TWC: Medium: Collaborative: Security and Privacy for Wearable and Continuous Sensing Platforms

TWC：媒介：协作：可穿戴和连续传感平台的安全和隐私

• 批准号: 1513584
• 负责人: Franziska Roesner
• 金额: $ 45万
• 依托单位: University of Washington
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-09-01 至 2020-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1513584&HistoricalAwards=false
• 关键词: TWC; Medium; Collaborative; Security; Privacy

This research project studies security and privacy for wearable devices. Wearable computing is poised to become widely deployed throughout society. These devices offer many benefits to end users in terms of realtime access to information and the augmentation of human memory, but they are also likely to introduce new and complex privacy and security problems. People who use wearable devices need assurances that their privacy will be respected, and we also need ways to minimize the potential for wearable devices to intrude on the privacy of bystanders and others. This project is identifying the risks in greater depth and developing new technologies and techniques to protect against these risks. The project is building a scientific and engineering basis for making wearable computing trustworthy; the growing adoption of wearable computing makes this research important to society.Several unique features of wearable computing pose new challenges that require novel research. It seems likely that continuous audio and video capture will enable many valuable uses of wearable computing, but they open up new attack vectors through these new input channels. Audio and video capture also present new privacy challenges; for instance, third-party applications may need access to this data, but the data is sometimes highly sensitive (e.g., capturing intimate moments, sensitive documents, embarrassing social situations, etc.). This project studies: how to empower users and enable them to control how apps on wearable devices can access audio and video resources, how to use privilege separation and the least-privilege principle to mitigate risks associated with third-party applications that run on wearable devices, how operating systems for wearable devices can be architected to prevent applications from collecting extraneous data, and new threats from wearable computing and how each of these threats could be countered with secure platform designs. To protect privacy, the researchers are conducting user studies to improve our understanding of what data users find most sensitive; the findings from these user studies is helping the researchers to design techniques to prevent applications from accessing sensitive data inappropriately.

本研究项目研究可穿戴设备的安全性和隐私性。可穿戴式计算将在整个社会广泛部署。这些设备在实时访问信息和增强人类记忆方面为最终用户提供了许多好处，但它们也可能引入新的复杂的隐私和安全问题。使用可穿戴设备的人需要确保他们的隐私得到尊重，我们还需要设法将可穿戴设备侵犯旁观者和其他人隐私的可能性降到最低。该项目正在更深入地识别风险，并开发新的技术和技术来防范这些风险。该项目正在为可穿戴计算的可靠性奠定科学和工程基础；可穿戴计算的日益普及使得这项研究对社会很重要。可穿戴计算的几个独特特点提出了新的挑战，需要新的研究。似乎持续的音频和视频捕获将使可穿戴计算的许多有价值的用途成为可能，但它们通过这些新的输入通道开辟了新的攻击向量。音频和视频捕获也带来了新的隐私挑战；例如，第三方应用程序可能需要访问这些数据，但这些数据有时是高度敏感的（例如，捕捉亲密时刻、敏感文档、令人尴尬的社交场合等）。本项目研究：如何授权用户并使他们能够控制可穿戴设备上的应用程序如何访问音频和视频资源，如何使用特权分离和最小特权原则来降低与可穿戴设备上运行的第三方应用程序相关的风险，如何构建可穿戴设备的操作系统以防止应用程序收集无关的数据，以及可穿戴计算带来的新威胁，以及如何通过安全的平台设计来应对这些威胁。为了保护隐私，研究人员正在进行用户研究，以提高我们对用户认为最敏感的数据的理解；这些用户研究的发现有助于研究人员设计技术，防止应用程序不恰当地访问敏感数据。