Towards better user privacy via exposure control

We posit that access control, the dominant model for modeling and managing privacy in today's online world, is fundamentally inadequate. First, with access control, users must a priori specify precisely who can or cannot access information by enumerating users, groups, or roles---a task that is difficult to get right. Second, access control fails to separate who can access information from who actually does , because it ignores the difficulty of finding information. Third, access control does not capture if and how a person who has access to some information redistributes that information. Fourth, access control fails to account for information that can be inferred from other, public information. We present exposure as an alternate model for information privacy; exposure captures the set of people expected to learn an item of information eventually. We believe the model takes an important step towards enabling users to model and control their privacy effectively.



Beyond Access Control: Managing Online Privacy via Exposure
Mainack Mondal, Peter Druschel, Krishna P. Gummadi. and Alan Mislove. Workshop on Usable Security (USEC), 2014.




Saptarshi Ghosh is awarded a Humboldt Postdoctoral Research Fellowship
July 2014

Mainack Mondal, Bimal Viswanath and Krishna Gummadi, along with their co-authors win SOUPS distinguished paper award
July 2014

Juhi Kulshrestha receives Google Anita Borg Scholarship
May 2013

Cristian Danescu-Niculescu-Mizil wins WWW best paper award
May 2013