CS Bits & Bytes is a bi-weekly newsletter highlighting innovative computer science research. It is our hope that you will use CS Bits & Bytes to engage in the milti-faceted world of computer science to become not just a user, but also a creator of technology. Please visit our website at: www.nsf.gov/cise/csbytes/.

October 9, 2012
Volume 2, Issue 3

Enabling Secure and Trustworthy Cyberspace

In celebration of Hispanic Heritage Month, we are especially thrilled to feature Dr. Daniela Oliveira, a Hispanic computer scientist who is originally from Brazil.

Do you use Facebook? Twitter? If you and your classmates are like others, chances are that most of you use one or both. There are more than 800 million active users of Facebook and 100 million of Twitter. Online social networks (OSN) have become a place where people can seek friendship, advice, laughter, support, and information. OSN’s rise in popularity has been paralleled by an increase in the creativity and complexity of malware – malicious software. Adversaries who use malware often seek to gain access to private information that may lead to their financial gain at the expense of innocent OSN users.

MUST SEE!

President Obama on Cybersecurity

Watch President Obama proclaim cybersecurity as a "national priority" at: http://www.whitehouse.gov/video/President-Obama-on-Cybersecurity. If you have only a few minutes, watch minutes 1:15 to 4:10.

To enable security on the web, it is critical that we are able to fight attackers with anti-malware. Of course, we already have anti-malware that detects fraudulent activity – anyone with email and a SPAM folder knows this. Anyone with a SPAM folder also knows that most of the time, SPAM detectors get it right. But sometimes there are false positives (when a legitimate email is placed in SPAM), and sometimes there are false negatives (when a SPAM email is not flagged and is placed in your inbox). As malware gets more creative, so too must our software to detect malicious activity.

Dr. Daniela Oliveira of Bowdoin College in Maine had developed a creative model to make the Internet safer by leveraging user input. Traditional models of cybersecurity use an automated and rigid system, without user-input, to determine whether an email address or a website is safe. In the model developed by Dr. Oliveira, users rate email addresses and websites, based on their knowledge of how trustworthy a source is. This model compiles the many trust ratings to determine the trustworthiness of agents and sites on the Internet and, at the same time, keeps the identity of those who rate the email addresses and websites private.

Image Credit: Carl Pennypacker, UC-Berkeley

Image Credit: Carl Pennypacker, UC-Berkeley.

Computer science in general, and OSN in particular, has improved quality of life for many people. For example, 61% of adult Americans look online for help with health-related questions. For individuals diagnosed with cancer and their families, cancer-based networks have increasingly become a source of advice and support. Clearly, trust is a critical factor for these networks. Dr. Oliveira has worked with a sociologist to improve access to trustworthy information for cancer-based networks by applying her cybersecurity model and incorporating user input when characterizing the trustworthiness of sources.

Daniela Oliveira

Image of Daniela Oliveira.

Who Thinks of this Stuff?! Daniela Oliveira teaches computer science at Bowdoin, a liberal arts college in Maine, where it gets as cold as -18 °F in the winter. It’s no wonder she likes traveling to sunny places with her husband, Marcio, and her 4 year-old daughter, Brooke, when she can! During the cold Maine months, she likes to stay warm at home while reading a great book with her German Shepherd, Duke, beside her. Professor Oliveira received her BS and MS degrees in Computer Science from the Federal University of Minas Gerais in Brazil and earned her PhD in Computer Science from the University of California at Davis.

Links:

Check out the Computing Alliance of Hispanic-Serving Institutions at: http://cahsi.cs.utep.edu/.

Did you know October is National Cyber Security Awareness Month? Find more information from the Department of Homeland Security at: http://www.dhs.gov/national-cyber-security-awareness-month.

See more tips on how to stay safe online at:http://www.connectsafely.org/Safety-Tips/social-web-tips-for-teens.html.

Activity:

Dr. Oliveira developed her model by using a trust matrix, which employs the tools of logic. Students can practice logical thinking in the following two exercises.

Logic Exercise 1

In this exercise, there are three nodes on our trust spectrum – complete trust, conditional trust, and no trust. Each node represents a different amount of shared trust, as defined here:

Complete Trust Conditional Trust No Trust

If you completely trust someone, you trust everyone they trust. If you conditionally trust someone, you trust only that person, and you do not necessarily trust any of his or her trust judgments. If you do not trust someone, you do not trust that person, and you do not necessarily trust any of his or her judgments.

Given the following conditions:

  1. A completely trusts B.
  2. B completely trusts A.
  3. B conditionally trusts C.
  4. C does not trust D.
  5. D conditionally trusts C.
  6. C completely trusts E.
  7. E conditionally trusts C.
  8. F conditionally trusts E.
  9. E completely trusts F.
  10. G conditionally trusts E.
  11. E completely trusts G.
  1. Does A trust G? ______________
  2. Does F trust B? ______________

Logic Exercise 2

Ann has 281 Facebook friends. Sarah has 43 Facebook friends. Trey has more than twice the Facebook friends that Sarah has but less than half the Facebook friends Ann has. Jeff has 15 more Facebook friends than Trey. Deb has 64 fewer Facebook friends than Jeff. If Jan has more Facebook friends than Deb but less than Jeff,

  1. what are the possible numbers of Facebook friends that Jan has? ______________

Class Discussion:

How do you determine who is trustworthy in your real life? How do you determine who is trustworthy online? How are these the same/different?