CT-M: Usable Security for Digital Home Storage

CT-M：数字家庭存储的可用安全性

• 批准号: 0831407
• 负责人: Ljudevit Bauer
• 金额: $ 100万
• 依托单位: Carnegie-Mellon University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2008
• 资助国家: 美国
• 起止时间: 2008-09-01 至 2013-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0831407&HistoricalAwards=false
• 关键词: CT; Usable; Security; Digital; Home

This project explores an architecture, mechanisms, and interfaces for helping users manage access control in the digital home.The home is a challenging, yet critical, target for usable security.It requires abstractions that are intuitive for laypeople, interfaces that allow users to manipulate those abstractions, and access-control and storage infrastructure that can support the abstractions. Without a holistic, usable approach to access-control management, adoption of new technology in the home will be slowed and there will be no effective data security once the transition inevitably occurs. Based on their early experiences with home storage, the PIs seek to adapt and integrate:(1) the semantic query as an abstraction for describing a set of files to which a specific policy applies;(2) the Expandable Grid as a visual interaction technique for creating, editing, and viewing security policies;(3) logic-based access control as a rigorous foundation for specifying and implementing policies.User studies, surveys, and test deployments are a core component of the project; they are used to discover needs of users in the digital home and users' ability to effectively apply approaches developed.The project has several forms of impact. First, it develops tools and techniques that can significantly simplify the use of access control in the digital home. Second, it increases understanding of user behavior and access-control needs in the emerging home storage environment. Third, it enhances education at CMU and elsewhere, as new insights are embedded into storage systems, distributed systems, and computer security classes taught by the PIs.

这个项目探讨了一个体系结构，机制和接口，帮助用户管理数字家庭的访问控制。家庭是一个具有挑战性的，但关键的，可用的安全目标。它需要抽象的是直观的外行，接口，允许用户操作这些抽象，访问控制和存储基础设施，可以支持的抽象。 如果没有一个全面的、可用的访问控制管理方法，家庭中新技术的采用将放缓，一旦过渡不可避免地发生，将没有有效的数据安全。 基于他们在家庭存储方面的早期经验，PI寻求适应和集成：（1）语义查询作为描述特定策略所应用的一组文件的抽象;（2）可扩展网格作为创建、编辑和查看安全策略的可视化交互技术;（3）基于逻辑的访问控制作为指定和实施策略的严格基础。用户研究，调查，和测试部署是该项目的核心组成部分;它们用于发现数字家庭中用户的需求以及用户有效应用所开发方法的能力。该项目具有几种形式的影响。 首先，它开发的工具和技术，可以显着简化数字家庭访问控制的使用。 其次，它增加了对新兴家庭存储环境中用户行为和访问控制需求的理解。 第三，它增强了CMU和其他地方的教育，因为新的见解被嵌入到PI教授的存储系统，分布式系统和计算机安全课程中。