buttonTrust
 

Contents

  • Research
  • Security Technology
  • Systems Science
  • Social Science You are here
  • Integrative Testbeds
  • References

    • Social Science (Coordinator: Pamela Samuelson)

    Privacy, legal, societal and usability issues will be built into the technology as it is developed rather than added on as an after-thought. The efforts here are in the areas of:
    1. Economics, Public Policy, and Societal Challenges,
    2. Digital Forensics and Privacy, and
    3. Human Computer Interfaces and Security.

    Economics, Public Policy, and Societal Challenges: Daniel McFadden, Hal Varian (team leader), Pamela Samuelson, Steven Weber

    Progress in computer networking has had the unintended consequence of provoking enormous social dislocations and turmoil, with ramifications in areas ranging from intellectual property to privacy and personal security. We need to study the implications of these trends. For example, questions of liability and insurance are increasingly visible in the nationís business and legislative agenda, and issues of liability have become an important topic given the cost of security incidents. Economic and legal analysis suggests that a due care standard provides appropriate incentives. However, without a clear understanding of sufficient standards or best practices, insurance companies do not have a clear basis on which to offer insurance policies covering security incidents. The interaction between liability, insurance, and care has been examined extensively in the law and economics literature [Shavell87]. However, new questions arise in the context of information security when "accidents" are often deliberate attacks. Hence an analysis of the incentive of attackers must be better modeled and analyzed. There are also a number of purely economic issues that need to be better understood. How can one quantify the benefits and costs from various security policies? How do public and private security policies interact? What are the nature and size of ětransactions costsî associated with security? We will address these questions and anticipate that our results will provide a solid basis for the establishment of policies, procedures and case law.

    Digital Forensics and Privacy: Kenneth Birman, Dan Boneh, John Mitchell, Michael Reiter, Pamela Samuelson, Doug Tygar (team leader), Steven Weber

    Privacy is a crosscutting issue and needs to be examined in conjunction with every other issue discussed in this proposal. However, as we examine principles of privacy (both for individuals and organizations) we will develop a set of common interfaces for specifying privacy requirements. This will allow privacy properties to be carried as information travels across compositional boundaries and will allow for uniform description of privacy policies and mechanisms. Special consideration results from government needs to access data and to monitor networks and detect suspicious patterns, without wide scale invasion of civil liberties [ISAT02,TYG03]. Work is needed on a number of topics including:
    • Strong audit: immutable audit records such that any modification to the records will be detectable, together with a method of reviewing audit records for potential violation of records. This is a specific instance of the more general problem of privacy-preserving data mining, that allows records to be searched and to provide information while limiting disclosure of sensitive and private information (see also [ESAG02,EGS03]).
    • Selective revelation of information: techniques to release minimal amounts of information. If it is necessary to search for a particular pattern of activities, we need to enable search methods that initially reveal limited, anonymized information, presenting an analyst with a notion of a person X who has matched the patterns. Recent work on "encrypted search" [SWP00,MMS02] and "private function evaluation" (e.g., [CIK01]) may be promising here. Equally important are the vital legal and social policy questions that emerge from such a capability.
    • Rule-processing technologies: techniques to handle appropriate labeling of private information and processing of private information. Information may come from a variety of sources with specific restrictions on its use and dissemination and with limitations on the accuracy of the information. This raises two basic questions:
      1. How do we label legacy data that is imported into such a privacy- respecting system?
      2. What is the proper labeling strategy for data derived from multiple sources?
    We will develop tools and technologies and frameworks for:
    • Privacy-Preserving Data Mining: Privacy-preserving data mining seeks to satisfy the desires to disclose or discover some information while protecting the privacy of other information.
    • Sensitive Data in Peer to Peer (P2P) Systems: We will explore several aspects of managing sensitive data in P2P systems [VS03], including a robust distributed reputation system and mechanisms for maintaining user privacy in a P2P network.
    • Identity Theft and Identity Privacy: Identity theft by impersonation is a fast growing crime in the U.S. Problems we will focus on include preventing web-spoofing attacks designed for stealing identities.
    • Privacy and Sensor Networks: Sensor networks raise many important privacy concerns, since they will likely handle privacy-sensitive personally-identifiable information [CP03]. We will study the technical, economic, and legal issues associated with privacy and sensor networks.

    Human Computer Interfaces and Security: Hector Garcia-Molina, Adrian Perrig, Michael Reiter (team leader), Dawn Song, Doug Tygar

    Many computer security errors can be attributed to limitations of the human-computer interface. One way these limitations manifest themselves is in mis-configuration of software systems, especially when the interfaces are so complex that users and administrators apply incorrect configuration parameters. Thus, we will examine fundamental design principles for usable security software and develop techniques for evaluating the usability of security software [Song03]. We have been designing methods for testing the usability of secure interfaces [WT99] and improving the usability of secure interfaces [WT03].

    A second well-known limitation of the human-computer interface is the difficulty of extracting strong secrets from human users (e.g., as for file encryption). Static passwords remain the dominant technology for extracting a repeatable secret from a human user, despite evident weakness. We will follow promising research in three areas to make headway on this key issue:

    1. strengthening standard passwords against dictionary attacks by exploiting network connectivity of the device into which the user inputs them [MR01],
    2. user biometric information to generate a stronger password secret [MRW02,MRLLS02], and
    3. the use of image recognition instead of textual passwords [DP00].

    A human user is often the Achilles heel of security systems. The first problem comes from uneducated users, as some users are not familiar with security and cryptography (e.g., they cannot distinguish a private key from a public key). Another problem is the mutual lack of information between the user's state of mind and the application state. This often leads to security problems, as the user expects the application to perform a certain action, which the application does not perform. Finally, humans cannot compute like computers; they cannot memorize and recall long random strings (see also a study by Anthony Joseph and David Culler [RHCJ02]). We will thus study approaches to overcome the barrier between humans and computers to achieve high security despite the difference in abilities.

    Previous: Systems Science
    Next: Integrative Testbeds

    You are not logged in
    © 2005-2008 Trust