Mobile devices and the services they support are increasingly becoming central in both personal and business life, enabling a variety of pervasive computing applications. Because the vast majority of these devices are unmanaged, lay users are responsible for handling the security and privacy implications they bring. This projects aims to design, implement and evaluate usable interfaces and underlying technologies with which end-users can (a) seamlessly specify and manage their security and privacy policies and (b) understand the effects of policies enforced by systems and individuals with which they interact. Managing security and privacy policies is well known to be a difficult problem as users often do not know their own policies or are unable to express them. In mobile and pervasive computing settings, this situation is often exacerbated by the limitations of access devices and the numerous tasks users tend to concurrently engage in. This project weaves together issues of security, privacy and usability to systematically evaluate key tradeoffs between expressiveness, tolerance for errors, burden on users and overall user acceptance, and develop novel mechanisms and technologies that help mitigate these tradeoffs maximizing accuracy and trustworthiness while minimizing the time and effort required by end users. This research combines three strands: (1) Developing novel user interfaces and supporting technologies to enhance usability, (2) Weaving learning, dialog, and explanation technologies to minimize end-user burden, and (3) Short- and long-term field studies aimed at evaluating combinations of the above techniques in practical pervasive computing settings.
CT-T User-Controllable Security and Privacy for Pervasive Computing