TY - GEN
T1 - Protecting users from "themselves"
AU - Enck, William
AU - Rueda, Sandra
AU - Schiffman, Joshua
AU - Sreenivasan, Yogesh
AU - St. Clair, Luke
AU - Jaeger, Trent
AU - McDaniel, Patrick
PY - 2007
Y1 - 2007
N2 - Computer usage and threat models have changed drastically since the advent of access control systems in the 1960s. Instead of multiple users sharing a single file system, each user has many devices with their own storage. Thus, a user's fear has shifted away from other users' impact on the same system to the threat of malice in the software they intentionally or even inadvertently run. As a result, we propose a new vision for access control: one where individual users are isolated by default and where the access of individual user applications is carefully managed. A key question is how much user administration effort would be required if a system implementing this vision were constructed. In this paper, we outline our work on just such a system, called PinUP, which manages file access on a per application basis for each user. We use historical data from our lab's users to explore how much user and system administration effort is required. Since administration is required for user sharing in PinUP, we find that sharing via mail and file repositories requires a modest amount of administrative effort, a system policy change every couple of days and a small number of user administrative operations a day. We are encouraged that practical administration on such a scale is possible given an appropriate and secure user approach.
AB - Computer usage and threat models have changed drastically since the advent of access control systems in the 1960s. Instead of multiple users sharing a single file system, each user has many devices with their own storage. Thus, a user's fear has shifted away from other users' impact on the same system to the threat of malice in the software they intentionally or even inadvertently run. As a result, we propose a new vision for access control: one where individual users are isolated by default and where the access of individual user applications is carefully managed. A key question is how much user administration effort would be required if a system implementing this vision were constructed. In this paper, we outline our work on just such a system, called PinUP, which manages file access on a per application basis for each user. We use historical data from our lab's users to explore how much user and system administration effort is required. Since administration is required for user sharing in PinUP, we find that sharing via mail and file repositories requires a modest amount of administrative effort, a system policy change every couple of days and a small number of user administrative operations a day. We are encouraged that practical administration on such a scale is possible given an appropriate and secure user approach.
UR - http://www.scopus.com/inward/record.url?scp=79959563970&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=79959563970&partnerID=8YFLogxK
U2 - 10.1145/1314466.1314472
DO - 10.1145/1314466.1314472
M3 - Conference contribution
AN - SCOPUS:79959563970
SN - 9781595938909
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 29
EP - 36
BT - CSAW'07 - Proceedings of the 2007 ACM Computer Security Architecture Workshop
PB - Association for Computing Machinery
T2 - 1st ACM Computer Security Architectures Workshop, CSAW'07, held in association with the 14th ACM Computer and Communications Security Conference, CCS'07
Y2 - 2 November 2007 through 2 November 2007
ER -