CRII: SaTC: Improving Computer Security Technologies through Analyzing Security Needs and Practices of Journalists

CRII：SaTC：通过分析记者的安全需求和实践来改进计算机安全技术

• 批准号: 1463968
• 负责人: Franziska Roesner
• 金额: $ 17.5万
• 依托单位: University of Washington
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-06-01 至 2018-05-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1463968&HistoricalAwards=false
• 关键词: CRII; SaTC; Improving; Computer; Security

Advances in digital communication technologies, and their proliferation in recent decades, have had a remarkable impact on journalism. Security weaknesses in these technologies have put journalists and their sources increasingly at risk, hindering efforts at investigative reporting, transparency, and whistleblowing. Because of their willingness to be early adopters, and to openly communicate their issues, journalists provide an opportunity to identify security issues and requirements in new communication methods. This project will study the current computer security mental models and practices of journalists and their sources, and to ultimately design technology to better meet their needs. The resulting tools will be released as open source and deployed to directly benefit journalists and their sources, as well as other users of technology, ultimately helping to protect and improve freedoms of speech and of the press both nationally and internationally.The vulnerabilities in how journalists (and users in general) communicate and store sensitive information result from several factors, including usability problems with existing tools, a mismatch between mental models and the real security properties of the tools they use, and technological gaps in the tools available. To evaluate and address these issues, this project will proceed in two phases: first, studying the current practices of journalists via in-depth interviews and large-scale surveys, and second, designing new technologies to better meet their computer security needs. The second phase will leverage findings from the first phase to inform technical research, including the development of more usable tools for journalists leveraging existing computer security techniques, as well as the development of new computer security technologies (e.g., protocols or systems) where necessary. For example, this project will consider technical challenges such as protecting the metadata of communications and bootstrapping secure communications at first contact.For further information, see the project web site at: https://journosec.cs.washington.edu

数字通信技术的进步及其近几十年来的扩散对新闻业产生了显着的影响。 这些技术的安全漏洞使记者及其消息来源面临越来越大的风险，阻碍了调查报道、透明度和举报的努力。由于记者愿意成为早期采用者并公开交流他们的问题，因此他们提供了一个识别新通信方法中的安全问题和要求的机会。 该项目将研究记者及其消息来源当前的计算机安全心理模型和实践，并最终设计技术以更好地满足他们的需求。由此产生的工具将作为开源发布并部署，以直接使记者及其消息来源以及其他技术用户受益，最终有助于保护和改善国内和国际的言论和新闻自由。记者（以及一般用户）沟通和存储敏感信息的漏洞是由多种因素造成的，包括现有工具的可用性问题、心智模型与他们使用的工具的真实安全属性之间的不匹配以及工具中的技术差距 可用的。为了评估和解决这些问题，该项目将分两个阶段进行：首先，通过深入访谈和大规模调查来研究记者的当前做法；其次，设计新技术以更好地满足他们的计算机安全需求。第二阶段将利用第一阶段的发现为技术研究提供信息，包括为记者利用现有计算机安全技术开发更可用的工具，以及在必要时开发新的计算机安全技术（例如协议或系统）。例如，该项目将考虑技术挑战，例如保护通信元数据和在首次接触时引导安全通信。有关更多信息，请参阅该项目网站：https://journosec.cs.washington.edu