TWC SBES: Medium: Collaborative: Crowdsourcing Security

TWC SBES：媒介：协作：众包安全

• 批准号: 1228471
• 负责人: Michael Reiter
• 金额: $ 12.22万
• 依托单位: University of North Carolina at Chapel Hill
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2012
• 资助国家: 美国
• 起止时间: 2012-09-01 至 2015-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1228471&HistoricalAwards=false
• 关键词: TWC; SBES; Medium; Collaborative; Crowdsourcing

Maintaining the security of one's systems and devices in a way that ensures the right balance between functionality, security, and convenience remains complicated for most people. For example, people are routinely asked by their systems whether to accept a security certificate, install an application, heed security warnings, or reconfigure operating-system security settings. While these examples represent situations in which people regularly find themselves, people rarely have any basis to make an informed decision or to establish one conveniently. This research examines the concept of 'crowdsourced security' where the solution lies in people leveraging members of their community to secure their systems and devices.The primary goal of this research is to determine the potential of crowdsourcing as a complementary strategy for enhancing security. An example challenge addressed in this research pertains to the security of one's personal data. Specifically the research seeks to develop security mechanisms that can exploit naturally occurring social relationships and utilize 'human computation' to shift the burden of security via authentication from machines to humans. Within this framework, the research investigates both questions about the technical effectiveness of crowdsourced security solutions, as well as socio-behavioral questions about users' preferences, motivations, and privacy concerns about such systems. This research will benefit society by producing a deeper understanding of how systems can be better secured through human participation and collaboration, moving beyond the status quo of current security mechanisms.

以确保功能，安全性和便利性之间正确平衡的方式维护系统和设备的安全性对于大多数人来说仍然很复杂。例如，他们的系统通常会询问人们是否接受安全证书，安装应用程序，注意安全警告或重新配置操作系统安全设置。尽管这些例子代表了人们经常发现自己的情况，但人们很少有任何依据来做出明智的决定或方便地建立一个决定。这项研究研究了“众包安全性”的概念，在该概念中，解决方案在于利用社区成员保护其系统和设备的人们。这项研究的主要目标是确定众包的潜力作为增强安全性的互补策略。 这项研究中提出的一个示例挑战与个人数据的安全有关。具体而言，研究旨在开发可以利用自然发生的社会关系并利用“人类计算”来通过身份验证从机器转移到人类的安全负担的安全机制。在此框架内，该研究调查了有关众包安全解决方案的技术有效性的两个问题，以及有关用户对此类系统的偏好，动机和隐私问题的社会行为问题。这项研究将通过更深入地了解如何通过人类的参与和协作来更好地保护系统，从而超越当前安全机制的现状，从而使社会受益。