1 / 24

Chameleon: Towards Usable RBAC

Chameleon: Towards Usable RBAC. A. Chris Long Courtney Moskowitz, Greg Ganger ECE Department Carnegie Mellon University. Problem: Malware. Malware: viruses, trojan horses, worms, etc. Current approaches are inadequate Few address typical home user

dionne
Télécharger la présentation

Chameleon: Towards Usable RBAC

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chameleon: Towards Usable RBAC A. Chris Long Courtney Moskowitz, Greg Ganger ECE Department Carnegie Mellon University

  2. Problem: Malware • Malware: viruses, trojan horses, worms, etc. • Current approaches are inadequate • Few address typical home user • Malware enabler: all software has permission to do everything

  3. Trojan horse Prepareforreinstall Theft of trade secrets Transfer btwn. work & home Problem: Higher Level View • The computer is too ignorant • Are these secure? • format c: • cp confidential-info /mnt/floppy • Can we get users to tell the computer more about what’s allowable?

  4. Project Inspiration • People understand physical access • Different access at home for plumbers vs. accountant • What about file access control? • Answer: too fine-grained, rarely used • Few people can manage fine-grained security (e.g., file permissions) • Can we improve de facto security with coarse-grained security?

  5. Chameleon: Coarse-grained Security • Partition computer into “roles”, e.g.: • Vault • Communication • Internet • Testing • System • Each app confined to its own role • Can we make this model usable?

  6. Introduction Related Work Chameleon User Studies Discussion,Future Work, & Conclusions Outline

  7. Related Work • HCISEC • Security usability [Whitten & Tygar 1999] • Design guidelines [Yee 2002] • WindowBox [Balfanz & Simon 2000] • HCI • Desktop info organization [Barreau & Nardi 1995] • WorkspaceMirror [Boardman 2002]

  8. Related Work (cont’d) • Security models • Compartmented mode workstation[Berger, et al 1990] • Role-based access control[Ferraiolo & Kuhn 1992] • Sandboxing [Schmid, et al 2002]

  9. Introduction Related Work Chameleon User Studies Discussion,Future Work, & Conclusions Outline

  10. Chameleon • Research agenda • Interface design • Awareness • Control • Usability vs. and security • File organization synergy • Software design

  11. Usable Role Management • Target audience: typical home computer user • Key properties • Intelligible • Convenient • Key tasks • Switching roles • Moving data & files across roles “Plan to throw the first one away. You will, anyway.” — Fred Brooks

  12. Paper Prototype Security manager Unsafeapp. Personal files Comm. app.

  13. Introduction Related Work Chameleon User Studies Discussion,Future Work, & Conclusions Security in Context Security Mechanisms Software prototype Outline

  14. User Study 1:Security In Context • Goals • Observe ease of use of securityfeatures in realistic task • Explicit vs. implicit role switching • Results • Positive opinions about roles • Interface implications • Changed to single clipboard model • Keep implicit role switching • Keep plan for role customization

  15. User Study 2: Security Interface Mechanisms • Goals • Evaluate desktop display options • Evaluate methods for security operations • Result summary • Generally positive: 5/6 would use interface • Opinion divided on desktop icon display • Liked drag and drop “I wish some of [your] designs…would be common practice amongst big leading software companies.” — An enthusiastic participant

  16. Software Prototype Comm. apps. Testing app. Internet app.

  17. Study 3: Software Prototype • Goals • Continue usability evaluation • Investigate appropriate feedback levels • 3 levels: minimal, animated, dialog box • Issues: subjective impact, prevent being tricked • Results • No quantitative effect of feedback on being tricked • Few participants caught tricks • Overall positive view of Chameleon • Security concerns generally correlated with positive views of Chameleon

  18. Introduction Related Work Chameleon User Studies Discussion,Future Work, & Conclusions Outline

  19. Discussion • Chameleon lessons • Make UI role-aware (file dialog) • Eliminate “active” role • Role purposes must be clear • Add “Neutral” or “Default” role • Make indicators active (Security Manager) • Need better role awareness • HCISEC evaluation • Laboratory setting ill-suited for evaluation of interaction with “normal” tasks

  20. Future Work • Chameleon development • Improve UI design • Implement prototype usable by real apps • Deploy Chameleon for daily use • Continue investigation of • Security awareness & control • Software architecture for security

  21. Future Work (cont’d)

  22. Conclusions • Chameleon work in progress • HCISEC UI design issues • Software architecture • HCISEC evaluation • Usable RBAC seems feasible

  23. <= 0.5-baked Idea • Problem: How to run software with less than all permissions? • Solution: Attach trust/authority/ permission to user action (capability) • Propagate capability • Starts at input device • To OS, to toolkit, to application

  24. Thank You chrislong@acm.org http://www.cs.cmu.edu/~chrisl (1 spot in my car for a short person)

More Related