PDL Abstract

Access Control for Home Data Sharing: Attitudes, Needs and Practices

CHI 2010, April 10 – 15, 2010, Atlanta, Georgia. Supercedes Carnegie Mellon University Parallel Data Lab Technical Report CMU-PDL-09-110, October 2009.

Michelle L. Mazurek, J.P. Arsenault, Joanna Bresee, Nitin Gupta, Iulia Ion1, Christina Johns, Daniel Lee, Yuan Liang, Jenny Olsen, Brandon Salmon, Richard Shay, Kami Vaniea, Lujo Bauer, Lorrie Faith Cranor, Gregory R. Ganger, Michael K. Reiter2

Dept. Electrical and Computer Engineering
Carnegie Mellon University
Pittsburgh, PA 15213

1 ETH Zurich
2 University of North Carolina

As digital content becomes more prevalent in the home, non-technical users are increasingly interested in sharing that content with others and accessing it from multiple devices. Not much is known about how these users think about controlling access to this data. To better understand this, we conducted semi-structured, in-situ interviews with 33 users in 15 households. We found that users create ad-hoc access-control mechanisms that do not always work; that their ideal polices are complex and multi-dimensional; that a priori policy specification is often insufficient; and that people’s mental models of access control and security are often misaligned with current systems. We detail these findings and present a set of associated guidelines for designing usable access-control systems for the home environment.

KEYWORDS: access control, home computing, human factors, security

FULL TR: pdf