The growth of the Internet means everyone from system administrators to casual users are regularly confronted with making decisions on how to share data. Research suggests that even experts struggle to make these decisions accurately using current access-control mechanisms. As users start to share information across social and professional applications, usable access-control mechanisms that help prevent such semantic errors are all the more urgent. This project develops an interactive authoring paradigm that helps users identify and clarify policy inconsistencies before they turn into semantic errors. The envisioned tools examine policies and their consequences during authoring, alert users to potential inconsistencies (such as isolated documents shared more globally than most others), and ask questions in order to eliminate ambiguities.
The challenge in building such proactive authoring tools lies in knowing what inconsistencies and issues to track without overwhelming a user with too much interaction. The proposal therefore combines user studies with tool building and evaluation. The intellectual merit of this project lies in its marriage of research on user behavior and logical tools to produce a new paradigm of policy authoring. Broader impacts come from building tools for mainstream end-users, guided by ethnographic studies of social-network users. For further information see the project web site at the URL: www.margrave-tool.org/
The intellectual merit results from this project have taken several forms. First, we have rigorously analyzed and found wanting the access control mechanisms of a widely-used system (Facebook). We have proposed new mechanisms and found them to be qualitatively better to a statistically-significant level. Second, we have examined the need for protecting users not only at the level of the interface but also from attacks enabled by the underlying mechanisms: concretely, we have verified (and found bugs with) the actual sandboxing software used on the Web. These sandboxes are critical for ensuring that the user interface functions correctly. In addition, we have begun to tackle problems with browser extensions and with using social access control mechanisms to tame the proliferation of third-party mechanisms on Web sites. In terms of broader impact, we find that mechanisms that we have criticized have been deprecated, and those similar to ones we have proposed and studied are now widely used on the Web (e.g., GooglePlus's Circles, and similar mechanisms in Facebook). While we cannot claim direct credit for these changes, we do believe this reflects a general societal agreement in the point of our research, and our concrete findings may fuel further developments in this regard. Our work has also been invited to fora specifically catering to the interface between user interfaces and computing administration, reflecting the original proposal's attempt to straddle the worlds of logic and user interfaces.
