Lujo Bauer is a Research Scientist at CyLab and Electrical and Computer Engineering department. His research interests include building usable access-control systems with sound theoretical underpinnings, and generally in narrowing the gap between a formal model and a usable system. Topics that Lujo is currently actively studying include distributed access control, proof-carrying authorization, program monitors, security automata, and languages for specifying security policies.
posted by Richard Power
CyLab Chronicles: Our CyLab Chronicles Q&A with you last year focused on your work with Grey, what would you like to explore in this issue?
BAUER: One of my research thrusts, which I view as highly related to Grey, has to do with providing users with the tools and information that they need to make good access control decisions. To put it another way, it isn't enough to build systems that are able to enforce a particular range of security policies. In addition, we need to make progress in several related areas.
CyLab Chronicles: Well, let’s talk about these areas and the progress needed. What are they? What has to be done?
BAUER: First, we need to develop powerful but intuitive interfaces by which users will interact with these systems. This interaction includes both getting a system to do a user's bidding and giving the user enough insight into what the system is doing (e.g., what are the implications of the various security policies that the system is implementing) for the user to make informed decisions about what she wants the system to do. Current interfaces, e.g., for setting file access control policies, are generally woefully inadequate in both respects.
Second, since the task of configuring systems -- including specifying security policies to be enforced in or by a system -- can be time-consuming, difficult, and error-prone regardless of how good the interfaces are, we need to develop and build into systems themselves mechanisms that will make it easier for users to configure the systems in the right way. Think of it as a computer system figuring out on its own -- e.g., relying on the history of interactions with users – how it ought to be configured and suggesting a potential configuration to a user.
We've made some progress in both these directions.
CyLab Chronicles: Well, in regard to the first of these issues, tell us some more about what you kind of interface is needed?
BAUER: “Expandable Grids for Visualizing and Authoring Computer Security Policies,” I co-authored with Carnegie Mellon University colleagues Rob Reeder and Lorrie Cranor, as well as Mike Reiter, now with University of North Carolina at Chapel Hill, and others, was delivered at Conference on Human Factors in Computing Systems (CHI 2008), the top conference for usability research. In it, we introduced the Expandable Grid, a novel interaction technique for creating, editing, and viewing many types of security policies. Security policies, such as file permissions policies, have traditionally been displayed and edited in user interfaces based on a list of rules, each of which can only be viewed or edited in isolation. These list-of-rules interfaces cause problems for users when multiple rules interact, because the interfaces have no means of conveying the interactions amongst rules to users. Instead, users are left to figure out these rule interactions themselves. An Expandable Grid is an interactive matrix visualization designed to address the problems that list-of-rules interfaces have in conveying policies to users. The paper described the Expandable Grid concept, showed a system using an Expandable Grid for setting file permissions in the Microsoft Windows XP operating system, and provided results of a user study involving 36 participants in which the Expandable Grid approach vastly out performed the native Windows XP file-permissions interface on a broad range of policy-authoring tasks.
CyLab Chronicles: In regard to the second issue you mentioned, what can you tell us about the work you are doing on the configuring of systems, etc.?
BAUER: Along with my colleagues, Scott Garriss, also from Carnegie Mellon University, and Mike Reiter, I co-authored a paper on “Detecting and Resolving Policy Misconfigurations in Access-Control Systems,” which Scott delivered at the 13th ACM Symposium on Access Control Models in June 2008 (SACMAT ’08).
Our paper explored how to avoid the kind of access-control policy misconfigurations that can cause requests to be erroneously denied. This misconfigurations result in wasted time, user frustration and, in the context of particular applications (e.g., health care), very severe consequences. In our research, we applied association rule mining to the history of accesses to predict changes to access-control policies that are likely to be consistent with users’ intentions, so that these changes could be instituted in advance of misconfigurations interfering with legitimate accesses. Instituting these changes requires consent of the appropriate administrator, of course, and so a primary contribution of our work is to automatically determine from whom to seek consent and to minimize the costs of doing so. Using data from a deployed access-control system, we demonstrated that our methods can reduce the number of accesses that would have incurred costly time-of-access delays by 44%, and can correctly predict 58% of the intended policy. These gains are achieved without increasing the total amount of time users spend interacting with the system.
CyLab Chronicles: What do you see as the future of these two research projects? What do you project as their commercial application?
BAUER: In each case, what we've looked at so far is only the tip of the iceberg and defines the direction for further research. Each project tackles problems of wide practical relevance that seem to resonate with CyLab's industry partners; the results so far show that there is hope that we'll be able to continue making progress towards better, more user-friendly solutions. If we continue to be successful, then I hope our results will eventually be integrated into or will inspire innovations in commercial products.
Related Post: CyLab Chronicles Q&A with Lujo Bauer (2008)
See all CyLab Chronicles articles