Today, we are faced with three apparently conflicting problems: users are afraid to collaborate unless they have fine-grained control over how their data are accessed by others; many shared environments, especially the new ones, do not offer such controls because of the difficulty of implementing them; those that do offer such controls provide access mechanisms that are difficult to understand and use and result in users being assigned wrong access rights. In this project the PI will investigate the idea of using special-purpose collaborative environments to distribute access, with the goal of developing a general model of access distribution that captures in-use and promising mixed-initiative schemes that have so far been defined only in an application-dependent fashion. The model will be defined using several new kinds of application-independent objects such as access requests and grants that capture the information exchanged in a mixed-initiative system. It will be compatible with existing authorization models including object-based models, in which copies of objects are granted, and rights-based models such as role-based access control, in which (potentially revocable) rights to the object granted. In the PI's approach, the initiative in distributing access rights to shared objects can be taken by information guardians, information consumers, and tools that act as agents of the guardians and the consumers. Information consumers are responsible for sending access requests to information guardians; their agents will (partially or completely) automate this task for them. Information guardians are responsible for authorizing access; their agents will automate this task for them. The PI will identify a general architecture for implementing his model, in which the access-awareness in existing collaboration and communication tools is kept low. In addition, the PI will develop programming abstractions that make it easy to implement the model using the architecture. He will use the abstractions to add mixed-initiative access control in several target systems, which will include both complex widely-used traditional file systems and distributed web services; this experience will help the PI evaluate the programmability of the abstractions. Finally, he will perform field and lab studies to compare alternative approaches to distribute access supported by the general model.
Broader Impacts: If successful, this work will open up a new research area focusing on collaborative mixed-initiative access control, and show that collaborative systems are not only a liability for access control but also an asset. Project outcomes will lead to significant improvement in the usability and programmability of fine-grained authorization mechanisms, thereby facilitating a large number of collaborations that would otherwise not take place. They will also afford a better understanding of the similarities and differences between different access distribution schemes and the consequences of using them. In the short term, the project will develop research and teaching software consisting of two main components: layers on top of widely-used file systems that provide several new access distribution schemes, which can be evaluated by usability researchers and demonstrated in classes on security; and programming abstractions allowing the incorporation of these schemes in new shared environments implemented using web services, which can be used in both class and research projects.