CRII: SaTC: Systems That Facilitate Cooperation and Stewardship to Improve End-User Security Behaviors

CRII：SaTC：促进合作和管理以改善最终用户安全行为的系统

• 批准号: 1755625
• 负责人: Sauvik Das
• 金额: $ 17.5万
• 依托单位: Georgia Tech Research Corporation
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2018
• 资助国家: 美国
• 起止时间: 2018-07-01 至 2021-06-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1755625&HistoricalAwards=false
• 关键词: CRII; SaTC; Systems; Facilitate; Cooperation

This proposal explores opportunities to improve cybersecurity systems by encouraging cooperation and stewardship, whereby people work together for mutually beneficial cybersecurity outcomes. For example, coworkers could provide accountability for one another in keeping their software fully up-to-date, or a trusted expert might remotely configure the security settings on a new laptop for a consenting non-expert. Many existing security systems, by contrast, are not designed to enable or encourage social interaction, a situation that often results in confusion and non-compliance. This proposal will involve studies with people to understand how and when cooperation and stewardship might be beneficial, along with the development of a platform that facilitates the evaluation and construction of such systems. The proposed work work should add to our understanding of how to design and engineer effective real-world cybersecurity systems by incorporating social interaction. Furthermore, this project will provide both undergraduate and graduate students an opportunity to participate in interdisciplinary research. This proposal marries ideas from social psychology, human-computer interaction, and design to tackle a simple and timely question in usable security: How can we create systems that facilitate cooperation and stewardship in end-user cybersecurity systems in order to encourage better cybersecurity behaviors? In the context of this proposal, end-users can be thought of as people who directly interface with a security system to protect their own assets; cooperation in end-user security systems allows people to act collectively towards mutually beneficial security goals or benefit, and, stewardship in end-user security systems allow people to act on behalf of others' security goals or benefit. The union of such cooperative and stewarded systems can be said to be sociopetal, or designed to bring people together. The proposed work will encompass three interacting research thrusts: (i) running group interviews and diary studies to model end-users' day-to-day security activities and how they relate to a broader social context; (ii) developing novel sociopetal cybersecurity systems and evaluating those systems with real user groups; and, (iii) creating and releasing a platform for facilitating the development and evaluation of future sociopetal cybersecurity systems.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

该提案探讨了通过鼓励合作和管理来改善网络安全系统的机会，人们通过合作和管理共同努力实现互利的网络安全成果。例如，同事可以相互负责，使他们的软件完全保持最新，或者受信任的专家可以为同意的非专家远程配置新笔记本电脑上的安全设置。相比之下，许多现有的安全系统不是为了实现或鼓励社会互动而设计的，这种情况往往导致混乱和不遵守。这项建议将涉及与人们一起进行研究，以了解合作和管理如何以及何时可能有益，同时沿着开发一个平台，促进评价和建设这种系统。拟议的工作应该增加我们对如何通过整合社交互动来设计和设计有效的现实世界网络安全系统的理解。此外，该项目将为本科生和研究生提供参与跨学科研究的机会。该提案结合了社会心理学、人机交互和设计的思想，以解决可用安全中一个简单而及时的问题：我们如何创建促进最终用户网络安全系统中的合作和管理的系统，以鼓励更好的网络安全行为？在本提案的背景下，最终用户可以被认为是直接与安全系统交互以保护自己资产的人;最终用户安全系统中的合作使人们能够共同采取行动，实现互利的安全目标或利益，最终用户安全系统中的管理工作使人们能够代表他人的安全目标或利益采取行动。这种合作和管理系统的结合可以说是社会性的，或者说是为了把人们聚集在一起。拟议的工作将包括三个相互作用的研究重点：㈠进行小组访谈和日记研究，以模拟最终用户的日常安全活动及其与更广泛的社会背景的关系; ㈡开发新的社会网络安全系统，并与真实的用户群体一起评估这些系统;并且，在本发明中，（三）创建并发布一个平台，以促进未来社会网络安全系统的开发和评估。该奖项反映了NSF的法定使命，通过使用基金会的知识价值和更广泛的影响审查标准进行评估，认为值得支持。

项目成果

"We Hold Each Other Accountable": Unpacking How Social Groups Approach Cybersecurity and Privacy Together

“我们互相问责”：揭示社会群体如何共同处理网络安全和隐私问题

• DOI: 10.1145/3313831.3376605
• 发表时间: 2020
• 期刊: Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems
• 作者: Watson, Hue;Moju-Igbene, Eyitemi;Kumari, Akanksha;Das, Sauvik
• 通讯作者: Das, Sauvik

Tensions between Access and Control in Makerspaces

创客空间的访问与控制之间的紧张关系

• DOI: 10.1145/3432914
• 发表时间: 2021
• 期刊: Proceedings of the ACM on Human-Computer Interaction
• 作者: Logas, Jacob;Zhong, Ruican;Almeida, Stephanie;Das, Sauvik
• 通讯作者: Das, Sauvik

Individually Vulnerable, Collectively Safe: The Security and Privacy Practices of Households with Older Adults

个体脆弱，集体安全：有老年人的家庭的安全和隐私实践

• DOI: 10.1145/3449212
• 发表时间: 2021
• 期刊: Proceedings of the ACM on Human-Computer Interaction
• 作者: Murthy, Savanthi;Bhat, Karthik S.;Das, Sauvik;Kumar, Neha
• 通讯作者: Kumar, Neha

A Typology of Perceived Triggers for End-User Security and Privacy Behaviors

最终用户安全和隐私行为的感知触发因素的类型学

• 发表时间: 2019
• 期刊: USENIX Symposium on Usable Privacy and Security (SOUPS
• 作者: Das, Sauvik;Dabbish, Laura A;Hong, Jason I.
• 通讯作者: Hong, Jason I.