Grey: Making Logic-Based Access Control Practical and Usable

Опубликовано 7 сентября 2016, 17:21

Grey is an access-control system in which smartphones serve as the token by which users exercise and delegate their authority. In an ongoing deployment on CMU's campus, Grey is used daily by about 30 people to control access to office doors and to log in to computers. Grey has several distinguishing features, such as the use of logic-based techniques to achieve high assurance and its support for ad-hoc delegation: users can modify their access-control policy at the time and place of their choosing, including in response to access attempts that would otherwise fail. In this talk I will focus on two recent research results. First, I will describe how we can leverage observed behavior to lower the burden of configuring access-control policy. By applying data mining to the set of observed accesses, I will show how we can detect and correct a large fraction of policy misconfigurations while reducing the amount of time users spend interacting with our system. Second, I will describe a new method for quantitatively measuring how well an access-control system meets users' needs. Applying this method to our deployment of Grey shows that, in our prototype environment, Grey outperforms physical keys both in how well it meets users' requirements and in the security of policies that users create with it.