Without their realizing it, end-users have been turned into authors of access-control policies. Everywhere from Google to Facebook to Microsoft HealthVault and beyond, these policies are usually hidden behind simple user interfaces, but ultimately the users are responsible for setting and then taking responsibility for the consequences of these policies. Indeed, the apparent simplicity of the interfaces sometimes belie the significance of the outcomes.

Because applications are a black-box to end-users, it becomes difficult for users to predict the consequences of an action. Users see only their view of the world, but their access-control decisions affect the views of others. End-users need tools to determine the effect of their decisions, with special emphasis on the effect of policy changes. This project is developing user-friendly means to browse and investigate the details of these effects and changes. The underlying techniques are firmly grounded in theory, resulting in formal accuracy guarantees rather than approximate answers. The tools themselves summarize information in ways that account for the cognitive expectations and biases of users.

The broader impact of this project comes from the focus on end-users rather than programmers and other technical users. Some end-users are too eager to embrace new technologies without fully appreciating their consequences, while others are too tentative due to their concern about (sometimes imaginary) problems they might create. The tools from this project help the former become more cautious, and the latter more confident. The net result should be a more savvy, yet vastly more inclusive, Cyber society.

Project Report

Our proposal focused on creating software tools to help end-usersauthor and maintain access-control policies, particularly in socialapplications such as social networks. Our proposed work emphasizedtools with two main features: (1) accounting for users' cognitivemodels of policies and (2) helping users explore and understand howtheir policies would behave in the context of the programs that usethose policies. Over the three years of this grant, we have explored several problemsand directions related to these goals, many of which are reflected inour policy analysis tool Margrave. The following is a summary of ouroutcomes. - We extended the capabilities of Margrave to express and reason about rich access policies such as those found in social networks. - We extended the capabilities of Margrave to include reasoning about firewalls. - We developed static analyses to find weaknesses in and harden Web-based social applications. - We gathered and analyzed data about how end-users view privacyissues in social networks. - We developed a user-centered model of policy authoring and used it to build prototype authoring tools. - We conducted two user-studies concerning security in social networking situations. - We improved the query language that allows users to explore the behavior of their policies - We developed better theoretical foundations for policy analysis based on model-finding, prompted by the discovery of certain shortcomings to using first-order logic and existing SAT solvers for policy analysis. - We developed a robust semantic account of policy combination and decision-conflict resolution. - We explored the Maude specification language as a tool for reasoning about interactions between programs and policies. - We developed a new strategy for exploring the space of scenarios that illustrate behavior of policies, and implemented this strategy in a scenario-finding tool.

Agency
National Science Foundation (NSF)
Institute
Division of Computer and Network Systems (CNS)
Type
Standard Grant (Standard)
Application #
0830929
Program Officer
Samuel M. Weber
Project Start
Project End
Budget Start
2008-09-01
Budget End
2012-08-31
Support Year
Fiscal Year
2008
Total Cost
$206,250
Indirect Cost
Name
Worcester Polytechnic Institute
Department
Type
DUNS #
City
Worcester
State
MA
Country
United States
Zip Code
01609