Risk Management

The ability to generate random numbers -- to flip coins -- is crucial for many computing tasks, from Monte Carlo simulation to secure communications. The theory of building such subsystems to generate random numbers is well understood, but the gap between theory and practice is surprisingly wide. As built today, these subsystems are opaque and fragile. Flaws in these subsystems can compromise the security of millions of Internet hosts.

Considerable research in the field has been focused on developing new technologies to enhance privacy; encryption of personal data is often presented as a potential solution. Many of the technologies resulting from this research are not being effectively utilized because of issues rooted in human judgment under risk and uncertainty. The majority of existing models and products related to human judgement are based on a limited number of documented incidents and on questionable assumptions about user intent and behavior.

End-users' online behavior can significantly affect the reliability and security of next-generation software systems. For instance, skipping repeated requests to update software or ignoring security warnings while visiting unknown websites, while extremely dangerous, are not uncommon. Although end-users' actions (or inactions) often open up the opportunity for cyber-attacks, the lack of emotional appeals and poor design of the current software update/warning messages are to blame to a large extent for such risky behavior, which is addressed as follows.

As the frequency and complexity of cyber attacks increase, approaches to create secure computing environments must look beyond technical barriers that protect from the outside to building a collaborative culture of cyber health from the inside. Use of online incentives have been shown to be an effective tool for enhancing an individual's engagement with a task.

Cloud computing has emerged as one of the most successful computing models in recent years. However, lack of accountability and non-compliance with data protection regulations have prevented major users such as business, healthcare, and defense organizations from utilizing clouds for sensitive data and applications. Due to the lack of information about cloud internals and the inability to perform trustworthy audits, today's clouds are often not used in regulated industries, preventing their widespread adoption.