Protecting users from "themselves"

William Enck, Sandra Rueda, Joshua Schiffman, Yogesh Sreenivasan, Luke St. Clair, Trent Jaeger, Patrick McDaniel

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations

Abstract

Computer usage and threat models have changed drastically since the advent of access control systems in the 1960s. Instead of multiple users sharing a single file system, each user has many devices with their own storage. Thus, a user's fear has shifted away from other users' impact on the same system to the threat of malice in the software they intentionally or even inadvertently run. As a result, we propose a new vision for access control: one where individual users are isolated by default and where the access of individual user applications is carefully managed. A key question is how much user administration effort would be required if a system implementing this vision were constructed. In this paper, we outline our work on just such a system, called PinUP, which manages file access on a per application basis for each user. We use historical data from our lab's users to explore how much user and system administration effort is required. Since administration is required for user sharing in PinUP, we find that sharing via mail and file repositories requires a modest amount of administrative effort, a system policy change every couple of days and a small number of user administrative operations a day. We are encouraged that practical administration on such a scale is possible given an appropriate and secure user approach.

Original languageEnglish (US)
Title of host publicationCSAW'07 - Proceedings of the 2007 ACM Computer Security Architecture Workshop
Pages29-36
Number of pages8
DOIs
StatePublished - 2007
Event1st ACM Computer Security Architectures Workshop, CSAW'07, held in association with the 14th ACM Computer and Communications Security Conference, CCS'07 - Fairfax, VA, United States
Duration: Nov 2 2007Nov 2 2007

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Other

Other1st ACM Computer Security Architectures Workshop, CSAW'07, held in association with the 14th ACM Computer and Communications Security Conference, CCS'07
Country/TerritoryUnited States
CityFairfax, VA
Period11/2/0711/2/07

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'Protecting users from "themselves"'. Together they form a unique fingerprint.

Cite this