TC: Small: Collaborative Research: Influencing Mental Models of Security

TC：小：协作研究：影响安全心理模型

• 批准号: 1116544
• 负责人: Richard Wash
• 金额: $ 25.82万
• 依托单位: Michigan State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2011
• 资助国家: 美国
• 起止时间: 2011-08-01 至 2017-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1116544&HistoricalAwards=false
• 关键词: TC; Small; Collaborative; Research; Influencing

Over 80 million households in the United States have a home computer and an Internet connection. The vast majority of these are overseen by people who have little computer security knowledge or training, and many users try to avoid making security decisions because they feel they don't have the knowledge and skills to maintain proper security. Nevertheless, home computer users still make security-related decisions on a regular basis --- for example, whether or not to click on a link in an email message --- without being aware that is what they are doing. Their decisions are guided by how they think about computer security,their mental models. Interestingly, these models do not have to be technically correct to lead to desirable security behaviors. In other words, sometimes even "wrong" mental models produce good security decisions. This project will explore the implications of that insight. By eliminating the constraint that non-technical users must become more like computer security experts to properly protect themselves, this project will identify and create more effective ways of helping home computer users make good security decisions.This project will help advance our understanding of how mental models of security are formed and how ideas are incorporated into mental models and transmitted from person to person. What kinds of information are incorporated into home computer users' mental models? Work will initially be focused on experimentally testing two hypotheses: a) stories about experiences have a larger influence on behavior than behavioral advice, and b) information from friends and colleagues has a stronger influence on mental models, and therefore behavior, than information from security experts. Additionally, the prevalence of particular mental models will be measured and correlated with actual user security behaviors. Through these investigations, this project will characterize the reasons that many home computer users choose not to act securely --- a question which is one of the biggest challenges of home computer security. Finally, this project will explore ways of encouraging behaviors that support secure system use by developing a prototype socio-technical system that is capable of influencing their mental models and moving people toward models that lead to greater security.Home computer security and personal information security are large problems today. Current education campaigns have failed to effect widespread changes in the security behaviors of non-technical users. New technologies are being developed, but will do nothing if users intentionally choose to ignore the technology or to work around it. This project will find better ways of informing people about security issues, altering their understanding of security threats and thereby their security behaviors, which will ultimately create more secure home computers. It will produce research tools, including survey instruments and security behavior measurement software that can be used by other security researchers. It will train a number of students, both graduate and undergraduate, in working on multi-disciplinary, distributed teams. The results from this study will be disseminated broadly to multiple academic communities.

在美国，超过八千万的家庭拥有一台家用电脑和互联网连接。其中绝大多数是由几乎没有计算机安全知识或培训的人监督的，许多用户试图避免做出安全决策，因为他们觉得自己没有维护适当安全性的知识和技能。然而，家用电脑用户仍然会定期做出与安全相关的决定——例如，是否点击电子邮件中的链接——而他们自己却没有意识到自己在做什么。他们的决定是由他们对计算机安全的看法，他们的心理模型所引导的。有趣的是，这些模型并不一定要在技术上正确才能产生理想的安全行为。换句话说，有时即使是“错误的”心智模型也会产生好的安全决策。本项目将探索这一见解的含义。通过消除非技术用户必须变得更像计算机安全专家才能正确保护自己的限制，该项目将确定并创建更有效的方法来帮助家庭计算机用户做出良好的安全决策。这个项目将有助于我们进一步了解安全的心理模型是如何形成的，以及思想是如何被纳入心理模型并在人与人之间传播的。家用电脑用户的心理模型中包含哪些信息？最初的工作将集中在实验上验证两个假设：a)关于经历的故事比行为建议对行为的影响更大；b)来自朋友和同事的信息比来自安全专家的信息对心理模型的影响更大，因此对行为的影响更大。此外，将测量特定心理模型的流行程度，并将其与实际用户安全行为相关联。通过这些调查，本项目将描述许多家用电脑用户选择不安全行事的原因——这是家用电脑安全的最大挑战之一。最后，该项目将探索通过开发一个社会技术系统原型来鼓励支持安全系统使用的行为的方法，该系统能够影响人们的心理模型，并将人们推向导致更大安全性的模型。家庭计算机安全和个人信息安全是当今的大问题。目前的教育活动未能在非技术用户的安全行为中产生广泛的变化。新技术正在被开发，但如果用户有意选择忽略技术或绕开它，这些新技术将毫无用处。这个项目将找到更好的方法来告知人们关于安全问题，改变他们对安全威胁的理解，从而改变他们的安全行为，这将最终创造出更安全的家用电脑。它将生产研究工具，包括可供其他安全研究人员使用的调查仪器和安全行为测量软件。它将训练许多学生，包括研究生和本科生，在多学科、分布式团队中工作。这项研究的结果将广泛传播到多个学术团体。