ABSTRACT
Controlling the privacy of online content is difficult and often confusing. We present a social access control where users devise simple questions testing shared knowledge instead of constructing authenticated accounts and explicit access control rules. We implemented a prototype and conducted studies to explore the context of photo sharing security, gauge the difficulty of creating shared knowledge questions, measure their resilience to adversarial attack, and evaluate user ability to understand and predict this resilience.
- Cao, X. and Iverson, L. (2006). Intentional Access Management: Making Access Control Usable for End-Users. Proceedings of the Symposium on Usable Privacy and Security, (SOUPS 2006) 20--31. Google ScholarDigital Library
- Lederer, S., Jason Hong., Dey, A.K., and Landay, J. (2004). Personal Privacy through Understanding and Action: Five Pitfalls for Designers. Personal and Ubiquitous Computing. 8(6), 440--454. Google ScholarCross Ref
- Pering, T., Sundar, M., Light, J. and Want, R. (2003). Photographic Authentication through Untrusted Terminals. IEEE Pervasive Computing, 2(1), 30--36. Google ScholarDigital Library
- Tajfel H, Billig M G, Bundy R P & Flament C. (1971). Social Categorization and Intergroup Behaviour. European Journal of Social Psychology 1(2), 149--177.sGoogle ScholarCross Ref
- Zviran, M., Haga, W.J. (1990). User Authentication by Cognitive Passwords: An Empirical Assessment. Jerusalem Conference on Information Technology, 137--144. Google ScholarDigital Library
Index Terms
Access control by testing for shared knowledge
Recommendations
Towards Attribute-Centric Access Control: an ABAC versus RBAC argument
Recent developments in attribute-based access control have fueled the conventional debate regarding the pros and cons of Attributes-based access control ABAC versus Role-based access control RBAC. However, existing arguments have been primarily focused ...
Constraints-based access control
Das'01: Proceedings of the fifteenth annual working conference on Database and application securityThe most important aspect of security in a database after establishing the authenticity of the user is its access control mechanism. The ability of this access control mechanism to express the security policy can make or break the system.This paper ...
Towards more pro-active access control in computer systems and networks
Access control is a core security technology which has been widely used in computer systems and networks to protect sensitive information and critical resources and to counter malicious attacks. Although many access control models have been developed in ...
Comments