Collaborative Research: SaTC: CORE: Small: Tracking User Behavior, Cognitive Burdens, and the Impact of Behavioral Nudging on Security Updates by Young and Older Adults

协作研究：SaTC：核心：小型：跟踪用户行为、认知负担以及行为助推对年轻人和老年人安全更新的影响

• 批准号: 2007651
• 负责人: Amy Overman
• 金额: $ 10万
• 依托单位: Elon University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2020
• 资助国家: 美国
• 起止时间: 2020-10-01 至 2023-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2007651&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; CORE; Small

Computer security significantly depends on user behaviors, including choices about whether and when to apply software updates. Many security problems, including high-profile data breaches, are caused by failure to update vulnerable software, even after security issues are known and patches are available. In order to make computing more secure, there is a need to better understand the decision-making processes of users regarding their choices to apply, delay, or ignore security-related software updates. For example, how are decisions about software updates affected by other tasks the user is currently performing? How is the decision-making process different for users who are older adults versus users who are young adults? This project seeks to answer these questions with experiments that place young and older adult users in a variety of security-related software updating situations to test specific theories of how task-related factors and cognitive aging influence behavior. The research team includes computer scientists and cognitive psychologists, and will innovatively combine knowledge from these two areas. The project serves the national interest both by advancing scientific knowledge of decision making processes, and how that knowledge may be applied to promote public welfare through increased computing security.The project uses multiple, complementary methods to increase understanding of cybersecurity behaviors of non-expert users in personal computing environments, including: systematic evaluation of the security update ecosystem to identify factors that may affect cybersecurity behaviors; surveying non-expert users to measure attitudes and expected behaviors in response to various software update scenarios; development and field testing of specific software update scenarios in personal computing environments; and development and testing of behavioral nudge interventions hypothesized to increase compliance with security-related software updating. These methods are employed to test the efficacy of protection motivation theory, cognitive load theory, and locus of control theory in the cybersecurity domain, and the results will contribute to the development of efficacious security-related software update strategies.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

计算机安全在很大程度上取决于用户行为，包括是否以及何时应用软件更新的选择。许多安全问题，包括备受瞩目的数据泄露，都是由于未能更新易受攻击的软件造成的，即使在已知安全问题并提供补丁之后。为了使计算更加安全，需要更好地了解用户在选择应用、延迟或忽略与安全相关的软件更新方面的决策过程。例如，有关软件更新的决策如何受到用户当前正在执行的其他任务的影响？老年用户与年轻用户的决策过程有何不同？该项目旨在通过实验来回答这些问题，这些实验将年轻和老年用户置于各种与安全相关的软件更新情况下，以测试任务相关因素和认知老化如何影响行为的特定理论。研究团队包括计算机科学家和认知心理学家，并将创新性地将这两个领域的知识联合收割机结合起来。该项目通过提高决策过程的科学知识以及如何通过提高计算安全性将这些知识应用于促进公共福利来服务于国家利益。该项目使用多种互补方法来提高对个人计算环境中非专家用户网络安全行为的理解，包括：对安全更新生态系统进行系统评估，以确定可能影响网络安全行为的因素;调查非专家用户，以衡量他们对各种软件更新场景的态度和预期行为;开发和现场测试个人计算环境中的特定软件更新方案;以及开发和测试行为推动干预措施，假设这些干预措施可提高与安全相关的软件更新的合规性。这些方法被用来测试保护动机理论、认知负荷理论和控制点理论在网络安全领域的有效性，其结果将有助于制定有效的安全相关软件更新策略。该奖项反映了NSF的法定使命，并通过使用基金会的智力价值和更广泛的影响审查标准进行评估，被认为值得支持。