CAREER: UCPriv: User-Centric Privacy Management

职业：UCPriv：以用户为中心的隐私管理

• 批准号: 1253204
• 负责人: Adam Lee
• 金额: $ 54.56万
• 依托单位: University of Pittsburgh
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2013
• 资助国家: 美国
• 起止时间: 2013-09-01 至 2019-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1253204&HistoricalAwards=false
• 关键词: CAREER; UCPriv; User; Centric; Privacy

To date, the application of quantitative security and privacy metrics metrics has seen its greatest successes when exploring the worst-case properties of a system. That is, given a powerful adversary, to what extent does the system preserve some relevant set of properties? While such analyses allow experts to build systems that are resistant to strong attackers, many deployed systems were not designed in this manner. In fact, there is growing evidence that users' privacy is routinely compromised as a byproduct of using social, participatory, and distributed applications. Given that people find inherent utility in using systems that are not secure against worst-case adversaries, this project investigates a complementary question: Can we help users better manage their participation in systems that are not privacy-preserving in an absolute sense?This project is developing a principled approach that enables individuals to (i) quantitatively specify and assess their security, privacy, and utility goals; (ii) qualitatively express preferences on the relative importance of these goals; (iii) explore the implications of their system interactions by leveraging the trade-off spaces resulting from these quantitative and qualitative specifications; and (iv) enact locally-enforceable changes to their system usage to better balance competing needs. This project is designing computational tools that enable everyday users to better manage their system participation by understanding the interplay between security, privacy, and utility. Educational materials are being developed to support two undergraduate courses---one for computer science majors and one for non-majors---that explore the social, technical, and privacy implications of our increasingly digitized society.

迄今为止，定量安全和隐私度量指标的应用在探索系统的最坏情况属性时取得了最大的成功。也就是说，给定一个强大的对手，系统在多大程度上保留了一些相关的属性？虽然这样的分析允许专家构建能够抵抗强大攻击者的系统，但许多部署的系统并不是以这种方式设计的。事实上，越来越多的证据表明，作为使用社交、参与式和分布式应用程序的副产品，用户的隐私经常受到损害。考虑到人们在使用不安全的系统时发现了内在的效用，这个项目研究了一个补充问题：我们能帮助用户更好地管理他们在绝对意义上不保护隐私的系统中的参与吗？该项目正在开发一种原则性方法，使个人能够(i)定量地指定和评估他们的安全、隐私和效用目标；（ii）定性地表达对这些目标相对重要性的偏好；（iii）通过利用这些定量和定性规范所产生的权衡空间，探索其系统相互作用的影响；（iv）制定可在当地执行的系统使用变化，以更好地平衡竞争需求。这个项目正在设计计算工具，通过理解安全性、隐私性和实用性之间的相互作用，使日常用户能够更好地管理他们的系统参与。正在开发教育材料，以支持两门本科课程——一门面向计算机科学专业，另一门面向非专业——这两门课程探索我们日益数字化的社会对社会、技术和隐私的影响。

项目成果

NeXUS: Practical and Secure Access Control on Untrusted Storage Platforms using Client-Side SGX

• DOI: 10.1109/dsn.2019.00049
• 发表时间: 2019-06
• 期刊: 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
• 作者: J. B. Djoko;Jack Lange;Adam J. Lee

Shoal: Query Optimization and Operator Placement for Access Controlled Stream Processing Systems

Shoal：访问控制流处理系统的查询优化和运算符放置

• DOI: 10.1007/978-3-030-22479-0_14
• 发表时间: 2019
• 期刊: Data and Applications Security and Privacy XXXIII. DBSec 2019
• 作者: Thoma, Cory;Labrinidis, Alexandros;Lee, Adam J.
• 通讯作者: Lee, Adam J.

Behind Enemy Lines: Exploring Trusted Data Stream Processing on Untrusted Systems

• DOI: 10.1145/3292006.3300021
• 发表时间: 2019-03
• 期刊: Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy
• 作者: Cory Thoma;Adam J. Lee;Alexandros Labrinidis

Context-based Automated Responses of Unavailability in Mobile Messaging

移动消息传递中基于上下文的不可用自动响应

• DOI: 10.1007/s10606-021-09399-z
• 发表时间: 2021
• 期刊: Computer Supported Cooperative Work (CSCW
• 作者: Jain, Pranut;Farzan, Rosta;Lee, Adam J.
• 通讯作者: Lee, Adam J.

Making sense of risk in an increasingly cyber‐physical world

理解日益网络化和物理化的世界中的风险

• 发表时间: 2020
• 期刊: Critical quarterly
• 影响因子: 0.2
• 作者: Lee, Adam J.;Farzan, Rosta;Kapadia, Apu;Ahmad, Imtiaz
• 通讯作者: Ahmad, Imtiaz