SaTC: CORE: Medium: Social Cybersecurity: Applying Social Influence to Improve Cybersecurity

SaTC：核心：媒介：社交网络安全：运用社交影响力改善网络安全

• 批准号: 1704087
• 负责人: Laura Dabbish
• 金额: $ 120万
• 依托单位: Carnegie-Mellon University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2017
• 资助国家: 美国
• 起止时间: 2017-08-01 至 2022-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1704087&HistoricalAwards=false
• 关键词: SaTC; CORE; Medium; Social; Cybersecurity

Research on the human factors of cybersecurity often treats people as isolated individuals rather than as social actors within a web of relationships and social influences. This project leverages known social influence principles such as making public commitments and social proof (i.e., people tend to copy others' behavior, especially when in doubt) to develop techniques that improve cybersecurity behavior and enhance security tool adoption. The team will design, develop, and deploy examples of the use of social influence in three common contexts: standalone security training materials, real-time training ("micro-interventions") given at the moment of a security-related decision, and adoption of security tools and updates. The work will deepen our knowledge of how to incorporate social influences into interface designs that improve people's security sensitivity, that is, the awareness, knowledge, and motivation to be secure. It will also add to the toolbox of cybersecurity researchers and practitioners designing human-facing security tools, and raise public awareness through outreach efforts and widely deploying the security training mini-games. Finally, the project will provide educational opportunities for a number of PhD and undergraduate students, both in doing the research and through integrating the research work and products into courses on human-computer interaction and security.The project uses a number of well-known social influence mechanisms to influence security behavior, including reciprocity, social proof, consistency and commitment, liking, authority, and scarcity, through three main research thrusts. The first thrust will develop standalone security training though security related mini-games. The games will allow the researchers to control the observability of others' behaviors and deploy interface features and messages informed by social influence processes. In experiments, the research team will compare how emphasizing different influence processes affect people's security awareness, knowledge and behavior both immediately after the experiment and two weeks later. The second thrust will develop micro-interventions in the context of login pages, based on preliminary work showing this is the most common time people think about security. Working with their institution's information security office, the team will embed security training in system login pages. They will evaluate effectiveness of the training using logged user behavior and a one-month follow-up survey and interview. The third thrust will encourage adoption of new security tools, behaviors, and updates by varying the social influence mechanisms used at different points in the adoption curve of a new tool. Again, the team will run field studies in conjunction with their institution's information security office, measuring relative effectiveness of messages employing different social influence processes based on time-to-update. Experimental materials, monitoring and analysis software, the mini-games themselves, and (when not creating security and privacy risks) the datasets themselves will be released publicly.

对网络安全中人的因素的研究往往将人视为孤立的个人，而不是关系和社会影响网络中的社会参与者。该项目利用已知的社会影响原则，如公开承诺和社会证据(即，人们倾向于模仿他人的行为，尤其是在有疑问的情况下)来开发改善网络安全行为和提高安全工具采用率的技术。该小组将设计、开发和部署在三种常见情况下利用社会影响的实例：独立的安全培训材料、在与安全有关的决策时刻提供的实时培训(“微干预”)以及安全工具和更新的采用。这项工作将加深我们对如何将社会影响融入到界面设计中的知识，从而提高人们的安全敏感性，即安全意识、知识和动机。它还将增加网络安全研究人员和从业者设计人性化安全工具的工具箱，并通过外联努力和广泛部署安全培训小游戏来提高公众意识。最后，该项目将通过将研究工作和产品整合到人机交互和安全课程中，为一些博士和本科生提供教育机会。该项目使用一些众所周知的社会影响机制来影响安全行为，包括互惠、社会证明、一致性和承诺、喜好、权威和稀缺性，通过三个主要研究推动力。第一个推动力将通过与安全相关的小游戏来开发独立的安全培训。这些游戏将允许研究人员控制其他人行为的可观察性，并部署界面功能和受社会影响过程通知的信息。在实验中，研究小组将在实验结束后立即和两周后比较强调不同影响过程对人们安全意识、知识和行为的影响。第二个推动力将在登录页面的背景下开发微干预，基于初步工作表明，这是人们最常考虑安全的时候。该团队将与该机构的信息安全办公室合作，在系统登录页面中嵌入安全培训。他们将使用记录的用户行为和一个月的跟踪调查和访谈来评估培训的有效性。第三个推动力将通过改变在新工具采用曲线的不同点上使用的社会影响机制来鼓励采用新的安全工具、行为和更新。此外，该团队将与他们机构的信息安全办公室一起进行实地研究，根据更新时间衡量采用不同社会影响流程的信息的相对有效性。实验材料、监测和分析软件、迷你游戏本身以及(当不会造成安全和隐私风险时)数据集本身将被公开发布。

项目成果

'It's Problematic but I'm not Concerned': University Perspectives on Account Sharing

“这是有问题的，但我不担心”：大学对帐户共享的看法

• DOI: 10.1145/3512915
• 发表时间: 2022
• 期刊: Proceedings of the ACM on Human-Computer Interaction
• 作者: Wang, Serena;Faklaris, Cori;Lin, Junchao;Dabbish, Laura;Hong, Jason I.
• 通讯作者: Hong, Jason I.

Breaking! A Typology of Security and Privacy News and How It's Shared

打破！

• DOI: 10.1145/3173574.3173575
• 发表时间: 2018
• 期刊: Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems
• 作者: Das, Sauvik;Lo, Joanne;Dabbish, Laura;Hong, Jason I.
• 通讯作者: Hong, Jason I.

“Did You Just Purchase a Butt Head on Amazon?” – A Diary Study of Couples’ Everyday Account Sharing

– 您刚刚在亚马逊上购买了屁股吗？ – – 夫妻日记研究 – 日常帐户共享

• DOI: 10.1145/3406865.3418340
• 发表时间: 2020
• 期刊: CSCW '20 Companion: Conference Companion Publication of the 2020 on Computer Supported Cooperative Work and Social Computing
• 作者: Lin, Junchao;Yu, Irene;Hong, Jason;Dabbish, Laura
• 通讯作者: Dabbish, Laura

Share and Share Alike? An Exploration of Secure Behaviors in Romantic Relationships

分享和分享一样吗？

• 发表时间: 2018
• 期刊: Fourteenth Symposium on Usable Privacy and Security ({SOUPS} 2018
• 作者: Park, Cheul Young;Faklaris, Cori;Zhao, Siyan;Sciuto, Alex;Dabbish, Laura;Hong, Jason
• 通讯作者: Hong, Jason

To Self-Persuade or be Persuaded: Examining Interventions for Users’ Privacy Setting Selection

自我说服或被说服：检查用户的干预措施——隐私设置选择

• DOI: 10.1145/3491102.3502009
• 发表时间: 2022
• 期刊: CHI '22: Proceedings of the 2022 CHI Conference on Human Factors in Computing Systems
• 作者: Krsek, Isadora;Wenzel, Kimi;Das, Sauvik;Hong, Jason I.;Dabbish, Laura
• 通讯作者: Dabbish, Laura