CAREER: Security and Privacy Foundations of Internet-Scale User-Centered Automation

职业：互联网规模以用户为中心的自动化的安全和隐私基础

• 批准号: 2144376
• 负责人: Earlence Fernandes
• 金额: $ 54.53万
• 依托单位: University of Wisconsin-Madison
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-02-01 至 2023-02-28
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2144376&HistoricalAwards=false
• 关键词: CAREER; Security; Privacy; Foundations; Internet

This award is funded in whole or in part under the American Rescue Plan Act of 2021 (Public Law 117-2).The digital and physical resources of people, such as emails, health data, smart home, and city devices, are now accessible on the Internet. By bringing all these systems online and making them interoperable, system operators enable new functionality and drive efficiencies. The enabler of such useful interconnections is the Internet-scale automation system, whose hallmark is permitting non-programmers to create automations, thus democratizing the bridge between digital and physical resources. Unfortunately, these automation systems are not secure and do not guarantee user privacy— attackers can steal sensitive user data and manipulate resources, including physical ones, at large scale. This project pursues an integrated research and education approach to endow Internet-scale automation with the correct security and privacy foundations. The project’s novelty is leveraging the unique properties of Internet-scale automation to develop a framework for securing them that strikes different trade-offs in functionality, performance, security, and usability. The broader significance and importance of the project are empowering non-programmers to securely create automations that improve convenience, safety, and energy efficiency in a privacy-preserving fashion.To provide the correct security foundations, the project focuses on building least-privilege distributed computer systems. Specifically, the unique properties of Internet-scale automation allow the adaptation of techniques from the theory of language-based data minimization, computing on encrypted data and human-centered design. Contributions to applied cryptography and data minimization include system-level innovations to make practical use of garbled circuits and program dependency analyses. Contributions to human-centered design include empirical studies and data-driven interface designs to help users write better automation programs. Rather than finding the security architecture, the project develops a framework of security architectures that strikes different trade-off points in functionality, usability, security, privacy, and performance. The project also introduces an automation simulator that integrates research results and makes them available for experimentation to students at universities and K-12.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

该奖项全部或部分由2021年美国救援计划法案（公法117-2）资助。人们的数字和物理资源，如电子邮件，健康数据，智能家居和城市设备，现在可以在互联网上访问。通过将所有这些系统联机并使其具有互操作性，系统运营商可以实现新功能并提高效率。互联网规模的自动化系统是这种有用的互连的推动者，其标志是允许非程序员创建自动化，从而使数字和物理资源之间的桥梁民主化。不幸的是，这些自动化系统并不安全，也不能保证用户隐私--攻击者可以窃取敏感的用户数据，并大规模地操纵资源，包括物理资源。该项目采用综合研究和教育方法，为互联网规模的自动化提供正确的安全和隐私基础。该项目的新奇之处在于利用互联网规模自动化的独特属性来开发一个框架，以保护它们在功能，性能，安全性和可用性方面进行不同的权衡。该项目更广泛的意义和重要性是使非程序员能够安全地创建自动化，以保护隐私的方式提高便利性，安全性和能源效率。为了提供正确的安全基础，该项目专注于构建最低特权的分布式计算机系统。具体而言，互联网规模自动化的独特属性允许从基于语言的数据最小化理论，加密数据计算和以人为本的设计中调整技术。对应用密码学和数据最小化的贡献包括系统级创新，以实际使用乱码电路和程序依赖性分析。对以人为本的设计的贡献包括实证研究和数据驱动的界面设计，以帮助用户编写更好的自动化程序。该项目不是寻找安全架构，而是开发一个安全架构框架，在功能，可用性，安全性，隐私和性能方面进行不同的权衡。该项目还引入了一个自动化模拟器，该模拟器集成了研究结果，并将其提供给大学和K-12的学生进行实验。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。