CAREER: User-Centered Multiparty Access Control for Collective Content Management

职业：以用户为中心的多方访问控制，用于集体内容管理

• 批准号: 1453080
• 负责人: Dongwon Lee
• 金额: $ 55万
• 依托单位: Pennsylvania State Univ University Park
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-08-01 至 2023-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1453080&HistoricalAwards=false
• 关键词: CAREER; User; Centered; Multiparty; Access

This CAREER project will develop models and techniques to facilitate controlled information sharing of users' data in domains where the data is associated with and co-managed by multiple users, such as bio-repositories, remote teleworking, and social computing. Specific research objectives are: 1) Building on the PI's prior work, develop a foundational model describing access control in terms of the decision making process of a single content manager or content owner, laying the groundwork for the second objective; 2) Develop new models to support synchronous, asynchronous, and combined joint specification of access control policies for shared content for multiple users and site administrators, and 3) Apply those solution concepts to two specific applications, group work and a biobank, and conduct user studies to test goodness of fit, suitability and feasibility of the resulting access setting mechanisms.This project takes an innovative user-centric approach to ensure that the rigorous models developed result in enforceable mechanisms that can be used on a variety of existing platforms in and multiple domains. To accomplish this, the proposed work draws from multiple disciplines, including access control, game theory for security and privacy, and decision support systems. For example, an individual in a group photo may prefer not to have the photo shared even though others do, but would accept it being shared only with friends; a social network operator wants to maximize use of the system through sharing information while keeping users happy so they remain active. The preferences thus constitute a multi-objective optimization problem. We use a game-theoretic approach to modeling this problem, allowing negotiation to determine access settings. This research will provide users with the ability to express preferred access control settings for shared multi-owned data, jointly influencing with that input the final access settings, while taking into account organizational constraints and existing laws.Further, we leverage the economic concept of first-mover advantage to create models suitable in scenarios where synchronous coordination among users is not practical. In particular, the models start with extensions and applications of Stackelberg games, and account for the unique constraints occurring with security decisions and uncertainty due to human-bounded rationality. As part of this task, we also develop a method for domain administrators to determine what set of access policy options should be offered to users. Through this administrator-centered model, we enable administrators to identify the set of options that satisfy users' predicted access control decisions and meet their administrator's own internal objectives. We also study hybrid models that build on strengths of synchronous and asynchronous multi-party approaches. The models and mechanisms developed will apply to a wide range of domains, including social computing, remote collaborative content co-authoring, personalized medicine, and genetic data sharing.The integrated education plan will focus on curriculum enhancement and expanded undergraduate research experiences. We establish a graduate visiting program to give students experience with different disciplines, recognizing the multidisciplinary challenges in information security. The ultimate goal is to produce diverse graduates with the multidisciplinary skills required to design and evaluate IT security solutions.

这个职业项目将开发模型和技术，以促进在数据与多个用户关联并由多个用户共同管理的域中进行受控的用户数据信息共享，例如生物存储库、远程远程工作和社会计算。具体的研究目标是：1)在PI以前工作的基础上，根据单个内容管理者或内容所有者的决策过程，开发一个描述访问控制的基本模型，为第二个目标奠定基础；2)开发新的模型以支持针对多个用户和站点管理员的共享内容的访问控制策略的同步、异步和组合联合规范，以及3)将这些解决方案概念应用于两个具体的应用，即小组工作和生物库，并进行用户研究以测试由此产生的访问设置机制的适合性、适宜性和可行性。该项目采用创新的以用户为中心的方法，以确保所开发的严格模型产生可执行的机制，该机制可在多个领域的各种现有平台上使用。为了实现这一目标，拟议的工作借鉴了多个学科，包括访问控制、安全和隐私的博弈论以及决策支持系统。例如，集体照片中的一个人可能不愿意分享照片，即使其他人这样做了，但会接受只与朋友分享；社交网络运营商希望通过分享信息来最大限度地利用系统，同时保持用户的快乐，以便他们保持活跃。因此，偏好构成了一个多目标优化问题。我们使用博弈论方法对这个问题进行建模，允许协商来确定访问设置。这项研究将为用户提供表达共享多个拥有的数据的首选访问控制设置的能力，在考虑组织约束和现有法律的同时，与该输入共同影响最终访问设置。此外，我们利用先发优势的经济学概念来创建适合于用户之间同步协调的场景的模型。特别是，这些模型从Stackelberg博弈的扩展和应用开始，并解释了由于人类有限理性而产生的安全决策和不确定性的独特约束。作为这项任务的一部分，我们还为域管理员开发了一种方法，以确定应该向用户提供哪组访问策略选项。通过这种以管理员为中心的模型，我们使管理员能够确定满足用户预测的访问控制决策并满足管理员自己的内部目标的选项集。我们还研究了建立在同步和异步多方方法优势基础上的混合模型。开发的模型和机制将应用于广泛的领域，包括社会计算、远程协同内容共同创作、个性化医学和基因数据共享。综合教育计划将侧重于课程改进和扩大本科生研究经验。我们建立了一个研究生访问计划，为学生提供不同学科的经验，认识到信息安全方面的多学科挑战。最终目标是培养具有设计和评估IT安全解决方案所需的多学科技能的多样化毕业生。