CT-M: Usable Security for Digital Home Storage

CT-M：数字家庭存储的可用安全性

• 批准号: 0831407
• 负责人: Ljudevit Bauer
• 金额: $ 100万
• 依托单位: Carnegie-Mellon University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2008
• 资助国家: 美国
• 起止时间: 2008-09-01 至 2013-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0831407&HistoricalAwards=false
• 关键词: CT; Usable; Security; Digital; Home

This project explores an architecture, mechanisms, and interfaces for helping users manage access control in the digital home.The home is a challenging, yet critical, target for usable security.It requires abstractions that are intuitive for laypeople, interfaces that allow users to manipulate those abstractions, and access-control and storage infrastructure that can support the abstractions. Without a holistic, usable approach to access-control management, adoption of new technology in the home will be slowed and there will be no effective data security once the transition inevitably occurs. Based on their early experiences with home storage, the PIs seek to adapt and integrate:(1) the semantic query as an abstraction for describing a set of files to which a specific policy applies;(2) the Expandable Grid as a visual interaction technique for creating, editing, and viewing security policies;(3) logic-based access control as a rigorous foundation for specifying and implementing policies.User studies, surveys, and test deployments are a core component of the project; they are used to discover needs of users in the digital home and users' ability to effectively apply approaches developed.The project has several forms of impact. First, it develops tools and techniques that can significantly simplify the use of access control in the digital home. Second, it increases understanding of user behavior and access-control needs in the emerging home storage environment. Third, it enhances education at CMU and elsewhere, as new insights are embedded into storage systems, distributed systems, and computer security classes taught by the PIs.

该项目探索了一种架构、机制和界面，用于帮助用户管理数字家庭中的访问控制。家庭是可用安全性的一个具有挑战性但又至关重要的目标。它需要对外行来说直观的抽象，以及允许用户操作的界面这些抽象以及可以支持这些抽象的访问控制和存储基础设施。 如果没有全面、可用的访问控制管理方法，新技术在家庭中的采用将会减慢，并且一旦不可避免地发生过渡，将不会有有效的数据安全。 根据他们早期在家庭存储方面的经验，PI 寻求适应和集成：(1) 语义查询作为抽象，用于描述应用特定策略的一组文件；(2) 可扩展网格作为视觉交互技术用于创建、编辑和查看安全策略；(3) 基于逻辑的访问控制作为指定和实施策略的严格基础。用户研究、调查和测试部署是该项目的核心组成部分；它们用于发现数字家庭中用户的需求以及用户有效应用所开发方法的能力。该项目具有多种形式的影响。 首先，它开发的工具和技术可以显着简化数字家庭中访问控制的使用。 其次，它增加了对新兴家庭存储环境中用户行为和访问控制需求的了解。 第三，它增强了卡耐基梅隆大学和其他地方的教育，因为新的见解被嵌入到 PI 教授的存储系统、分布式系统和计算机安全课程中。