Exploring Reactive Access ControlCHI 2011, May 7–12, 2011, Vancouver, BC, Canada.
Michelle L. Mazurek*, Peter F. Klemperer*, Richard Shay*, Hassan Takabi†, Lujo Bauer*,
Lorrie Faith Cranor*
*Electrical and Computer Engineering
Carnegie Mellon University
Pittsburgh, PA 15213
†University of Pittsburgh
As users store and share more digital content at home, access control becomes increasingly important. One promising approach for helping non-expert users create accurate access policies is reactive policy creation, in which users can update their policy dynamically in response to access requests that would not otherwise succeed. An earlier study suggested reactive policy creation might be a good fit for file access control at home. To test this, we conducted an experience-sampling study in which participants used a simulated reactive access-control system for a week. Our results bolster the case for reactive policy creation as one mode by which home users specify access-control policy. We found both quantitative and qualitative evidence of dynamic, situational policies that are hard to implement using traditional models but that reactive policy creation can facilitate. While we found some clear disadvantages to the reactive model, they do not seem insurmountable.
KEYWORDS: Access control, Home computing, Human factors, Privacy
FULL TR: pdf