chameleon towards usable rbac l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Chameleon: Towards Usable RBAC PowerPoint Presentation
Download Presentation
Chameleon: Towards Usable RBAC

Loading in 2 Seconds...

play fullscreen
1 / 24

Chameleon: Towards Usable RBAC - PowerPoint PPT Presentation


  • 400 Views
  • Uploaded on

Chameleon: Towards Usable RBAC A. Chris Long Courtney Moskowitz, Greg Ganger ECE Department Carnegie Mellon University Problem: Malware Malware: viruses, trojan horses, worms, etc. Current approaches are inadequate Few address typical home user

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Chameleon: Towards Usable RBAC' - oshin


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
chameleon towards usable rbac

Chameleon: Towards Usable RBAC

A. Chris Long

Courtney Moskowitz, Greg Ganger

ECE Department

Carnegie Mellon University

problem malware
Problem: Malware
  • Malware: viruses, trojan horses, worms, etc.
  • Current approaches are inadequate
  • Few address typical home user
  • Malware enabler: all software has permission to do everything
problem higher level view

Trojan horse

Prepareforreinstall

Theft of trade secrets

Transfer btwn. work & home

Problem: Higher Level View
  • The computer is too ignorant
  • Are these secure?
    • format c:
    • cp confidential-info /mnt/floppy
  • Can we get users to tell the computer more about what’s allowable?
project inspiration
Project Inspiration
  • People understand physical access
  • Different access at home for plumbers vs. accountant
  • What about file access control?
  • Answer: too fine-grained, rarely used
  • Few people can manage fine-grained security (e.g., file permissions)
  • Can we improve de facto security with coarse-grained security?
chameleon coarse grained security
Chameleon: Coarse-grained Security
  • Partition computer into “roles”, e.g.:
    • Vault
    • Communication
    • Internet
    • Testing
    • System
  • Each app confined to its own role
  • Can we make this model usable?
outline
Introduction

Related Work

Chameleon

User Studies

Discussion,Future Work, & Conclusions

Outline
related work
Related Work
  • HCISEC
    • Security usability [Whitten & Tygar 1999]
    • Design guidelines [Yee 2002]
    • WindowBox [Balfanz & Simon 2000]
  • HCI
    • Desktop info organization [Barreau & Nardi 1995]
    • WorkspaceMirror [Boardman 2002]
related work cont d
Related Work (cont’d)
  • Security models
    • Compartmented mode workstation[Berger, et al 1990]
    • Role-based access control[Ferraiolo & Kuhn 1992]
    • Sandboxing [Schmid, et al 2002]
outline9
Introduction

Related Work

Chameleon

User Studies

Discussion,Future Work, & Conclusions

Outline
chameleon
Chameleon
  • Research agenda
    • Interface design
      • Awareness
      • Control
    • Usability vs. and security
      • File organization synergy
    • Software design
usable role management
Usable Role Management
  • Target audience: typical home computer user
  • Key properties
    • Intelligible
    • Convenient
  • Key tasks
    • Switching roles
    • Moving data & files across roles

“Plan to throw the first one away. You will, anyway.” — Fred Brooks

paper prototype
Paper Prototype

Security manager

Unsafeapp.

Personal files

Comm. app.

outline13
Introduction

Related Work

Chameleon

User Studies

Discussion,Future Work, & Conclusions

Security in Context

Security Mechanisms

Software prototype

Outline
user study 1 security in context
User Study 1:Security In Context
  • Goals
    • Observe ease of use of securityfeatures in realistic task
    • Explicit vs. implicit role switching
  • Results
    • Positive opinions about roles
    • Interface implications
      • Changed to single clipboard model
      • Keep implicit role switching
      • Keep plan for role customization
user study 2 security interface mechanisms
User Study 2: Security Interface Mechanisms
  • Goals
    • Evaluate desktop display options
    • Evaluate methods for security operations
  • Result summary
    • Generally positive: 5/6 would use interface
    • Opinion divided on desktop icon display
    • Liked drag and drop

“I wish some of [your] designs…would be common practice amongst big leading software companies.”

— An enthusiastic participant

software prototype
Software Prototype

Comm.

apps.

Testing

app.

Internet

app.

study 3 software prototype
Study 3: Software Prototype
  • Goals
    • Continue usability evaluation
    • Investigate appropriate feedback levels
      • 3 levels: minimal, animated, dialog box
      • Issues: subjective impact, prevent being tricked
  • Results
    • No quantitative effect of feedback on being tricked
    • Few participants caught tricks
    • Overall positive view of Chameleon
    • Security concerns generally correlated with positive views of Chameleon
outline18
Introduction

Related Work

Chameleon

User Studies

Discussion,Future Work, & Conclusions

Outline
discussion
Discussion
  • Chameleon lessons
    • Make UI role-aware (file dialog)
    • Eliminate “active” role
    • Role purposes must be clear
    • Add “Neutral” or “Default” role
    • Make indicators active (Security Manager)
    • Need better role awareness
  • HCISEC evaluation
    • Laboratory setting ill-suited for evaluation of interaction with “normal” tasks
future work
Future Work
  • Chameleon development
    • Improve UI design
    • Implement prototype usable by real apps
  • Deploy Chameleon for daily use
  • Continue investigation of
    • Security awareness & control
    • Software architecture for security
conclusions
Conclusions
  • Chameleon work in progress
    • HCISEC UI design issues
    • Software architecture
    • HCISEC evaluation
  • Usable RBAC seems feasible
0 5 baked idea
<= 0.5-baked Idea
  • Problem: How to run software with less than all permissions?
  • Solution: Attach trust/authority/ permission to user action (capability)
  • Propagate capability
    • Starts at input device
    • To OS, to toolkit, to application
thank you

Thank You

chrislong@acm.org

http://www.cs.cmu.edu/~chrisl

(1 spot in my car for a short person)