Maritza Lupe Johnson

The Failure of Online Social Network Privacy Settings

Increasingly, people are sharing sensitive personal information via online social networks (OSN). While such networks do permit users to control what they share with whom, access control policies are notoriously difficult to configure correctly; this raises the question of whether OSN users’ privacy settings match their sharing intentions. We present the results of an empirical evaluation that measures privacy attitudes and intentions and compares these against the privacy settings on Facebook. Our results indicate a serious mismatch: every one of the 65 participants in our study confirmed that at least one of the identified violations was in fact a sharing violation. In other words, OSN users’ privacy settings are incorrect. Furthermore, a majority of users cannot or will not fix such errors. We conclude that the current approach to privacy settings is fundamentally flawed and cannot be fixed; a fundamentally different approach is needed. We present recommendations to ameliorate the current problems, as well as provide suggestions for future research.

Optimizing a policy authoring framework for security and privacy policies

Policies which address security and privacy are pervasive parts of both technical and social systems, and technology to enable both organizations and individuals to create and manage such policies is seen as a critical need in IT. This paper describes policy authoring as a key component to usable privacy and security systems, and advances the notions of policy templates in a policy management environment in which different roles with different skill sets are seen as important. We discuss existing guidelines and provide support for the addition of new guidelines for usable policy authoring for security and privacy systems. We describe the relationship between general policy templates and specific policies, and the skills necessary to author each of these in a way that produces high-quality policies. We also report on an experiment in which technical users with limited policy experience authored policy templates using a prototype template authoring user interface we developed.

Laissez-faire file sharing: access control designed for individuals at the endpoints

When organizations deploy file systems with access control mechanisms that prevent users from reliably sharing files with others, these users will inevitably find alternative means to share. Alas, these alternatives rarely provide the same level of confidentiality, integrity, or auditability provided by the prescribed file systems. Thus, the imposition of restrictive mechanisms and policies by system designers and administrators may actually reduce the systems security. We observe that the failure modes of file systems that enforce centrally-imposed access control policies are similar to the failure modes of centrally planned economies: individuals either learn to circumvent these restrictions as matters of necessity or desert the system entirely, subverting the goals behind the central policy. We formalize requirements for laissez-faire sharing, which parallel the requirements of free market economies, to better address the file sharing needs of information workers. Because individuals are less likely to feel compelled to circumvent systems that meet these laissez-faire requirements, such systems have the potential to increase both productivity and security.

Usable Policy Template Authoring for Iterative Policy Refinement

Dynamic Spectrum Management (DSM) is an effective method for reducing the effect of crosstalk in Digital Subscriber Line (DSL) systems. This paper discusses various DSM algorithms, including Optimal Spectrum Balancing (OSB), Iterative Spectrum Balancing (ISB), Autonomous Spectrum Balancing (ASB), Iterative Water-Filling (IWF), Selective Iterative Water-filling (SIW), Successive Convex Approximation for Low complExity (SCALE), the Difference of Convex functions Algorithm (DCA), and Distributed Spectrum Balancing (DSB). They are compared in terms of performance (achievable data rate) and computational complexity.People must have usable tools in order to author and maintain high-quality policies. In this paper we discuss policy templates as a mechanism for policy authoring. We believe that policy templates can be leveraged to make policy authoring more usable and to provide consistent policy authoring interfaces across a wide variety of policy domains. Templates provide users with a structured format for authoring policies; however, a general approach for creating policy templates has not been described in published research to date. Based on research in policy management, we propose an iterative policy refinement process that consists of three user roles and spans policy authoring, template authoring, and policy element definition. We designed a GUI-based prototype that enables users to create policy templates. In this paper we describe our proposed policy refinement process, the necessary user roles, a template authoring prototype, and the results of an empirical study of template authoring

Source Prefix Filtering in ROFL

Traditional firewalls have the ability to allow or block traffic based on source address as well as destination address and port number. Our original ROFL scheme implements firewalling by layering it on top of routing; however, the original proposal focused just on destination address and port number. Doing route selection based in part on source addresses is a form of policy routing, which has started to receive increased amounts of attention. In this paper, we extend the original ROFL (ROuting as the Firewall Layer) scheme by including source prefix constraints in route announcement. We present algorithms for route propagation and packet forwarding, and demonstrate the correctness of these algorithms using rigorous proofs. The new scheme not only accomplishes the complete set of filtering functionality provided by traditional firewalls, but also introduces a new direction for policy routing.

Simple-VPN: Simple IPsec Configuration

The IPsec protocol promised easy, ubiquitous encryption. That has never happened. For the most part, IPsec usage is confined to VPNs for road warriors, largely due to needless configuration complexity and incompatible implementations. We have designed a simple VPN configuration language that hides the unwanted complexities. Virtually no options are necessary or possible. The administrator specifies the absolute minimum of information: the authorized hosts, their operating systems, and a little about the network topology; everything else, including certificate generation, is automatic. Our implementation includes a multitarget compiler, which generates implementation-specific configuration files for three different platforms; others are easy to add.

Computer security research with human subjects: risks, benefits and informed consent

Computer security research frequently entails studying real computer systems and their users; studying deployed systems is critical to understanding real world problems, so is having would-be users test a proposed solution. In this paper we focus on three key concepts in regard to ethics: risks, benefits, and informed consent. Many researchers are required by law to obtain the approval of an ethics committee for research with human subjects, a process which includes addressing the three concepts focused on in this paper. Computer security researchers who conduct human subjects research should be concerned with these aspects of their methodology regardless of whether they are required to by law, it is our ethical responsibility as professionals in this field. We augment previous discourse on the ethics of computer security research by sparking the discussion of how the nature of security research may complicate determining how to treat human subjects ethically. We conclude by suggesting ways the community can move forward.

RUST: a retargetable usability testbed for website authentication technologies

Website authentication technologies attempt to make the identity of a website clear to the user, by supplying information about the identity of the website. In practice however, usability issues can prevent users from correctly identifying the websites they are interacting with. To help identify usability issues we present RUST, a Retargetable USability Testbed for website authentication technologies. RUST is a testbed that consists of a test harness, which provides the ability to easily configure the environment for running usability study sessions, and a usability study design that evaluates usability based on spoofability, learnability, and acceptability. We present data collected by RUST and discuss preliminary results for two authentication technologies, Microsoft CardSpace and Verisign Secure Letterhead. Based on the data collected, we conclude that the testbed is useful for gathering data on a variety of technologies.

Security Assurance for Web Device APIs

There are currently proposals for web access to devices. The security threats are obvious. We propose design principles intended to ensure that the user actually controls access, despite potential errors in judgment, tricky web pages, or flaws in browsers.