Cross Cutting Thrusts: Usable Privacy and Security
Scope: As both corporate and consumer-oriented applications continue to introduce new functionality, supporting an ever wider range of usage scenarios and higher levels of customization and delegation, they also inevitably give rise to more complex security and privacy policies. Yet, studies have repeatedly shown that both lay and expert users are not good at configuring policies rendering the human element an important—but often overlooked—potential source of vulnerability. Research over the past few years conducted by the PIs and a few others have shown that the application of user-centered design principles coupled with new techniques such as dialogue, explanation, visualization, and conflict detection and resolution techniques can lead to the development of substantially more efficient and effective policy authoring and auditing tools. The PIs propose to build on their prior work in this area and develop a new family of user-controllable policy learning techniques capable of working hand in hand with users (both lay and expert users, including system administrators) and help them more rapidly and more accurately converge towards their intended policies.
Outcomes: This project is generating user-oriented machine learning techniques that leverage user feedback to support dialogues aimed at helping users more effectively refine security and privacy policies.