User Centric Policy Management

Cheek, Gorrell

User Centric Policy Management

Search for this publication on Google Scholar

Cheek, G. (2013). User Centric Policy Management. Unc Charlotte Electronic Theses And Dissertations.

Download PDF

Analytics

64 views ◎
39 downloads ⇓

Abstract

Internet use, in general, and online social networking sites, in particular, are experiencing tremendous growth with hundreds of millions of active users. As a result, there is a tremendous amount of privacy information and content online. Protecting this information is a challenge. Access control policy composition is complex, laborious and tedious for the average user. Usable access control frameworks have lagged. Acceptance / use of available frameworks is low. As a result, policies are only partially configured and maintained. Or, they may be all together ignored. This leads to privacy information and content not being properly protected and potentially unknowingly made available to unintended recipients.We overcome these limitations by introducing User Centric Policy Management - a new paradigm of semi-automated tools that aid users in building, recommending and maintaining their online access control policies. We introduce six user centric policy management assistance tools: Policy Manager is a supervised learning based mechanism that leverages user provided example policy settings to build classifiers that are the basis for auto-generated policies. Assisted Friend Grouping leverages proven clustering techniques to assist users in grouping their friends for policy management purposes. Same-As Subject Management leverages a user's memory and opinion of their friends to set policies for other similar friends. Example Friend Selection provides different techniques for aiding users in selecting friends used in the development of access control policies. Same-As Object Management leverages a user's memory and perception of their objects for setting policies for other similar objects. iLayer is a least privilege based access control model for web and social networking sites that builds, recommends and enforces access control policies for third party developed applications.To demonstrate the effectiveness of these policy management assistance tools, we implemented a suite of prototype applications, conducted numerous experiments and completed a number of extensive user studies. The results show that User Centric Policy Management is a more usable access control framework that is effective, efficient and satisfying to the user, which ultimately improves online security and privacy.

Details

Author: Cheek, Gorrell
Title: User Centric Policy Management
Physical Description: 1 online resource (148 pages) : PDF
Date: 2013
Degree Granting Institution: University of North Carolina at Charlotte
Abstract: Internet use, in general, and online social networking sites, in particular, are experiencing tremendous growth with hundreds of millions of active users. As a result, there is a tremendous amount of privacy information and content online. Protecting this information is a challenge. Access control policy composition is complex, laborious and tedious for the average user. Usable access control frameworks have lagged. Acceptance / use of available frameworks is low. As a result, policies are only partially configured and maintained. Or, they may be all together ignored. This leads to privacy information and content not being properly protected and potentially unknowingly made available to unintended recipients.We overcome these limitations by introducing User Centric Policy Management - a new paradigm of semi-automated tools that aid users in building, recommending and maintaining their online access control policies. We introduce six user centric policy management assistance tools: Policy Manager is a supervised learning based mechanism that leverages user provided example policy settings to build classifiers that are the basis for auto-generated policies. Assisted Friend Grouping leverages proven clustering techniques to assist users in grouping their friends for policy management purposes. Same-As Subject Management leverages a user's memory and opinion of their friends to set policies for other similar friends. Example Friend Selection provides different techniques for aiding users in selecting friends used in the development of access control policies. Same-As Object Management leverages a user's memory and perception of their objects for setting policies for other similar objects. iLayer is a least privilege based access control model for web and social networking sites that builds, recommends and enforces access control policies for third party developed applications.To demonstrate the effectiveness of these policy management assistance tools, we implemented a suite of prototype applications, conducted numerous experiments and completed a number of extensive user studies. The results show that User Centric Policy Management is a more usable access control framework that is effective, efficient and satisfying to the user, which ultimately improves online security and privacy.
Genre: doctoral dissertations
Subjects--Topics: Information technology
Degree: Ph.D.
Subject Area: Information Technology
Advisor(s): Shehab, Mohamed
Committee Members: Chu, Bill
Saydam, Cem
Wang, Weichao
Depken, Craig
Degree Note: Thesis (Ph.D.)--University of North Carolina at Charlotte, 2013.
Rights Statement: This Item is protected by copyright and/or related rights. You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s). For additional information, see http://rightsstatements.org/page/InC/1.0/.
Rights Holder Information: Copyright is held by the author unless otherwise indicated.
Identifier: Cheek_uncc_0694D_10416
Permalink: http://hdl.handle.net/20.500.13093/etd:863

J. Murrey Atkins Library

J. Murrey Atkins Library