CT-M: Usable Security for Digital Home Storage

This project explores an architecture, mechanisms, and interfaces for helping users manage access control in the digital home. The home is a challenging, yet critical, target for usable security. It requires abstractions that are intuitive for laypeople, interfaces that allow users to manipulate those abstractions, and access-control and storage infrastructure that can support the abstractions. Without a holistic, usable approach to access-control management, adoption of new technology in the home will be slowed and there will be no effective data security once the transition inevitably occurs. Based on their early experiences with home storage, the PIs seek to adapt and integrate:

1. the semantic query as an abstraction for describing a set of files to which a specific policy applies;
2. the Expandable Grid as a visual interaction technique for creating, editing, and viewing security policies;
3. logic-based access control as a rigorous foundation for specifying and implementing policies.

User studies, surveys, and test deployments are a core component of the project; they are used to discover needs of users in the digital home and users' ability to effectively apply approaches developed. The project has several forms of impact. First, it develops tools and techniques that can significantly simplify the use of access control in the digital home. Second, it increases understanding of user behavior and access-control needs in the emerging home storage environment. Third, it enhances education at CMU and elsewhere, as new insights are embedded into storage systems, distributed systems, and computer security classes taught by the PIs.

Lujo Bauer

Lujo Bauer is an Associate Professor in the Electrical and Computer Engineering Department and in the Institute for Software Research at Carnegie Mellon University. He received his B.S. in Computer Science from Yale University in 1997 and his Ph.D., also in Computer Science, from Princeton University in 2003.

Dr. Bauer's research interests span many areas of computer security and privacy, and include building usable access-control systems with sound theoretical underpinnings, developing languages and systems for run-time enforcement of security policies on programs, and generally narrowing the gap between a formal model and a practical, usable system. His recent work focuses on developing tools and guidance to help users stay safer online and in examining how advances in machine learning can lead to a more secure future.

Dr. Bauer served as the program chair for the flagship computer security conferences of the IEEE (S&P 2015) and the Internet Society (NDSS 2014) and is an associate editor of ACM Transactions on Information and System Security.