A household with smart devices may consist of a complex intermingling of device owners and non-owners, residents and visitors, adults and children, and many other categories of users. Although a common assumption is that each individual has their own un-shared account, it is common for multiple users to share the same account and password for a single device. Users report trusting their cohabitants and preferring to mediate access through existing interpersonal dynamics, rather than software-based access control methods.

We therefore propose optimistic access control for the smart home. People would be able to obtain the level of access that they believe to be appropriate, while sufficient observability would allow others in the household to detect inappropriate access. The knowledge that others may find out, along with potential consequences, could be a sufficient deterrent for people not to exceed their authorization without good reason. To evaluate this concept, we conducted a series of surveys with 604 people total, studying the acceptability and perceptions of this approach.

To read more, check out the full paper; you can find additional SPLICE publications on our Zotero page.

Malkin, Nathan, Alan F. Luo, Julio Poveda, and Michelle L. Mazurek. “Optimistic Access Control for the Smart Home.” IEEE S&P 2023 (IEEE Symposium on Security and Privacy), 2023, 2112–29. https://doi.org/10.1109/SP46215.2023.00121.