skip to main content
10.1145/1408664.1408676acmotherconferencesArticle/Chapter ViewAbstractPublication PagessoupsConference Proceedingsconference-collections
research-article

Evaluating the usability of usage controls in electronic collaboration

Published: 23 July 2008 Publication History

Abstract

Currently, collaborations often require non-disclosure agreements (NDAs). NDAs can be time-consuming and expensive to negotiate and enforce. Usage controls could be an atractive alternative or adjunct to NDAs. Usage controls enable the distributor of a file to limit how recipients of that file may use it. However, existing usage controls (e.g., PDF's) often are software-based and easy to break. They may not interoperate, and their impact on collaborative workflows is typically unknown. We designed and implemented operating system and Web server and browser modifications that allow hardware-based usage controls to be easily added to existing software-based ones. This paper describes and evaluates our system's user interfaces. In a user study, untrained users role-played design engineers in two similar collaborative scenarios with or without usage controls. Users found the interfaces easy to use, and usage controls had insignificant impact on the completion times and accuracy of the assigned tasks. These results suggest that our usage control approach can add security to collaborative workflows with minimal training and performance penalties.

References

[1]
OpenOffice, http://www.openoffice.org/
[2]
Adobe. "Adobe Portable Document Format version 1.7", Nov. 2006. http://www.adobe.com/devnet/pdf/
[3]
D. Touretzky. "Gallery of Adobe Remedies", http://www.cs.cmu.edu/~dst/Adobe/Gallery/
[4]
D. Kyle and J. Brustoloni. "UCLinux: A Linux Security Module for Trusted-Computing-based Usage Control Enforcement", in Proc. 2nd Workshop on Scalable Trusted Computing, ACM, Nov. 2007, http://www.cs.pitt.edu/~jcb/papers/stc2007.pdf
[5]
Trusted Computing Group. "Trusted Computing Platform Alliance (TCPA): Main Specification version 1.1b", Feb. 2002, http://www.trustedcomputinggroup.org/
[6]
Foolabs. "Xpdf: A PDF Viewer for X", http://www.foolabs.com/xpdf/home.html
[7]
C. Wright, C. Cowan, S. Smalley, J. Morris and G. Kroah-Hartman. "Linux Security Modules: General Security Support for the Linux Kernel", in Proc. 11th USENIX Security Symp., Sept. 2002, http://www.usenix.org/publications/library/proceedings/sec02/full_papers/wright/wright.pdf
[8]
R. Ianella. "Open Digital Rights Language version 1.1", Sept. 2002, http://www.w3.org/TR/odrl/
[9]
J. Cohen. "Statistical Power Analysis for the Behavioral Sciences", Lawrence Erlbaum, Hillsdale, NJ, 1988.
[10]
L. J. Camp, "First Principles of Copyright for DRM Design," in IEEE Internet Computing, May-June 2003, pp. 59--65.
[11]
J. Erickson and D. Mulligan. "The Technical and Legal Dangers of Code-Based Fair Use Enforcement," in Proceedings of the IEEE, 92(6):985--996, June 2004.
[12]
M. Donner. "Whose Data Are These, Anyway?," in IEEE Security & Privacy, May-June 2004, pp. 4--5.
[13]
J. Marchesini, S. Smith, O. Wild, A. Barsamian and J. Stabiner. "Open-Source Applications of TCPA Hardware", in Proc. Annual Computer Security Applications Conf. (ACSAC), 2004, http://www.acsac.org/2004/papers/81.pdf
[14]
R. Sailer, X. Zhang, T. Jaeger and L. van Doorn. "Design and Implementation of a TCG-based Integrity Measurement Architecture", in Proc. 13th USENIX Security Symp., http://www.usenix.org/publications/library/proceedings/sec04/tech/full_papers/sailer/sailer.pdf
[15]
X. Wang. "MPEG-21 Rights Expression Language: Enabling Interoperable Digital Rights Language," in IEEE MultiMedia, Oct.-Dec. 2004, pp. 84--87.
[16]
W. Buhse and J. van der Meer. "The Open Mobile Alliance Digital Rights Management," in IEEE Signal Processing, Jan. 2007, pp. 140--143.
[17]
R. Koenen, J. Lacy, M. Mackay and S. Mitchell. "The Long March to Interoperable Digital Rights Management," in Proceedings of the IEEE, 92(6):883--897, June 2004.
[18]
NSF Center for e-Design, http://www.e-designcenter.info/default.aspx

Cited By

View all
  • (2015)File synchronization and sharing: User practices and challengesProceedings of the American Society for Information Science and Technology10.1002/meet.2014.1450510105951:1(1-10)Online publication date: 24-Apr-2015
  • (2011)Usage control enforcement - a surveyProceedings of the IFIP WG 8.4/8.9 international cross domain conference on Availability, reliability and security for business, enterprise and health information systems10.5555/2033973.2033978(38-49)Online publication date: 22-Aug-2011
  • (2011)Usage Control Enforcement - A SurveyAvailability, Reliability and Security for Business, Enterprise and Health Information Systems10.1007/978-3-642-23300-5_4(38-49)Online publication date: 2011
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
SOUPS '08: Proceedings of the 4th symposium on Usable privacy and security
July 2008
145 pages
ISBN:9781605582764
DOI:10.1145/1408664
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 July 2008

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. digital rights management
  2. electronic collaboration
  3. trusted platform module (TPM)
  4. usage controls

Qualifiers

  • Research-article

Conference

SOUPS '08
SOUPS '08: The fourth Symposium on Usable Privacy and Security
July 23 - 25, 2008
Pennsylvania, Pittsburgh, USA

Acceptance Rates

Overall Acceptance Rate 15 of 49 submissions, 31%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)4
  • Downloads (Last 6 weeks)1
Reflects downloads up to 20 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2015)File synchronization and sharing: User practices and challengesProceedings of the American Society for Information Science and Technology10.1002/meet.2014.1450510105951:1(1-10)Online publication date: 24-Apr-2015
  • (2011)Usage control enforcement - a surveyProceedings of the IFIP WG 8.4/8.9 international cross domain conference on Availability, reliability and security for business, enterprise and health information systems10.5555/2033973.2033978(38-49)Online publication date: 22-Aug-2011
  • (2011)Usage Control Enforcement - A SurveyAvailability, Reliability and Security for Business, Enterprise and Health Information Systems10.1007/978-3-642-23300-5_4(38-49)Online publication date: 2011
  • (2009)Secure web-based retrieval of documents with usage controlsProceedings of the 2009 ACM symposium on Applied Computing10.1145/1529282.1529738(2062-2069)Online publication date: 8-Mar-2009

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media