TWC: Medium: Collaborative: Security and Privacy for Wearable and Continuous Sensing Platforms

TWC：媒介：协作：可穿戴和连续传感平台的安全和隐私

• 批准号: 1514211
• 负责人: Serge Egelman
• 金额: $ 39.97万
• 依托单位: International Computer Science Institute
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-09-01 至 2019-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1514211&HistoricalAwards=false
• 关键词: TWC; Medium; Collaborative; Security; Privacy

This research project studies security and privacy for wearable devices. Wearable computing is poised to become widely deployed throughout society. These devices offer many benefits to end users in terms of realtime access to information and the augmentation of human memory, but they are also likely to introduce new and complex privacy and security problems. People who use wearable devices need assurances that their privacy will be respected, and we also need ways to minimize the potential for wearable devices to intrude on the privacy of bystanders and others. This project is identifying the risks in greater depth and developing new technologies and techniques to protect against these risks. The project is building a scientific and engineering basis for making wearable computing trustworthy; the growing adoption of wearable computing makes this research important to society.Several unique features of wearable computing pose new challenges that require novel research. It seems likely that continuous audio and video capture will enable many valuable uses of wearable computing, but they open up new attack vectors through these new input channels. Audio and video capture also present new privacy challenges; for instance, third-party applications may need access to this data, but the data is sometimes highly sensitive (e.g., capturing intimate moments, sensitive documents, embarrassing social situations, etc.). This project studies: how to empower users and enable them to control how apps on wearable devices can access audio and video resources, how to use privilege separation and the least-privilege principle to mitigate risks associated with third-party applications that run on wearable devices, how operating systems for wearable devices can be architected to prevent applications from collecting extraneous data, and new threats from wearable computing and how each of these threats could be countered with secure platform designs. To protect privacy, the researchers are conducting user studies to improve our understanding of what data users find most sensitive; the findings from these user studies is helping the researchers to design techniques to prevent applications from accessing sensitive data inappropriately.

这项研究项目研究可穿戴设备的安全和隐私。可穿戴计算即将在整个社会得到广泛部署。这些设备在实时获取信息和增强人类记忆力方面为最终用户提供了许多好处，但它们也可能带来新的复杂的隐私和安全问题。使用可穿戴设备的人需要保证他们的隐私将得到尊重，我们还需要找到方法将可穿戴设备侵犯旁观者和其他人隐私的可能性降至最低。该项目正在更深入地识别风险，并开发新的技术和技术来防范这些风险。该项目正在为使可穿戴计算值得信赖建立科学和工程基础；可穿戴计算的日益采用使这项研究对社会具有重要意义。可穿戴计算的几个独特功能提出了新的挑战，需要进行新的研究。连续的音频和视频捕获似乎很可能会使可穿戴计算得到许多有价值的用途，但它们通过这些新的输入渠道打开了新的攻击媒介。音频和视频捕获也带来了新的隐私挑战；例如，第三方应用程序可能需要访问这些数据，但这些数据有时是高度敏感的(例如，捕获亲密时刻、敏感文档、令人尴尬的社交情况等)。该项目研究：如何赋予用户权力并使他们能够控制可穿戴设备上的应用程序如何访问音频和视频资源；如何使用特权分离和最小特权原则来降低与可穿戴设备上运行的第三方应用程序相关的风险；如何构建可穿戴设备的操作系统以防止应用程序收集无关数据；以及可穿戴计算带来的新威胁，以及如何通过安全平台设计应对这些威胁。为了保护隐私，研究人员正在进行用户研究，以提高我们对用户认为最敏感的数据的理解；这些用户研究的发现正在帮助研究人员设计技术，以防止应用程序不适当地访问敏感数据。