USE: User Security Behavior (CMU/Berkeley/University of Pittsburgh Collaborative Proposal) - October 2014
Public Audience
Purpose: To highlight progress. Information is generally at a higher level which is accessible to the interested public.
PI(s): A. Acquisti, L.F. Cranor, N. Christin, R. Telang
Researchers: Alain Forget (CMU), Serge Egelman (Berkeley), and Scott Beach (Univ of Pittsburgh)
HARD PROBLEM(S) ADDRESSED
This refers to Hard Problems, released November 2012.
5. Understanding and Accounting for Human Behavior
The Security Behavior Observatory addresses the hard problem of "Understanding and Accounting for Human Behavior" by collecting data directly from people's own home computers, thereby capturing people's computing behavior "in the wild". This data is the closest to the ground truth of the users' everyday security and privacy challenges that the research community has ever collected. We expect the insights discovered by analyzing this data will profoundly impact multiple research domains, including but not limited to behavioral sciences, computer security & privacy, economics, and human-computer interaction.
PUBLICATIONS
Report papers written as a results of this research. If accepted by or submitted to a journal, which journal. If presented at a conference, which conference.
We have published the following technical report describing our data collection architecture and the various issues and design decisions surrounding building and deploying a large-scale data collection infrastructure: A. Forget, S. Komanduri, A. Acquisti, N. Christin, L.F. Cranor, R. Telang. "Security Behavior Observatory: Infrastructure for Long-term Monitoring of Client Machines." Carnegie Mellon University CyLab Technical Report CMU-CyLab-14-009. https://www.cylab.cmu.edu/research/techreports/2014/tr_cylab14009.html (accessed 2014-09-05)
We have also given an invited presentation of our project, as well as an archival poster presentation, at the IEEE Symposium and Bootcamp on the Science of Security 2014 (HotSoS, http://www.csc2.ncsu.edu/conferences/hotsos/index.html).
By its very nature - building infrastructure to collect data, then collecting, and eventually analyzing the data - the project has a long set up phase. As a result, it will likely be much more publication-centered toward the second half of its projected duration. However, we are confident that the greater number and quality of sensors we are building, and the more secure, reliable, and robust infrastructure we continue to build will provide more and better data, resulting in more and stronger publications.
However, now that we are launching our data collection pilot study, we hope to compile the lessons learnt about building and launching such a large-scale field study into an early publication. We also hope the pilot will go smoothly enough that we could submit a paper with early results from the short-term data collected.
ACCOMPLISHMENT HIGHLIGHTS
1) We have launched our data collection architecture pilot study, and have thus far not encountered any technical challenges.
2) With the launch of our pilot study, we are now also pilot testing numerous data collection sensors, which are collecting live field data on client machines' processes, filesystem meta-data (e.g., file path, file size, date created, date modified, permissions), network packet headers, Windows security logs, Windows updates, installed software, and wireless access points.
For more information on our data collection architecture, please see our technical report: A. Forget, S. Komanduri, A. Acquisti, N. Christin, L.F. Cranor, R. Telang. "Security Behavior Observatory: Infrastructure for Long-term Monitoring of Client Machines." Carnegie Mellon University CyLab Technical Report CMU-CyLab-14-009. https://www.cylab.cmu.edu/research/techreports/2014/tr_cylab14009.html (accessed 2014-09-05)