Content-based Access Control
Hart, Michael Andrew
The Graduate School, Stony Brook University: Stony Brook, NY.
In many contexts, users are either unable or unwilling to specify their access control policies. In Data Loss Prevention, for example, users cannot fully express what is secret in rule-based formats. Many users are unwilling to use access controls, particularly in the Web 2.0, because they are too draconian, leading to disastrous consequences in terms of privacy. To address both of these issues, we have introduced the concept of Content-Based Access Control (CBAC). CBAC combines content recognition with policy acquisition and enforcement. A CBAC-enabled system can be trained to recognize policy violations by learning what is secret from examples. This defense will discuss how CBAC can be successfully applied to Data Loss Prevention, Wikipedia Vandalism and the Web 2.0. Usability is integral to providing better CBAC systems and privacy interfaces, and this dissertation demonstrates improvements in the usability of these systems.