Carolyn Brodie

Privacy-aware role-based access control

In this article, we introduce a comprehensive framework supporting a privacy-aware access control mechanism, that is, a mechanism tailored to enforce access control to data containing personally identifiable information and, as such, privacy sensitive. The key component of the framework is a family of models (P-RBAC) that extend the well-known RBAC model in order to provide full support for expressing highly complex privacy-related policies, taking into account features like purposes and obligations. We formally define the notion of privacy-aware permissions and the notion of conflicting permission assignments in P-RBAC, together with efficient conflict-checking algorithms. The framework also includes a flexible authoring tool, based on the use of the SPARCLE system, supporting the high-level specification of P-RBAC permissions. SPARCLE supports the use of natural language for authoring policies and is able to automatically generate P-RBAC permissions from these natural language specifications. In the article, we also report performance evaluation results and contrast our approach with other relevant access control and privacy policy frameworks such as P3P, EPAL, and XACML.

Usable security and privacy: a case study of developing privacy management tools

Privacy is a concept which received relatively little attention during the rapid growth and spread of information technology through the 1980s and 1990s. Design to make information easily accessible, without particular attention to issues such as whether an individual had a desire or right to control access to and use of particular information was seen as the more pressing goal. We believe that there will be an increasing awareness of a fundamental need to address privacy concerns in information technology, and that doing so will require an understanding of policies that govern information use as well as the development of technologies that can implement such policies. The research reported here describes our efforts to design a privacy management workbench which facilitates privacy policy authoring, implementation, and compliance monitoring. This case study highlights the work of identifying organizational privacy requirements, analyzing existing technology, on-going research to identify approaches that address these requirements, and iteratively designing and validating a prototype with target users for flexible privacy technologies.

User Attitudes Regarding a User-Adaptive eCommerce Web Site

Despite an abundance of recommendations by researchers and more recently by commercial enterprises for adaptive interaction techniques and technologies, there exists little experimental validation of the value of such approaches to users. We have conducted user studies focussed on the perceived value of a variety of personalization features for an eCommerce Web site for computing machinery sales and support. Our study results have implications for the design of user-adaptive applications. Interesting findings include unenthusiastic user attitudes toward system attempts to infer user needs, goals, or interests and to thereby provide user-specific adaptive content. Users also expressed equivocal opinions of collaborative filtering for the specific eCommerce scenarios we studied; thus personalization features popular in one eCommerce environment may not be effective or useful for other eCommerce domains. Users expressed their strong desire to have full and explicit control of data and interaction. Lastly, users want readily to be able to make sense of site behavior, that is, to understand a site’s rationale for displaying particular content.

Privacy in information technology: designing to enable privacy policy management in organizations

As information technology continues to spread, we believe that there will be an increasing awareness of a fundamental need to address privacy concerns, and that doing so will require an understanding of policies that govern information use accompanied by development of technologies that can implement such policies. The research reported here describes our efforts to design a system which facilitates privacy policy authoring, implementation, and compliance monitoring. We employed a variety of user-centered design methods with 109 target users across the four steps of the research reported here. This case study highlights the work of identifying organizational privacy requirements, iteratively designing and validating a prototype with target users, and conducting laboratory tests to guide specific design decisions to meet the needs of providing flexible privacy enabling technologies. Each of the four steps in our work is identified and described, and directions for future work in privacy are suggested.

Personalizing the user experience on ibm.com

In this paper, we describe the results of an effort to first understand the value of personalizing a Web site, as perceived by the visitors to the site as well as by the stakeholder organization that owns it, and then to develop a strategy for introducing personalization to the ibm.com Web site. We started our investigation by conducting literature reviews, holding brainstorming sessions with colleagues around the world, and performing heuristic usability evaluations of several relevant Web sites. We adopted a User-Centered Design approach and conducted a number of usability studies applied to the subset of the ibm.com Web site that business customers use for all aspects of purchase, service, and support of computer equipment. These studies employed a number of low- and medium- fidelity prototypes that we developed for this purpose. Our proposal for personalizing ibm.com consists of a set of 12 personalization features, selected for the value they offer to customers and to the business.

Evaluating interfaces for privacy policy rule authoring

Privacy policy rules are often written in organizations by a team of people in different roles. Currently, people in these roles have no technological tools to guide the creation of clear and implementable high-quality privacy policy rules. High-quality privacy rules can be the basis for verifiable automated privacy access decisions. An empirical study was conducted with 36 users who were novices in privacy policy authoring to evaluate the quality of rules created and user satisfaction with two experimental privacy authoring tools and a control condition. Results show that users presented with scenarios were able to author significantly higher quality rules using either the natural language with a privacy rule guide tool or a structured list tool as compared to an unguided natural language control condition. The significant differences in quality were found in both user self-ratings of rule quality and objective quality scores. Users ranked the two experimental tools significantly higher than the control condition. Implications of the research and future research directions are discussed.

Usability challenges in security and privacy policy-authoring interfaces

Policies, sets of rules that govern permission to access resources, have long been used in computer security and online privacy management; however, the usability of authoring methods has received limited treatment from usability experts. With the rise in networked applications, distributed data storage, and pervasive computing, authoring comprehensive and accurate policies is increasingly important, and is increasingly performed by relatively novice and occasional users. Thus, the need for highly usable policy-authoring interfaces across a variety of policy domains is growing. This paper presents a definition of the security and privacy policy-authoring task in general and presents the results of a user study intended to discover some usability challenges that policy authoring presents. The user study employed SPARCLE, an enterprise privacy policy-authoring application. The usability challenges found include supporting object grouping, enforcing consistent terminology, making default policy rules clear, communicating and enforcing rule structure, and preventing rule conflicts. Implications for the design of SPARCLE and of user interfaces in other policy-authoring domains are discussed.

Usable privacy and security for personal information management

The goal is a policy workbench enabling users to create and transform natural language policies into machine-readable code for enforcement and compliance audits.

Analysis of privacy and security policies

The distributed nature of the environment in which privacy and security policies operate requires tools that help enforce consistency of policy rules across different domains. Furthermore, because changes to policy rules are required as policies evolve over time, such tools can be used by policy administrators to ensure the consistency of policy changes. In this paper, we describe a number of different policy analysis tools and techniques that we have developed over the years and present them in a unified framework in which both privacy and security policies are discussed. We cover dominance analyses of general policies, conflicts among authorizations and prohibitions, and other analyses of obligations, as well as policy similarity analysis and policy distribution.

Designing natural language and structured entry methods for privacy policy authoring

As information technology continues to spread, we believe that there will be an increasing awareness of a fundamental need to seriously consider privacy concerns, and that doing so will require an understanding of policies that govern information use accompanied by development of technologies that can implement such policies. The research reported here describes our efforts to design a system which facilitates effective privacy policy authoring, implementation, and compliance monitoring. We employed a variety of user-centered design methods with 109 target users across the four steps of the research reported here. This case study highlights our work to iteratively design and validate a prototype with target users, and presents a laboratory evaluation aimed at providing early support for specific design decisions to meet the needs of providing flexible privacy enabling technologies. This paper highlights our work to include natural language and structured entry methods for policy authoring.