CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy...
-
date post
22-Dec-2015 -
Category
Documents
-
view
226 -
download
5
Transcript of CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy...
![Page 1: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/1.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 1
Authentication, access control, and policy configuration
Lorrie Faith CranorOctober 2009
![Page 2: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/2.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 2
Outline
Definitions Authentication Access control Policy management Policy authoring
![Page 3: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/3.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 3
Definitions Identification - a claim about identity
– Who or what I am (global or local) Authentication - confirming that claims are true
– I am who I say I am– I have a valid credential
Authorization - granting permission based on a valid claim– Now that I have been validated, I am allowed to access certain resources
or take certain actions Access control system - a system that authenticates users and gives
them access to resources based on their authorizations– Includes or relies upon an authentication mechanism– May include the ability to grant course or fine-grained authorizations,
revoke or delegate authorizations– Also includes an interface for policy configuration and management
![Page 4: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/4.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 4
Building blocks of authentication Factors
– Something you know (or recognize)– Something you have– Something you are
Two factors are better than one– Especially two factors from different categories
What are some examples of each of these factors?
What are some examples of two-factor authentication?
![Page 5: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/5.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 5
Authentication mechanisms
Text-based passwords Graphical passwords Hardware tokens Public key crypto protocols Biometrics
![Page 6: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/6.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 6
Evaluation
Accessibility Memorability Security Cost Environmental considerations
![Page 7: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/7.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 7
Typical password advice
![Page 8: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/8.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 8
Typical password advice Pick a hard to guess password Don’t use it anywhere else Change it often Don’t write it down
So what do you do when every web site you visit asks for a password?
![Page 9: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/9.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 9
Bank = b3aYZ Amazon = aa66x!Phonebill = p$2$ta1
![Page 10: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/10.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 10
![Page 11: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/11.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 11
Problems with Passwords Selection
– Difficult to think of a good password– Passwords people think of first are easy to guess
Memorability– Easy to forget passwords that aren’t frequently used– Difficult to remember “secure” passwords with a mix of upper & lower
case letters, numbers, and special characters Reuse
– Too many passwords to remember– A previously used password is memorable
Sharing– Often unintentional through reuse– Systems aren’t designed to support the way people work together and
share information
![Page 12: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/12.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 12
Mnemonic PasswordsFour
First letter of each word (with punctuation)
fsasya,oFSubstitute numbers for words or similar-looking letters
4sa7ya,oFSubstitute symbols for words or similar-looking letters
F
4sasya,oF
Four
4sa7ya,oF
4s&7ya,oF
score s andaand seven sseven yearsy ago a ,, our o Fathers F
Source: Cynthia Kuo, SOUPS 2006
![Page 13: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/13.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 13
The Promise?
Phrases help users incorporate different character classes in passwords– Easier to think of character-for-word substitutions
Virtually infinite number of phrases Dictionaries do not contain mnemonics
Source: Cynthia Kuo, SOUPS 2006
![Page 14: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/14.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 14
The Problem?
“Goodness” of mnemonic passwords unknown– Yan et al. compared regular, mnemonic, and
randomly generated passwords• Used standard (non-mnemonic) dictionary• Effectively evaluated whether mnemonic passwords
contained dictionary words
Source: Cynthia Kuo, SOUPS 2006
![Page 15: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/15.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 15
Mnemonic password evaluation Mnemonic passwords are not a panacea for
password creation No comprehensive dictionary today May become more vulnerable in future
– Many people start to use them– Attackers incentivized to build dictionaries
Publicly available phrases should be avoided!
C. Kuo, S. Romanosky, and L. Cranor. Human Selection of Mnemonic Phrase-Based Passwords. In Proceedings of the 2006 Symposium On Usable Privacy and Security, 12-14 July 2006, Pittsburgh, PA.
Source: Cynthia Kuo, SOUPS 2006
![Page 16: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/16.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 16
Password keeper software
Run on PC or handheld Only remember one password
![Page 17: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/17.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 17
Single sign-on
Login once to get access to all your passwords
![Page 18: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/18.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 18
Biometrics
![Page 19: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/19.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 19
Graphical passwords
![Page 20: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/20.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 20
“Forgotten password” mechanism Email password or magic URL to address on file Challenge questions Why not make this the normal way to access infrequently
used sites?
![Page 21: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/21.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 21
Convenient SecureID 1
What problems does this approach solve?
What problems does it create?
Source:
http://worsethanfailure.com/Articles/Security_by_Oblivity.aspx
![Page 22: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/22.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 22
Convenient SecureID 2
What problems does this approach solve?
What problems does is create?
22
Previously available at:
http://fob.webhop.net/
![Page 23: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/23.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 23
Browser-based mutual authentication Chris Drake’s “Magic Bullet” proposal http://lists.w3.org/Archives/Public/public-usable-a
uthentication/2007Mar/0004.html– User gets ID, password (or alternative), image,
hotspot at enrollment– Before user is allowed to login they are asked to
confirm URL and SSL cert and click buttons– Then login box appears and user enters username
and password (or alternative)– Server displays set of images, including user’s image
(or if user entered incorrect password, random set of images appear)
– User finds their image and clicks on hotspot• Image manipulation can help prevent replay attacks
What problems does this solve? What problems doesn’t it solve? What kind of testing is needed
![Page 24: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/24.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 24
Types of access control Discretionary access control
– Distributed, dynamic, users set access rules for resources they own and can delegate access to others
Role-based access control– Centralized admin assigns users to roles and sets
access rules based on roles And many others that vary
– discretionary/mandatory– centralized/distributed– granularity– grouping
![Page 25: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/25.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 25
Policy management problems Admins, large organizations understanding large
access control policies– Someone in marketing changed a policy and now we can’t
figure out why people in sales no longer have access to a document
– Who has access to this document anyway? End users creating and understanding policies
– Examples: File system permissions, Grey, Perspective, privacy rules
– Home users want to share some files with some other users, but don’t want to share everything
![Page 26: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/26.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 26
Roles for policy professionals
Policy makers Policy implementers
L. Bauer, L. Cranor, R.W. Reeder, M.K. Reiter, and K. Vaniea. Real life challenges in
access-control management. CHI 2009.
http://www.ece.cmu.edu/~lbauer/papers/2009/chi09-management.pdf
![Page 27: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/27.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 27
Policy conflicts Given
– Alice is in GroupA and GroupB– FileQ is in FolderX
What types of conflicts might occur?
Direct conflict– Alice allowed access to FileQ– Alice denied access to FileQ
Group/group conflict– GroupA allowed access to FileQ– GroupB denied access to FileQ
User/group conflict– Alice allowed access to FileQ– GroupA denied access to FileQ
File/directory conflict– Alice allowed access to FileQ– Alice denied access to FolderX
2-way conflict – Alice allowed access to FileQ– GroupA denied access to FolderX
![Page 28: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/28.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 28
How can conflicts be resolved?
Default rule – deny/allow takes precedence Ordered rules – policy author sets order Ordered rules – most recent first/last Specificity – most/least specific takes precedence Weighted rules – policy author assigns weights Exceptions – policy authors defines exceptions
(essentially a partial ordering) Combination
![Page 29: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/29.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 29
Policy Authoring
Slides courtesy of Rob Reeder
R. W. Reeder. Expandable Grids: A user interface visualization technique and a policy semantics to support fast, accurate security and privacy policy authoring. PhD Thesis, Computer science department, Carnegie Mellon University, Pittsburgh, PA, July 2008. Available as tech report number CMU-CS-08-143.
![Page 30: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/30.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 30
Memogate
![Page 31: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/31.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 31
Proliferation of policiesFile systems
Location disclosure applications
Online social networks
Websites
![Page 32: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/32.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 32
Policy authoring
Policy – a set of rules that determine the conditions under which access is allowed to a resource
Policies are created, edited, and viewed – authored
Someone determines policy – the author Policies should fulfill the author’s intentions Policy authoring is done with a user interface
![Page 33: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/33.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 33
List of rules interfaces support policy authoring operations poorly Viewing policy
– Often only one rule at a time is visible– Difficult to understand policy by reading
long list of rules Changing policy
– Difficult to understand effect of changes because you can’t see all relevant parts of a policy together
Viewing group memberships– Usually requires using a separate
interface Detecting and resolving conflicts
– When rules interact, it isn’t clear what the outcome will be
![Page 34: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/34.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 34
Solution: Expandable Grid
Key insight:Center policy-authoring user interfaces around a display of the whole effective policy, not a list of rules
![Page 35: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/35.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 35
Expandable Grid details
35
Jana
![Page 36: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/36.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 36
Direct manipulation interface
To change a policy, just click on a cell and toggle the color
In order to make this work, we had to change the conflict resolution semantics– Widows semantics: Deny takes precedence, but
specificity precedence in resource dimension– Expandable Grid semantics: Recency precedence
![Page 37: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/37.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 37
User study of Expandable Grid for file permissions Laboratory study 2 conditions:
– Expandable Grid– Native Windows file permissions interface
36 participants, 18 per condition, novice policy authors Training:
– 3.5 minutes for Grid– 5.5 minutes for Windows
18 tasks based on a teaching assistant scenario
![Page 38: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/38.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 38
Example task: Jana Set permissions so that Jana can read and write the
Four-part Harmony.doc file in the Theory 101\Handouts folder.
Task setup:– Jana is a TA “this” year (did the study in 2007)
• Is in the group Theory 101 TAs 2007– Jana was a TA last year
• Is in the group Theory 101 TAs 2006– 2007 TAs are allowed READ & WRITE– 2006 TAs are denied READ & WRITE– Since Jana is in both groups, she is denied access
![Page 39: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/39.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 39
Jana task – common error
![Page 40: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/40.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 40
Learning Jana’s effective permissions
2
4
Click “Advanced” Click “Effective Permissions”
Select Jana
View Jana’s Effective Permissions
1
![Page 41: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/41.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 41
Learning Jana’s group membership5
6
8
9
Bring up Computer Management interface
Click on “Users”
Double-click Jana
Read Jana’s group membership
TAs 2006TAs 2007
7
Click “Member Of”
![Page 42: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/42.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 42
Learning Jana’s groups’ permissions
10 11
12
13
Click on TAs 2006
Read permissions for TAs 2006
Click on TAs 2007
Read permissions for TAs 2007
![Page 43: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/43.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 43
Changing Jana’s groups’ permissions
14 15
Click on TAs 2006
Change permissions for TAs 2006
![Page 44: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/44.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 44
Checking work
17
19
16
Click “Advanced”
Click “Effective Permissions”
Select Jana
View Jana’s Effective Permissions
![Page 45: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/45.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 45
XP support for fundamental operations
Viewing policy– Effective policy is 3 screens away (most authors
don’t find them) Changing policy
– Authors operate on rules, not effective policy Viewing group memberships
– In a separate application from file permissions Detecting and resolving conflicts
– Has to be done manually
![Page 46: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/46.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 46
Viewing effective policy
1
![Page 47: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/47.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 47
Viewing group membership
2
![Page 48: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/48.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 48
Changing policy
3
![Page 49: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/49.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 49
Resolving rule conflicts
![Page 50: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/50.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 50
Grid support for fundamental operations
Viewing policy– Effective policy directly shown on screen
Changing policy– Changes take one click
Viewing group memberships– Group memberships are shown in the trees
Detecting and resolving conflicts– Happens automatically
![Page 51: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/51.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 51
Results
Small-size Large-size
Task type Accuracy Time Accuracy Time
View simple
View complex
Change simple
Change complex
Compare groups
Conflict simple
Conflict complex
Memogate simulation
Precedence rule test
111s126s
89%56%
94%17%
89%94%
61%0%
89%83%
67%61%
89%0%
100%94%
89%94%
61%56%
10039%
100100
67%17%
67%83%
72%61%
1006%
94%78%
78%78%
29s64s
35s55s
30s52s
70sInsufficient data
39s103s
55s103s
29s
20s66s
Insufficient data
42s118s
42s61s
39s67s
50s42s
73s104s
52sInsufficient data
105s116s
71s115s
100s
0 50 100 150
1
143s
GridWindows
Jana task
![Page 52: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/52.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 52
Conflict-resolution method Were the effects we observed due to the Expandable
Grid visualization, the recency precedence conflict-resolution method, or both?
We ran another study to find out– Implemented deny-takes-precedence in the Expandable
Grid interface– Ran 18 new participants with the new Grid interface
Results– On the Jana task, recency precedence made a big
difference– On the other tasks, the Grid was generally superior to
Windows no matter the conflict resolution scheme Both the Grid’s presentation aspects AND recency
precedence make a difference
![Page 53: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/53.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 53
Desired properties for conflict resolution method Direct manipulation Exception-rule preservation Order independence Fail safety
![Page 54: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/54.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 54
Problems with Windows and recency semantics
Windows: – No satisfactory way to solve Jana-like rule conflicts
Recency:– Too liberal in overriding existing rules– Does not work well in the presence of dynamic
changes, like adding a user to a group, moving a file
![Page 55: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/55.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 55
Our specificity semantics Conflict resolution procedure
– Resolve rule conflicts by choosing the more specific rule when possible (specificity precedence)
– Otherwise, use deny-precedence Benefits
– If group rules are in conflict, can make a user-level exception
– Exceptions stay in place even when group rules change
– User-level or file-level exceptions stay in place even in the presence of dynamic changes
![Page 56: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/56.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 56
Enhanced Grid
![Page 57: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/57.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 57
Enhanced Grid
![Page 58: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/58.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 58
Semantics study #2 Laboratory study 3 conditions:
– Expandable Grid with specificity semantics– Expandable Grid with Windows semantics– Native Windows file permissions interface
54 participants, 18 per condition, novice policy authors 10 minutes training for all conditions Used large-scale Teaching Assistant scenario from prior
study 12 total tasks with counterbalanced task order
![Page 59: CyLab Usable Privacy and Security Laboratory 1 Authentication, access control, and policy configuration Lorrie Faith Cranor October.](https://reader036.fdocuments.us/reader036/viewer/2022062314/56649d775503460f94a59aef/html5/thumbnails/59.jpg)
CyLab Usable Privacy and Security Laboratory http://cups.cs.cmu.edu/ 59
Results and discussion Conflict resolution semantics can have a big
effect on usability, but no perfect semantics Specificity helps resolve rule conflicts and makes
group rule exceptions easy Specificity semantics is not always better than
Windows semantics The grid/specificity combination overcomes
semantics disadvantages Whatever the semantics, show effective policy!