380 Software Engineering Chapter 2 – Software Processes Chapter 2 Software Processes1.
The Science of Cyber Security Laurie Williams 1 Figure from IEEE Security and Privacy, May-June 2011 issue.
Carnegie Mellon School of Computer Science Copyright © 2001, Carnegie Mellon. All Rights Reserved. JAVELIN Project Briefing 1 AQUAINT Phase I Kickoff December.
Semantic Web and Policy Workshop Panel Contribution Norman M. Sadeh School of Computer Science Carnegie Mellon University Director, e-Supply Chain Management.
Chapter 12: Introducing Evaluation. The aims To illustrate how observation, interviews and questionnaires that you encountered in Chapters 7 and 8 are.
Context Awareness: From Dream to Reality Norman M. Sadeh School of Computer Science Carnegie Mellon University Research Sponsors: DARPA/DAML, IBM, Boeing,
Chapter 12: Introducing Evaluation. The aims To illustrate how observation, interviews and questionnaires that you encountered in Chapters 7 and 8 are.
Fall 2011 Course Syllabus Instructor: Sergiu Dascalu Department of Computer Science and Engineering August 30,
Human-Computer Interaction at CMU Jodi Forlizzi Jason Hong.
CSIIR Workshop March 14-15, Privilege and Policy Management for Cyber Infrastructures Dennis Kafura Markus Lorch Support provided by: Commonwealth.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Policy Authoring Matthew Dunlop Usable Security – CS 6204 – Fall, 2009 – Dennis.
- NCSU project goals and requirements - Adoption Drivers - Current challenges and pain points - Identacor at NCSU - Identacor Features - NCSU Key Benefits.
1 Web Services Policy Management Greg Pavlik Web Services Architect Oracle Corporation May 11, 2005.
Usable Privacy and Security and Mobile Social Services Jason Hong
Usable Privacy and Security Carnegie Mellon University Spring 2008 Lorrie Cranor 1 Usable Privacy and Security.
Evaluating Service Users’ Perspectives of Coventry City Council’s Individual Budgets Pilot.
Semantic Web in Context Broker Architecture Presented by Harry Chen, Tim Finin, Anupan Joshi At PerCom ‘04 Summarized by Sungchan Park
Dude, Where's My Car? And Other Questions in Context-Awareness Jason I. Hong James A. Landay Group for User Interface Research University of California.
Selected Semantic Web UMBC CoBrA – Context Broker Architecture  Using OWL to define ontologies for context modeling and reasoning  Taking.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Semantic Web Policy Systems Presented By: John Paul Dunning Usable Security – CS.
User-Controllable Privacy: An Oxymoron? Norman Sadeh Director, Mobile Commerce Lab. Professor, School of Computer Science Carnegie Mellon University
Prof. James A. Landay University of Washington Spring 2008 Web Interface Design, Prototyping, and Implementation Ubicomp Design Pre-Patterns May 29, 2008.
TRUST Area 3 Overview: Privacy, Usability, & Social Impact
Chapter 18 MobileApp Design
CS310 Software Engineering Lecturer Dr.Doaa Sami
Making Privacy Possible: Research on Organizational Privacy Technology
The Platform for Privacy Preferences Project
Architecture Issue in the New Disciple System
Presentation transcript:

Norman M. Sadeh ISR - School of Computer Science Carnegie Mellon University User-Controllable Security and Privacy

Copyright © Norman M. SadehCMU/Microsoft Mindswap – Oct Slide 2 Privacy in Mobile & Pervasive Computing  MyCampus project over the past 7 years Piloted a number of context-aware applications on campus Privacy as a major impediment to adoption  Wikipedia’s definition of privacy: “… the ability of an individual or group to keep their lives and personal affairs out of public view, or to control the flow of information about themselves. Privacy is the ability of an individual or organization to reveal oneself selectively…”

Copyright © Norman M. SadehCMU/Microsoft Mindswap – Oct Slide 3 Computational Thinking Challenge  …But lay users (and even “experts”) are not very good at defining privacy policies… Complexity of people’s policies “One size fits all” often doesn’t apply Policies change over time Poor understanding of the consequences of how one’s information will be used Trust Engine technologies are ahead of usability research

Copyright © Norman M. SadehCMU/Microsoft Mindswap – Oct Slide 4 Question  Can we develop technologies that empower users to more accurately specify their policies?  And some related questions such as: User burden vs. accuracy  Incl. expressiveness issue How does this change from one application to another, from one user to another?

Copyright © Norman M. SadehCMU/Microsoft Mindswap – Oct Slide 5 Three Application Domains  MyCampus - Current focus: People Finder  Grey – Defining policies to control access to rooms in a building  IMBuddy – Contextual Instant Messaging

Copyright © Norman M. SadehCMU/Microsoft Mindswap – Oct Slide 6 People Finder Architecture JimMary Combines GPS, GSM and WiFi Available on cell phones and laptops PEA = Policy Enforcing Agent Policies represented in rule extension of OWL language MyCampus Server Mary’s PEA Jim’s PEA Jim’s KB Mary’s KB

Copyright © Norman M. SadehCMU/Microsoft Mindswap – Oct Slide 7 People’s Policies Are Often Varied & Complex  User’s willingness to share their location depends on: Who is asking When Where they are What they are doing Who they are with And more…

Copyright © Norman M. SadehCMU/Microsoft Mindswap – Oct Slide 8 People Finder – Defining Rules

Copyright © Norman M. SadehCMU/Microsoft Mindswap – Oct Slide 9 Users Are Not Good At Defining Policies Mean (sec) Standard Deviation (sec) Rule Creation Rule Maintenance Total People Finder Application: Lab study with 19 users 30 queries per user

Copyright © Norman M. SadehCMU/Microsoft Mindswap – Oct Slide 10 …and it’s not for lack of trying…

Copyright © Norman M. SadehCMU/Microsoft Mindswap – Oct Slide 11 It’s Not Because of the Interface

Copyright © Norman M. SadehCMU/Microsoft Mindswap – Oct Slide 12 Only Slight Correlation with # Rules -Total of 30 requests -Post-hoc accuracy

Copyright © Norman M. SadehCMU/Microsoft Mindswap – Oct Slide 13 Only Slight Correlation with Time Spent -Total of 30 requests -Post-hoc accuracy

Copyright © Norman M. SadehCMU/Microsoft Mindswap – Oct Slide 14 Some Users Realize They Can’t Get It Right Adoption Impediment

Copyright © Norman M. SadehCMU/Microsoft Mindswap – Oct Slide 15 Approach Pervasive Computing Environments Pervasive Computing Environments User Interface CredentialsPolicies Policy Engine(s) Explanation Learning Dialog Policy Support Agent Meta- Control Legend: Project Focus Resource (incl. policies) Organization (incl. policies) Other users

Copyright © Norman M. SadehCMU/Microsoft Mindswap – Oct Slide 16 Importance of Feedback - Notifications PeopleFinder application

Copyright © Norman M. SadehCMU/Microsoft Mindswap – Oct Slide 17 Feedback – Summaries IMBuddy Application - Courtesy: Jason Hong

Copyright © Norman M. SadehCMU/Microsoft Mindswap – Oct Slide 18 IMBuddy Evaluation  Usefulness of bubble notification, 1.6 (σ=0.6) Scale of 1 to 5, where 1=strongly agree that it was useful, 3=neutral, 5=srongly disagree

Copyright © Norman M. SadehCMU/Microsoft Mindswap – Oct Slide 19 Feedback Through Audit Logs Explanation

Copyright © Norman M. SadehCMU/Microsoft Mindswap – Oct Slide 20 Machine Learning  Audited Logs can be used to refine a user’s policies

Copyright © Norman M. SadehCMU/Microsoft Mindswap – Oct Slide 21 Lab Study

Copyright © Norman M. SadehCMU/Microsoft Mindswap – Oct Slide 22 More Recent Pilots – 12 most active target users 3 Pilots – total of over 60 participants User-Defined Rules: 79% vs. ML: 91% Note: Includes benefits of auditing

Copyright © Norman M. SadehCMU/Microsoft Mindswap – Oct Slide 23 Ongoing Work  Learning is a “black box” technology  Users are unlikely to understand the policies they end up with  Can we develop technology that incrementally suggests policy changes to users? Tradeoff between rapid convergence and maintaining policies that users can relate to

Copyright © Norman M. SadehCMU/Microsoft Mindswap – Oct Slide 24 Policy Evolution

Copyright © Norman M. SadehCMU/Microsoft Mindswap – Oct Slide 25 Other Promising Approaches  Visualization Techniques  Explanations & dialogues

Copyright © Norman M. SadehCMU/Microsoft Mindswap – Oct Slide 26 Overall Vision New Technology Policy Creation Policy Enforcement Policy Auditing & Refinement My colleagues can see my location on weekdays between 8am and 5pm Jane Time Jane is in Oakland but I can’t access Eric’s location Jane and Eric are late for our meeting. Show me where they are! Bob’s Phone Bob Why couldn’t Bob see where I was? Bob is a colleague. So far only your friends can see where you are Eric What if my colleagues could see my location too? Eric In the past you denied access to your colleague Steve OK, make it just my superiors Policy Visualization Policy Enforcing Engines Explanation Dialog Learning from the past

Copyright © Norman M. SadehCMU/Microsoft Mindswap – Oct Slide 27 Some of the Things We’ve Learned So Far  Adoption will depend on whether users feel they have adequate control over the disclosure of their contextual information  People often have rather complex privacy preferences People are not good at specifying their policies Not easy to identify good default policies beyond just denying all requests  Policies tend to become more complex as users grow more sophisticated Allowing more requests but in an increasingly selective way  Auditing is critical Learning, explanation & dialogs appear promising  Applies to both privacy and security policies

Copyright © Norman M. SadehCMU/Microsoft Mindswap – Oct Slide 28 Q&A Come & check out our poster this evening

Copyright © Norman M. SadehCMU/Microsoft Mindswap – Oct Slide 29 Some References  User-Controllable Security and Privacy Project:  Norman Sadeh, Fabien Gandon and Oh Buyng Kwon, “Ambient Intelligence: The MyCampus Experience”, Chapter in "Ambient Intelligence and Pervasive Computing", Eds. T. Vasilakos and W. Pedrycz, ArTech House, (Also available as Tech. Report CMU-ISRI , School of Computer Science, Carnegie Mellon University) - gence%20Tech%20Report%20final.pdfAmbient Intelligence: The MyCampus Experience  Jason Cornwell, Ian Fette, Gary Hsieh, Madhu Prabaker, Jinghai Rao, Karen Tang, Kami Vaniea, Lujo Bauer, Lorrie Cranor, Jason Hong, Bruce McLaren, Mike Reiter, Norman Sadeh, "User-Controllable Security and Privacy for Pervasive Computing", Proceedings of the 8th IEEE Workshop on Mobile Computing Systems and Applications (HotMobile 2007), February user-controllable-security-privacy%20submitted%20FINAL.pdfUser-Controllable Security and Privacy for Pervasive Computing user-controllable-security-privacy%20submitted%20FINAL.pdf  M. Prabaker, J. Rao, I. Fette, P. Kelley, L. Cranor, J. Hong, and N. Sadeh, "Understanding and Capturing People's Privacy Policies in a People Finder Application", 2007 Ubicomp Workshop on Privacy, Austria, Sept. 2007Understanding and Capturing People's Privacy Policies in a People Finder Application

Copyright © Norman M. SadehCMU/Microsoft Mindswap – Oct Slide 30 Acknowledgements Collaborators: Faculty: L. Bauer, L Cranor, J. Hong, B. McLaren, M. Reiter, P. Steenkiste Post-Docs & Students: P. Drielsma, M. Prabaker, J. Rao, I. Fette, P. Kelley, K. Vaniea, R. Reeder, A Sardinha, J. Albertson, D. Hacker, J. Pincar, M. Weber. The work presented in these slides is supported in part by NSF Cyber Trust grant CNS and ARO research grant DAAD ("Perpetually Available and Secure Information Systems") to Carnegie Mellon University's CyLab.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.