| NSF Org: |
CNS Division Of Computer and Network Systems |
| Recipient: |
|
| Initial Amendment Date: | January 24, 2014 |
| Latest Amendment Date: | March 2, 2018 |
| Award Number: | 1351058 |
| Award Instrument: | Continuing Grant |
| Program Manager: |
James Joshi
CNS Division Of Computer and Network Systems CSE Directorate for Computer and Information Science and Engineering |
| Start Date: | February 1, 2014 |
| End Date: | January 31, 2020 (Estimated) |
| Total Intended Award Amount: | $596,970.00 |
| Total Awarded Amount to Date: | $612,970.00 |
| Funds Obligated to Date: |
FY 2015 = $112,139.00 FY 2016 = $150,444.00 FY 2017 = $119,309.00 FY 2018 = $110,964.00 |
| History of Investigator: |
|
| Recipient Sponsored Research Office: |
809 S MARSHFIELD AVE M/C 551 CHICAGO IL US 60612-4305 (312)996-2862 |
| Sponsor Congressional District: |
|
| Primary Place of Performance: |
851 S Morgan St Chicago IL US 60607-7053 |
| Primary Place of
Performance Congressional District: |
|
| Unique Entity Identifier (UEI): |
|
| Parent UEI: |
|
| NSF Program(s): | Secure &Trustworthy Cyberspace |
| Primary Program Source: |
01001516DB NSF RESEARCH & RELATED ACTIVIT 01001617DB NSF RESEARCH & RELATED ACTIVIT 01001718DB NSF RESEARCH & RELATED ACTIVIT 01001819DB NSF RESEARCH & RELATED ACTIVIT |
| Program Reference Code(s): |
|
| Program Element Code(s): |
|
| Award Agency Code: | 4900 |
| Fund Agency Code: | 4900 |
| Assistance Listing Number(s): | 47.070 |
ABSTRACT
This research is building an understanding of what data is useful to attackers and what data is private for its legitimate owners so that security systems can incorporate these values into a data-driven, defense-in-depth approach to securing our digital lives.
We are exploiting the fact that both users and attackers must sift through vast amounts of data to find useful information. This system, called contextual data protection, enables users to passively manage their private and potentially lucrative stored data with minimal overhead, adding extra protection to private data which greatly lowers the risk inherent in long lived archives.
Simultaneously, we are creating effective defenses for data by improving our understanding of cybercrime, information use habits, and acceptable usability tradeoffs for data access. Building on previous research analyzing the financial successes of spam-based cybercrime, we are developing a methodology and apparatus for understanding the illicit value of stolen information. By understanding what is discoverable and valuable to attackers, we can develop techniques to focus security efforts on lucrative information, thereby preventing cybercriminals from turning a profit.
Ultimately, our goal is to create a set of general techniques that use tools from cryptography that defend users' data by exploiting a deeper understanding of its value to both the users and the attackers. This research will shed light on the meaning of information value, ownership, and protection in this era of long-lived digital storage.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note:
When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external
site maintained by the publisher. Some full text articles may not yet be available without a
charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from
this site.
PROJECT OUTCOMES REPORT
Disclaimer
This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.
The major goals of this project were to develop a principled understanding of the risks of long term personal information storage and to develop effective methods for mitigating those risks. By putting humans and their experience of contemporary computing systems at its center, this project was able to substantially broaden and deepen our understanding of long term information storage. We discovered multiple surprising and important aspects of how users perceive risks and benefits of their cloud storage, applied those discoveries to building improved software systems, and introduced several undergraduates to research in computer science along the way.
As part of this project, we conducted multiple studies related to participant perception of the usefulness and sensitivity of the files they store within the cloud. One early project expanded beyond the initial search for predefined "sensitive" data (passwords) to all images stored within cloud email accounts. This effort led to two important discoveries: first, that modern email archives' tendency to save sent messages by default led to many participants storing many images they did not even realize at first: this modality is particularly confusing on mobile phones where these photos can easily end up stored in two or three places as the result of one action, making fully deleting them exceedingly difficult. The second discovery is that, while participants considered sensitive images of themselves risky, photos taken of or by others which were entrusted to them were considered even more sensitive, leading us to increase our respect for how interpersonal context is exceedingly important in the perception of privacy. Both of these discoveries enabled us to further refine our approach to building tools that can successfully assist users in minimizing the risks embedded in their online storage accounts.
Throughout the performance of this project, we have built several pieces of information technology infrastructure which enable deep investigation of the risk/reward trade off surrounding the storage of files in the cloud. At first our infrastructure could only investigate Gmail cloud email accounts, but throughout the project we expanded that capability to include other cloud services like Dropbox and Google Drive. This software has been shared within the research community and forms the basis of several other experimental infrastructures built for investigating perceptions surrounding the use of cloud storage.
PI Kanich has had the opportunity to mentor twelve undergraduates as part of the efforts of this project, ten of whom are members of groups underrepresented in STEM. Many of these students are first generation college students and have continued their efforts in research or moved on to jobs in STEM fields.
Last Modified: 08/22/2020
Modified by: Christopher Kanich
Please report errors in award information by writing to: awardsearch@nsf.gov.
