Security guru Bruce Schneier recently noted some Columbia University research on “Laissez-Faire File Sharing,” which advocates allowing users to set their own sharing permissions, with a focus on access auditing rather than access control (administrator policies don’t stop users from receiving or sharing a file, but all the viewers and editors of that file are then logged for later review and flagging).
Schneier simplifies it as a Wikipedian ideal (“Everybody has access to everything, but there are audit mechanisms in place to prevent abuse”), but that shortchanges the idea. Not all users can access files, for example: They must be granted access by a current user. The paper’s authors argue that this is already happening in an underground IT economy through e-mail attachments, USB thumbdrives and other workarounds, and that by working with the system, rather than against it, the new paradigm has the potential the “potential to increase both productivity and security.”
The paper outlines 5 cornerstones of Laissez-Faire File Sharing:
The owner of a document, initially the individual who creates it or first introduces it into a sharing system, must not be required to sacrifice rights in order to add the file into the system.
Freedom of delegation
The owners of a document may grant (delegate) or deny any or all rights – including the right\to further delegation or even full ownership – to whomever they so choose, regardless of organizational or administrative boundaries.
The owners of (and ideally all contributors to) a document must be able to quickly and easily find and comprehend the rights associated with it, including such meta-rights as delegation. All changes to the document or its rights must be attributable to the individual who made the change.
Users must be able to rely on the sharing system to both store and transmit their information both reliably and securely, enforcing their chosen sharing (access control) policies.
A sharing system should be free of barriers that [/asp]unnecessarily or excessively inhibit sharing.
There’s some great discussion on Schneier’s blog in the comments, ranging from the political ramifications (“The reason it’s not used more often isn’t rational, but political — folks want power, and auditing methods diffuse power.”) to concerns that auditing turns security into a cost center doomed for failure.
What do you think? Can users be trusted to set their own permissions, or are these academics too far up the Ivory Tower? I’d love to hear your thoughts, whether in the comments, at Michael@ITKnowledgeExchange.com, or on Twitter at @Morisy and @ITKE.
More on security:
- “Laissez-faire file sharing”: The original Columbia University paper in PDF
- Everyone hates your insecure password rules
- Time Warner’s SMC8014 security hole could make for a spooky Halloween
- New SSL security hole allows man-in-the-middle attacks