Social, behavioral and economic science

group_project

Visible to the public EAGER: Neurobiological Basis of Decision Making in Online Environments

Considerable research in the field has been focused on developing new technologies to enhance privacy; encryption of personal data is often presented as a potential solution. Many of the technologies resulting from this research are not being effectively utilized because of issues rooted in human judgment under risk and uncertainty. The majority of existing models and products related to human judgement are based on a limited number of documented incidents and on questionable assumptions about user intent and behavior.

group_project

Visible to the public EAGER: Cybercrime Science

This project examines three properties of underground cybercrime communities: 1) profitability, 2) connectivity, 3) and sustainability. It identifies qualitative and quantitative metrics for these properties as well as discusses the relative effectiveness of distinct operationalization of these metrics under different levels of data granularity. The goal is to develop metrics that provide meaning indicators even when data is limited. for example, if public posts are available but not private messages between individual cybercriminals.

group_project

Visible to the public TWC SBE: Option: Small: Building Public Cyber Health - Designing and Testing the Efficacy of a School-Focused, Gamification Approach to Create a Secure Computing Environment

As the frequency and complexity of cyber attacks increase, approaches to create secure computing environments must look beyond technical barriers that protect from the outside to building a collaborative culture of cyber health from the inside. Use of online incentives have been shown to be an effective tool for enhancing an individual's engagement with a task.

group_project

Visible to the public TWC SBE TTP: Medium: Bringing Anthropology into Cybersecurity

This research applies anthropological methods to study cybersecurity analysts working in Security Operation Centers (SOC). These analysts process large amounts of data while handling cyber threats. The job requires intelligence and high levels of skills but has many mundane/repetitive aspects. Adequate tool support is largely lacking and many of the skills and procedures involved are uncodified and undocumented resulting in a large body of "tacit knowledge." This project places researchers trained in both cybersecurity and anthropology into SOCs, working side by side with the analysts.

group_project

Visible to the public TWC: Medium: Collaborative: Towards Securing Coupled Financial and Power Systems in the Next Generation Smart Grid

For nearly 40 years, the United States has faced a critical problem: increasing demand for energy has outstripped the ability of the systems and markets that supply power. Today, a variety of promising new technologies offer a solution to this problem. Clean, renewable power generation, such as solar and wind are increasingly available. Hybrid and plug-in electric vehicles offer greater energy efficiency in transportation.

group_project

Visible to the public TWC: Medium: Collaborative: Capturing People's Expectations of Privacy with Mobile Apps by Combining Automated Scanning and Crowdsourcing Techniques

The goal of our work is to (a) capture people's expectations and surprises in using mobile apps in a scalable manner, and to (b) summarize these perceptions in a simple format to help people make better trust decisions. Our main idea is analyzing privacy in the form of people's expectations about what an app will and won't do, focusing on where an app breaks people's expectations. We are building an App Scanner that combines automated scanning techniques with crowdsourcing.

group_project

Visible to the public TWC: Medium: Collaborative: Neuroscience Meets Computer Security: Designing Systems Secure Against Coercion Attacks

Coercion attacks that compel an authorized user to reveal his or her secret authentication credentials can give attackers access to restricted systems. The PIs are developing a new approach to preventing coercion attacks using the concept of implicit learning from cognitive psychology. Implicit learning refers to learning of patterns without any conscious knowledge of the learned pattern. Using a carefully crafted keyboard-based computer game the PIs plant a secret password in the participant's brain without the participant having any conscious knowledge of the trained password.

group_project

Visible to the public TWC: TTP Option: Large: Collaborative: Towards a Science of Censorship Resistance

The proliferation and increasing sophistication of censorship warrants continuing efforts to develop tools to evade it. Yet, designing effective mechanisms for censorship resistance ultimately depends on accurate models of the capabilities of censors, as well as how those capabilities will likely evolve. In contrast to more established disciplines within security, censorship resistance is relatively nascent, not yet having solid foundations for understanding censor capabilities or evaluating the effectiveness of evasion technologies.

group_project

Visible to the public TWC: Small: Collaborative: Reputation-Escalation-as-a-Service: Analyses and Defenses

Living in an age when services are often rated, people are increasingly depending on reputation of sellers or products/apps when making purchases online. This puts pressure on people to gain and maintain a high reputation by offering reliable and high-quality services and/or products, which benefits the society at large. Unfortunately, due to extremely high competition in e-commerce or app stores, recently reputation manipulation related services have quickly developed into a sizable business, which is termed Reputation-Escalation-as-a-Service (REaaS).

group_project

Visible to the public TWC: SBES: Small: Modeling the Economics of Search-Engine Manipulation

Many recent security attacks are financially motivated. Understanding how attackers monetize their activities is critical to combine technological, legal, and economic intervention to render certain classes of attacks unprofitable, and disincentivize miscreants from considering them.