Collaborative Research: SaTC: CORE: Medium: Toward safe, private, and secure home automation: from formal modeling to user evaluation
协作研究:SaTC:核心:中:迈向安全、私密和可靠的家庭自动化:从形式建模到用户评估
基本信息
- 批准号:2320903
- 负责人:
- 金额:$ 34.16万
- 依托单位:
- 依托单位国家:美国
- 项目类别:Standard Grant
- 财政年份:2022
- 资助国家:美国
- 起止时间:2022-10-01 至 2024-10-31
- 项目状态:已结题
- 来源:
- 关键词:
项目摘要
IoT devices such as smart door locks and platforms and applications that connect these devices and other online services (e.g., IFTTT, Zapier) make life more convenient but have also raised security and privacy concerns. These concerns arise because smart home devices can collect potentially sensitive data about their users and the data and devices can be accessed (e.g., to unlock doors or disable home security systems) in the absence of physical human actions. Further, the risks posed by smart-home devices can impact people other than the device owners, such as home service workers and children. There is a need for a systematic understanding of the security and privacy impact of such platforms. However, existing work is often too coarse-grained to capture the context in which these devices are used (e.g., camera in public area vs. in the bedroom) and mostly focuses on risks and harms to device owners rather than more broadly. This project aims to gain a deeper understanding of smart homes' security and privacy impact, with a focus on end-user programming platforms like IFTTT and Zapier, and to mitigate potential harms via formal modeling and automated analysis tools. One of the identifying characteristics of this project is that user studies are used to both identify user needs and to evaluate potential solutions, including models and formal analysis tools.This project follows an iterative process, where tools and models are first built (based on results of preliminary user studies); next, user studies are conducted to evaluate the tools and learn about users' needs; then, results from user studies are used to refine the tools and models. This project builds detailed, context-rich models and characterizations of risks and harms from home automation platforms, customized to individual users' perspective, and thus fills the gap between what existing models and tools can do and users' perceptions and needs. This project also builds usable, context-aware, configurable analysis tools that extend traditional information-flow analysis to calculate attackers’ precise knowledge of and influence over the system. These analysis tools take into consideration different threat models, which account for attackers’ different capabilities to observe relevant events and interact with the system. Finally, the project designs warnings and nudges to help users understand their smart home systems better and avoid potential harm.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
智能门锁和平台等物联网设备以及连接这些设备和其他在线服务(如IFTTT、Zapier)的应用程序使生活变得更加方便,但也引发了安全和隐私方面的担忧。之所以出现这些担忧,是因为智能家居设备可以收集关于其用户的潜在敏感数据,并且可以在没有实际人为操作的情况下访问这些数据和设备(例如,打开门锁或禁用家庭安全系统)。此外,智能家居设备带来的风险可能会影响设备所有者以外的其他人,如家庭服务人员和儿童。有必要对这类平台的安全和隐私影响有系统的了解。然而,现有的工作往往过于粗略,无法捕捉到这些设备使用的背景(例如,公共场所的摄像头与卧室中的摄像头),并且主要关注设备所有者的风险和伤害,而不是更广泛的。该项目旨在更深入地了解智能家居的安全和隐私影响,重点是IFTTT和Zapier等最终用户编程平台,并通过正式的建模和自动化分析工具来缓解潜在的危害。这个项目的特点之一是,用户研究既用于识别用户需求,也用于评估潜在的解决方案,包括模型和正式分析工具。该项目遵循迭代过程,首先(基于初步用户研究的结果)建立工具和模型;然后进行用户研究以评估工具并了解用户需求;然后使用用户研究的结果来改进工具和模型。该项目构建了详细的、背景丰富的模型,并根据个人用户的角度对家庭自动化平台的风险和危害进行了表征,从而填补了现有模型和工具的功能与用户感知和需求之间的差距。该项目还构建了可用的、上下文感知的、可配置的分析工具,这些工具扩展了传统的信息流分析,以计算攻击者对系统的准确了解和影响。这些分析工具考虑了不同的威胁模型,这些模型考虑了攻击者观察相关事件和与系统交互的不同能力。最后,该项目设计了警告和提示,以帮助用户更好地了解他们的智能家居系统,并避免潜在的危害。该奖项反映了NSF的法定使命,并通过使用基金会的智力优势和更广泛的影响审查标准进行评估,被认为值得支持。
项目成果
期刊论文数量(3)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)
Exploring Smart Commercial Building Occupants’ Perceptions and Notification Preferences of Internet of Things Data Collection in the United States
探索美国智能商业建筑住户对物联网数据收集的认知和通知偏好
- DOI:10.1109/eurosp57164.2023.00064
- 发表时间:2023
- 期刊:
- 影响因子:0
- 作者:Le, Tu;Wang, Alan;Yao, Yaxing;Feng, Yuanyuan;Heydarian, Arsalan;Sadeh, Norman;Tian, Yuan
- 通讯作者:Tian, Yuan
Cerberus : Query-driven Scalable Security Checking for OAuth Service Provider Implementations
- DOI:
- 发表时间:2022
- 期刊:
- 影响因子:0
- 作者:Tamjid Al Rahat
- 通讯作者:Tamjid Al Rahat
SkillBot: Identifying Risky Content for Children in Alexa Skills
- DOI:10.1145/3539609
- 发表时间:2021-02
- 期刊:
- 影响因子:0
- 作者:Tu Le;D. Huang;Noah J. Apthorpe;Yuan Tian
- 通讯作者:Tu Le;D. Huang;Noah J. Apthorpe;Yuan Tian
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
数据更新时间:{{ journalArticles.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ monograph.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ sciAawards.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ conferencePapers.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ patent.updateTime }}
Yuan Tian其他文献
Direct de/carboxylation of cannabidiolic acid (CBDA) and cannabidiol (CBD) from hemp plant material under supercritical CO2.
在超临界 CO2 下直接脱羧来自大麻植物材料的大麻二酚酸 (CBDA) 和大麻二酚 (CBD)。
- DOI:
10.1080/10286020.2024.2345825 - 发表时间:
2024 - 期刊:
- 影响因子:1.7
- 作者:
Baochang Gao;Yufeng Sun;Yuan Tian;Yu Shi;Zhi;Guoliang Mao - 通讯作者:
Guoliang Mao
Investigation on broadband propagation characteristic of terahertz electromagnetic wave in anisotropic magnetized plasma in frequency and time domain
太赫兹电磁波在各向异性磁化等离子体中频时域宽带传播特性研究
- DOI:
10.1063/1.4905227 - 发表时间:
2014-12 - 期刊:
- 影响因子:2.2
- 作者:
Yuan Tian;Xia Ai;Yiping Han;Xiuxiang Liu - 通讯作者:
Xiuxiang Liu
Mapping the drivers of formaldehyde (HCHO) variability from 2015 to 2019 over eastern China: insights from Fourier transform infrared observation and GEOS-Chem model simulation
绘制 2015 年至 2019 年中国东部甲醛 (HCHO) 变化的驱动因素:傅里叶变换红外观测和 GEOS-Chem 模型模拟的见解
- DOI:
10.5194/acp-21-6365-2021 - 发表时间:
2021-04 - 期刊:
- 影响因子:6.3
- 作者:
Youwen Sun;Hao Yin;Cheng Liu;Lin Zhang;Yuan Cheng;Mathias Palm;Justus Notholt;Xiao Lu;Corinne Vigouroux;Bo Zheng;Wei Wang;Nicholas Jones;Changong Shan;Min Qin;Yuan Tian;Qihou Hu;Fanhao Meng;Jianguo Liu - 通讯作者:
Jianguo Liu
Methyphenidate improves spatial memory of spontameously hypertensive rats:Evidence in behavioral and ultrastructural changes.
哌甲酯改善自发性高血压大鼠的空间记忆:行为和超微结构变化的证据。
- DOI:
- 发表时间:
- 期刊:
- 影响因子:2.5
- 作者:
Yuan Tian;Kiyoshi Maeda;Yaping Wang;Yongning Deng - 通讯作者:
Yongning Deng
Discovering Temporal Similarity Pattern Based on Metamorphosis Data
基于变形数据发现时间相似性模式
- DOI:
- 发表时间:
2009 - 期刊:
- 影响因子:0
- 作者:
Yuan Tian - 通讯作者:
Yuan Tian
Yuan Tian的其他文献
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
{{ truncateString('Yuan Tian', 18)}}的其他基金
Collaborative Research: Frameworks: MobilityNet: A Trustworthy CI Emulation Tool for Cross-Domain Mobility Data Generation and Sharing towards Multidisciplinary Innovations
协作研究:框架:MobilityNet:用于跨域移动数据生成和共享以实现多学科创新的值得信赖的 CI 仿真工具
- 批准号:
2411153 - 财政年份:2024
- 资助金额:
$ 34.16万 - 项目类别:
Standard Grant
Collaborative Research: DASS: Assessing the Relationship Between Privacy Regulations and Software Development to Improve Rulemaking and Compliance
合作研究:DASS:评估隐私法规与软件开发之间的关系以改进规则制定和合规性
- 批准号:
2317184 - 财政年份:2023
- 资助金额:
$ 34.16万 - 项目类别:
Standard Grant
CICI: RDP: Enforcing Security and Privacy Policies to Protect Research Data
CICI:RDP:执行安全和隐私政策以保护研究数据
- 批准号:
2325369 - 财政年份:2022
- 资助金额:
$ 34.16万 - 项目类别:
Standard Grant
CAREER: Secure Voice-Controlled Platforms
职业:安全语音控制平台
- 批准号:
2323105 - 财政年份:2022
- 资助金额:
$ 34.16万 - 项目类别:
Continuing Grant
Collaborative Research: SaTC: CORE: Medium: Toward safe, private, and secure home automation: from formal modeling to user evaluation
协作研究:SaTC:核心:中:迈向安全、私密和可靠的家庭自动化:从形式建模到用户评估
- 批准号:
2114074 - 财政年份:2021
- 资助金额:
$ 34.16万 - 项目类别:
Standard Grant
CAREER: Secure Voice-Controlled Platforms
职业:安全语音控制平台
- 批准号:
1943100 - 财政年份:2020
- 资助金额:
$ 34.16万 - 项目类别:
Continuing Grant
CRII: SaTC: Improving the Usability and Effectiveness of Security and Privacy Settings in Mobile Apps
CRII:SaTC:提高移动应用程序中安全和隐私设置的可用性和有效性
- 批准号:
1850479 - 财政年份:2019
- 资助金额:
$ 34.16万 - 项目类别:
Standard Grant
CICI: RDP: Enforcing Security and Privacy Policies to Protect Research Data
CICI:RDP:执行安全和隐私政策以保护研究数据
- 批准号:
1920462 - 财政年份:2019
- 资助金额:
$ 34.16万 - 项目类别:
Standard Grant
相似国自然基金
Research on Quantum Field Theory without a Lagrangian Description
- 批准号:24ZR1403900
- 批准年份:2024
- 资助金额:0.0 万元
- 项目类别:省市级项目
Cell Research
- 批准号:31224802
- 批准年份:2012
- 资助金额:24.0 万元
- 项目类别:专项基金项目
Cell Research
- 批准号:31024804
- 批准年份:2010
- 资助金额:24.0 万元
- 项目类别:专项基金项目
Cell Research (细胞研究)
- 批准号:30824808
- 批准年份:2008
- 资助金额:24.0 万元
- 项目类别:专项基金项目
Research on the Rapid Growth Mechanism of KDP Crystal
- 批准号:10774081
- 批准年份:2007
- 资助金额:45.0 万元
- 项目类别:面上项目
相似海外基金
Collaborative Research: SaTC: CORE: Medium: Using Intelligent Conversational Agents to Empower Adolescents to be Resilient Against Cybergrooming
合作研究:SaTC:核心:中:使用智能会话代理使青少年能够抵御网络诱骗
- 批准号:
2330940 - 财政年份:2024
- 资助金额:
$ 34.16万 - 项目类别:
Continuing Grant
Collaborative Research: SaTC: CORE: Medium: Differentially Private SQL with flexible privacy modeling, machine-checked system design, and accuracy optimization
协作研究:SaTC:核心:中:具有灵活隐私建模、机器检查系统设计和准确性优化的差异化私有 SQL
- 批准号:
2317232 - 财政年份:2024
- 资助金额:
$ 34.16万 - 项目类别:
Continuing Grant
Collaborative Research: NSF-BSF: SaTC: CORE: Small: Detecting malware with machine learning models efficiently and reliably
协作研究:NSF-BSF:SaTC:核心:小型:利用机器学习模型高效可靠地检测恶意软件
- 批准号:
2338301 - 财政年份:2024
- 资助金额:
$ 34.16万 - 项目类别:
Continuing Grant
Collaborative Research: SaTC: CORE: Medium: Differentially Private SQL with flexible privacy modeling, machine-checked system design, and accuracy optimization
协作研究:SaTC:核心:中:具有灵活隐私建模、机器检查系统设计和准确性优化的差异化私有 SQL
- 批准号:
2317233 - 财政年份:2024
- 资助金额:
$ 34.16万 - 项目类别:
Continuing Grant
Collaborative Research: NSF-BSF: SaTC: CORE: Small: Detecting malware with machine learning models efficiently and reliably
协作研究:NSF-BSF:SaTC:核心:小型:利用机器学习模型高效可靠地检测恶意软件
- 批准号:
2338302 - 财政年份:2024
- 资助金额:
$ 34.16万 - 项目类别:
Continuing Grant
Collaborative Research: SaTC: CORE: Medium: Using Intelligent Conversational Agents to Empower Adolescents to be Resilient Against Cybergrooming
合作研究:SaTC:核心:中:使用智能会话代理使青少年能够抵御网络诱骗
- 批准号:
2330941 - 财政年份:2024
- 资助金额:
$ 34.16万 - 项目类别:
Continuing Grant
Collaborative Research: SaTC: CORE: Small: Towards Secure and Trustworthy Tree Models
协作研究:SaTC:核心:小型:迈向安全可信的树模型
- 批准号:
2413046 - 财政年份:2024
- 资助金额:
$ 34.16万 - 项目类别:
Standard Grant
Collaborative Research: SaTC: EDU: RoCCeM: Bringing Robotics, Cybersecurity and Computer Science to the Middled School Classroom
合作研究:SaTC:EDU:RoCCeM:将机器人、网络安全和计算机科学带入中学课堂
- 批准号:
2312057 - 财政年份:2023
- 资助金额:
$ 34.16万 - 项目类别:
Standard Grant
Collaborative Research: SaTC: CORE: Small: Investigation of Naming Space Hijacking Threat and Its Defense
协作研究:SaTC:核心:小型:命名空间劫持威胁及其防御的调查
- 批准号:
2317830 - 财政年份:2023
- 资助金额:
$ 34.16万 - 项目类别:
Continuing Grant
Collaborative Research: SaTC: CORE: Small: Towards a Privacy-Preserving Framework for Research on Private, Encrypted Social Networks
协作研究:SaTC:核心:小型:针对私有加密社交网络研究的隐私保护框架
- 批准号:
2318843 - 财政年份:2023
- 资助金额:
$ 34.16万 - 项目类别:
Continuing Grant