ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
User-controllable learning of security and privacy policies
Full text PdfPdf (1.05 MB)
Source
Conference on Computer and Communications Security archive
Proceedings of the 1st ACM workshop on Workshop on AISec table of contents
Alexandria, Virginia, USA
SESSION: User-facing systems table of contents
Pages 11-18  
Year of Publication: 2008
ISBN:978-1-60558-291-7
Authors
Patrick Gage Kelley  Carnegie Mellon University, Pittsburgh, PA, USA
Paul Hankes Drielsma  Carnegie Mellon University, Pittsburgh, PA, USA
Norman Sadeh  Carnegie Mellon University, Pittsburgh, PA, USA
Lorrie Faith Cranor  Carnegie Mellon University, Pittsburgh, PA, USA
Sponsors
ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 10,   Downloads (12 Months): 149,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1456377.1456380
What is a DOI?

ABSTRACT

Studies have shown that users have great difficulty specifying their security and privacy policies in a variety of application domains. While machine learning techniques have successfully been used to refine models of user preferences, such as in recommender systems, they are generally configured as "black boxes" that take control over the entire policy and severely restrict the ways in which the user can manipulate it. This article presents an alternative approach, referred to as user-controllable policy learning. It involves the incremental manipulation of policies in a context where system and user refine a common policy model. The user regularly provides feedback on decisions made based on the current policy. This feedback is used to identify (learn) incremental policy improvements which are presented as suggestions to the user. The user, in turn, can review these suggestions and decide which, if any, to accept. The incremental nature of the suggestions enhances usability, and because the user and the system manipulate a common policy representation, the user retains control and can still make policy modifications by hand. Results obtained using a neighborhood search implementation of this approach are presented in the context of data derived from the deployment of a friend finder application, where users can share their locations with others, subject to privacy policies they refine over time. We present results showing policy accuracy, which averages 60% upon initial definition by our users climbing as high as 90% using our technique.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Gediminas Adomavicius , Alexander Tuzhilin, Toward the Next Generation of Recommender Systems: A Survey of the State-of-the-Art and Possible Extensions, IEEE Transactions on Knowledge and Data Engineering, v.17 n.6, p.734-749, June 2005  [doi>10.1109/TKDE.2005.99]
2
Boi Faltings , Pearl Pu , Marc Torrens , Paolo Viappiani, Designing example-critiquing interaction, Proceedings of the 9th international conference on Intelligent user interfaces, January 13-16, 2004, Funchal, Madeira, Portugal  [doi>10.1145/964442.964449]
3
Jonathan L. Herlocker , Joseph A. Konstan , John Riedl, Explaining collaborative filtering recommendations, Proceedings of the 2000 ACM conference on Computer supported cooperative work, p.241-250, December 2000, Philadelphia, Pennsylvania, United States  [doi>10.1145/358916.358995]
 
4
Greg Linden , Brent Smith , Jeremy York, Amazon.com Recommendations: Item-to-Item Collaborative Filtering, IEEE Internet Computing, v.7 n.1, p.76-80, January 2003  [doi>10.1109/MIC.2003.1167344]
 
5
Roy A. Maxion , Robert W. Reeder, Improving user-interface dependability through mitigation of human error, International Journal of Human-Computer Studies, v.63 n.1-2, p.25-50, July 2005  [doi>10.1016/j.ijhcs.2005.04.009]
 
6
Christena Nippert-Eng. Privacy in the United States: Some implications for design. International Journal of Design, {Online} 1:2, Aug 2007. Available at http://www.ijdesign.org/ojs/index.php/IJDesign/article/view/67/30.
7
Michael J. Pazzani, Representation of electronic mail filtering profiles: a user study, Proceedings of the 5th international conference on Intelligent user interfaces, p.202-206, January 09-12, 2000, New Orleans, Louisiana, United States  [doi>10.1145/325737.325843]
 
8
Michael Pazzani , Daniel Billsus, Learning and Revising User Profiles: The Identification ofInteresting Web Sites, Machine Learning, v.27 n.3, p.313-331, June 1997  [doi>10.1023/A:1007369909943]
9
Al Mamunur Rashid , Istvan Albert , Dan Cosley , Shyong K. Lam , Sean M. McNee , Joseph A. Konstan , John Riedl, Getting to know you: learning new user preferences in recommender systems, Proceedings of the 7th international conference on Intelligent user interfaces, January 13-16, 2002, San Francisco, California, USA  [doi>10.1145/502716.502737]
 
10
Norman Sadeh, Jason Hong, Lorrie Cranor, Ian Fette, Patrick Kelley, Madhu Prabaker, and Jinghai Rao. Understanding and capturing people's privacy policies in a people finder application. In Proceedings of the 5th International Workshop on Privacy in UbiComp (UbiPriv'07), September 2007.
 
11
J. Ben Schafer , Joseph A. Konstan , John Riedl, E-Commerce Recommendation Applications, Data Mining and Knowledge Discovery, v.5 n.1-2, p.115-153, January-April 2001  [doi>10.1023/A:1009804230409]
12
Simone Stumpf , Vidya Rajaram , Lida Li , Margaret Burnett , Thomas Dietterich , Erin Sullivan , Russell Drummond , Jonathan Herlocker, Toward harnessing user feedback for machine learning, Proceedings of the 12th international conference on Intelligent user interfaces, January 28-31, 2007, Honolulu, Hawaii, USA  [doi>10.1145/1216295.1216316]
 
13
Paolo Viappiani, Boi Faltings, and Pearl Pu. Preference-based search using example-critiquing with suggestions. J. Artif. Intell. Res. (JAIR), 27:465--503, 2006.

INDEX TERMS

Primary Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)

Additional Classification:
  H. Information Systems
  H.5 INFORMATION INTERFACES AND PRESENTATION (I.7)
      H.5.m Miscellaneous

  I. Computing Methodologies
  I.2 ARTIFICIAL INTELLIGENCE
      I.2.6 Learning


General Terms:
Human Factors, Security


Keywords:
security and privacy policies, usable security, user-controllable learning

Collaborative Colleagues:
Patrick Gage Kelley: colleagues
Paul Hankes Drielsma: colleagues
Norman Sadeh: colleagues
Lorrie Faith Cranor: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player