TWC SBES: Medium: Collaborative: Crowdsourcing Security

TWC SBES：媒介：协作：众包安全

• 批准号: 1228364
• 负责人: Apu Kapadia
• 金额: $ 24.44万
• 依托单位: Indiana University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2012
• 资助国家: 美国
• 起止时间: 2012-09-01 至 2015-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1228364&HistoricalAwards=false
• 关键词: TWC; SBES; Medium; Collaborative; Crowdsourcing

Maintaining the security of one's systems and devices in a way that ensures the right balance between functionality, security, and convenience remains complicated for most people. For example, people are routinely asked by their systems whether to accept a security certificate, install an application, heed security warnings, or reconfigure operating-system security settings. While these examples represent situations in which people regularly find themselves, people rarely have any basis to make an informed decision or to establish one conveniently. This research examines the concept of 'crowdsourced security' where the solution lies in people leveraging members of their community to secure their systems and devices.The primary goal of this research is to determine the potential of crowdsourcing as a complementary strategy for enhancing security. An example challenge addressed in this research pertains to the security of one's personal data. Specifically the research seeks to develop security mechanisms that can exploit naturally occurring social relationships and utilize 'human computation' to shift the burden of security via authentication from machines to humans. Within this framework, the research investigates both questions about the technical effectiveness of crowdsourced security solutions, as well as socio-behavioral questions about users' preferences, motivations, and privacy concerns about such systems. This research will benefit society by producing a deeper understanding of how systems can be better secured through human participation and collaboration, moving beyond the status quo of current security mechanisms.

对于大多数人来说，以确保功能、安全性和便利性之间适当平衡的方式维护系统和设备的安全仍然很复杂。例如，系统经常询问人们是否接受安全证书、安装应用程序、注意安全警告或重新配置操作系统安全设置。虽然这些例子代表了人们经常遇到的情况，但人们很少有任何基础来做出明智的决定或方便地做出决定。这项研究探讨了“众包安全”的概念，其中解决方案在于人们利用社区成员来保护他们的系统和设备。这项研究的主要目标是确定众包作为增强安全性的补充策略的潜力。 本研究中解决的一个示例挑战涉及个人数据的安全性。具体来说，该研究旨在开发安全机制，可以利用自然发生的社会关系，并利用“人类计算”通过身份验证将安全负担从机器转移到人类。在此框架内，该研究调查了有关众包安全解决方案的技术有效性的问题，以及有关用户对此类系统的偏好、动机和隐私问题的社会行为问题。这项研究将通过更深入地了解如何通过人类参与和协作来更好地保护系统，超越当前安全机制的现状，从而造福社会。