chameleon towards usable rbac l.
Skip this Video
Loading SlideShow in 5 Seconds..
Chameleon: Towards Usable RBAC PowerPoint Presentation
Download Presentation
Chameleon: Towards Usable RBAC

Loading in 2 Seconds...

  share
play fullscreen
1 / 24
Download Presentation

Chameleon: Towards Usable RBAC - PowerPoint PPT Presentation

oshin
405 Views
Download Presentation

Chameleon: Towards Usable RBAC

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Chameleon: Towards Usable RBAC A. Chris Long Courtney Moskowitz, Greg Ganger ECE Department Carnegie Mellon University

  2. Problem: Malware • Malware: viruses, trojan horses, worms, etc. • Current approaches are inadequate • Few address typical home user • Malware enabler: all software has permission to do everything

  3. Trojan horse Prepareforreinstall Theft of trade secrets Transfer btwn. work & home Problem: Higher Level View • The computer is too ignorant • Are these secure? • format c: • cp confidential-info /mnt/floppy • Can we get users to tell the computer more about what’s allowable?

  4. Project Inspiration • People understand physical access • Different access at home for plumbers vs. accountant • What about file access control? • Answer: too fine-grained, rarely used • Few people can manage fine-grained security (e.g., file permissions) • Can we improve de facto security with coarse-grained security?

  5. Chameleon: Coarse-grained Security • Partition computer into “roles”, e.g.: • Vault • Communication • Internet • Testing • System • Each app confined to its own role • Can we make this model usable?

  6. Introduction Related Work Chameleon User Studies Discussion,Future Work, & Conclusions Outline

  7. Related Work • HCISEC • Security usability [Whitten & Tygar 1999] • Design guidelines [Yee 2002] • WindowBox [Balfanz & Simon 2000] • HCI • Desktop info organization [Barreau & Nardi 1995] • WorkspaceMirror [Boardman 2002]

  8. Related Work (cont’d) • Security models • Compartmented mode workstation[Berger, et al 1990] • Role-based access control[Ferraiolo & Kuhn 1992] • Sandboxing [Schmid, et al 2002]

  9. Introduction Related Work Chameleon User Studies Discussion,Future Work, & Conclusions Outline

  10. Chameleon • Research agenda • Interface design • Awareness • Control • Usability vs. and security • File organization synergy • Software design

  11. Usable Role Management • Target audience: typical home computer user • Key properties • Intelligible • Convenient • Key tasks • Switching roles • Moving data & files across roles “Plan to throw the first one away. You will, anyway.” — Fred Brooks

  12. Paper Prototype Security manager Unsafeapp. Personal files Comm. app.

  13. Introduction Related Work Chameleon User Studies Discussion,Future Work, & Conclusions Security in Context Security Mechanisms Software prototype Outline

  14. User Study 1:Security In Context • Goals • Observe ease of use of securityfeatures in realistic task • Explicit vs. implicit role switching • Results • Positive opinions about roles • Interface implications • Changed to single clipboard model • Keep implicit role switching • Keep plan for role customization

  15. User Study 2: Security Interface Mechanisms • Goals • Evaluate desktop display options • Evaluate methods for security operations • Result summary • Generally positive: 5/6 would use interface • Opinion divided on desktop icon display • Liked drag and drop “I wish some of [your] designs…would be common practice amongst big leading software companies.” — An enthusiastic participant

  16. Software Prototype Comm. apps. Testing app. Internet app.

  17. Study 3: Software Prototype • Goals • Continue usability evaluation • Investigate appropriate feedback levels • 3 levels: minimal, animated, dialog box • Issues: subjective impact, prevent being tricked • Results • No quantitative effect of feedback on being tricked • Few participants caught tricks • Overall positive view of Chameleon • Security concerns generally correlated with positive views of Chameleon

  18. Introduction Related Work Chameleon User Studies Discussion,Future Work, & Conclusions Outline

  19. Discussion • Chameleon lessons • Make UI role-aware (file dialog) • Eliminate “active” role • Role purposes must be clear • Add “Neutral” or “Default” role • Make indicators active (Security Manager) • Need better role awareness • HCISEC evaluation • Laboratory setting ill-suited for evaluation of interaction with “normal” tasks

  20. Future Work • Chameleon development • Improve UI design • Implement prototype usable by real apps • Deploy Chameleon for daily use • Continue investigation of • Security awareness & control • Software architecture for security

  21. Future Work (cont’d)

  22. Conclusions • Chameleon work in progress • HCISEC UI design issues • Software architecture • HCISEC evaluation • Usable RBAC seems feasible

  23. <= 0.5-baked Idea • Problem: How to run software with less than all permissions? • Solution: Attach trust/authority/ permission to user action (capability) • Propagate capability • Starts at input device • To OS, to toolkit, to application

  24. Thank You chrislong@acm.org http://www.cs.cmu.edu/~chrisl (1 spot in my car for a short person)