CAREER: Security and Privacy Foundations of Internet-Scale User-Centered Automation

职业：互联网规模以用户为中心的自动化的安全和隐私基础

• 批准号: 2144376
• 负责人: Earlence Fernandes
• 金额: $ 54.53万
• 依托单位: University of Wisconsin-Madison
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-02-01 至 2023-02-28
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2144376&HistoricalAwards=false
• 关键词: CAREER; Security; Privacy; Foundations; Internet

This award is funded in whole or in part under the American Rescue Plan Act of 2021 (Public Law 117-2).The digital and physical resources of people, such as emails, health data, smart home, and city devices, are now accessible on the Internet. By bringing all these systems online and making them interoperable, system operators enable new functionality and drive efficiencies. The enabler of such useful interconnections is the Internet-scale automation system, whose hallmark is permitting non-programmers to create automations, thus democratizing the bridge between digital and physical resources. Unfortunately, these automation systems are not secure and do not guarantee user privacy— attackers can steal sensitive user data and manipulate resources, including physical ones, at large scale. This project pursues an integrated research and education approach to endow Internet-scale automation with the correct security and privacy foundations. The project’s novelty is leveraging the unique properties of Internet-scale automation to develop a framework for securing them that strikes different trade-offs in functionality, performance, security, and usability. The broader significance and importance of the project are empowering non-programmers to securely create automations that improve convenience, safety, and energy efficiency in a privacy-preserving fashion.To provide the correct security foundations, the project focuses on building least-privilege distributed computer systems. Specifically, the unique properties of Internet-scale automation allow the adaptation of techniques from the theory of language-based data minimization, computing on encrypted data and human-centered design. Contributions to applied cryptography and data minimization include system-level innovations to make practical use of garbled circuits and program dependency analyses. Contributions to human-centered design include empirical studies and data-driven interface designs to help users write better automation programs. Rather than finding the security architecture, the project develops a framework of security architectures that strikes different trade-off points in functionality, usability, security, privacy, and performance. The project also introduces an automation simulator that integrates research results and makes them available for experimentation to students at universities and K-12.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

该奖项是根据2021年《美国救援计划法》的全部或部分资助（公共法117-2）。现在可以在互联网上访问人们的数字和物理资源，例如电子邮件，健康数据，智能家居和城市设备。通过使所有这些系统在线并使它们可互操作，系统操作员可以实现新的功能并推动效率。这种有用的互连的推动者是Internet规模的自动化系统，该系统的标志被允许非程序员创建自动化，从而使数字和物理资源之间的桥梁民主化。不幸的是，这些自动化系统不安全，也不保证用户隐私 - 攻击者可以窃取敏感的用户数据并大规模操纵包括物理的资源（包括物理资源）。该项目采用综合的研究和教育方法，以正确的安全性和隐私基础赋予互联网规模的自动化。该项目的新颖性是利用Internet规模自动化的独特属性开发一个框架，以确保它们在功能，性能，安全性和可用性方面进行不同的权衡。该项目的更广泛的意义和重要性是赋予非程序员的能力，以安全地创建自动化，从而提高隐私性的方便，安全性和能源效率。为了提供正确的安全基础，该项目着重于构建最小易边的分布式计算机系统。具体而言，Internet规模自动化的独特属性允许从基于语言的数据最小化，对加密数据和以人为本的设计进行计算的技术适应技术。对应用加密和数据最小化的贡献包括系统级创新，以实际利用乱码电路和程序依赖性分析。以人为本的设计的贡献包括经验研究和数据驱动的界面设计，以帮助用户编写更好的自动化程序。该项目没有找到安全体系结构，而是开发了一个安全体系结构框架，该框架在功能，可用性，安全性，隐私和性能方面取消了不同的权衡点。该项目还介绍了一个自动化模拟器，该模拟器将研究结果集成并使其可用于对大学的学生进行实验和K-12的实验。该奖项反映了NSF的法定任务，并被认为是值得通过基金会的知识分子和更广泛影响的审查标准的评估来获得支持的。