Subventions et des contributions :

Retour à la page de recherche

Titre :

Human-oriented computer security

Numéro de l’entente :

RGPIN

Valeur d'entente :

170 000,00 $

Date d'entente :

10 mai 2017 -

Organisation :

Conseil de recherches en sciences naturelles et en génie du Canada

Location :

Ontario, Autre, CA

Numéro de référence :

GC-2017-Q1-03155

Type d'entente :

subvention

Type de rapport :

Subventions et des contributions

Informations supplémentaires :

Subvention ou bourse octroyée s'appliquant à plus d'un exercice financier. (2017-2018 à 2022-2023)

Nom légal du bénéficiaire :

Chiasson, Sonia (Carleton University)

Programme :

Programme de subventions à la découverte - individuelles

But du programme :

Effects of poor cybersecurity impact everyone, from individuals to large corporations, not-for-profit organizations, or government agencies. While many security incidents have a human component, these can frequently be traced back to system designs and configurations that placing unreasonable demands on users by ignore human capabilities and real-world context of use. In the same way that network protocols are resilient to network interruptions or dropped packets, I suggest that security systems should be resilient and adaptable to human behaviour. My research program relates to such human-oriented computer security. The main objectives are to identify strengths and vulnerabilities in real-world security mechanisms, to develop improved designs and understand their security and usability implications, and to identify foundational design principles applicable to the general usable security space. For this grant, the following three themes will be explored.

Domain experts such as security analysts or software developers are not typical end-users and are often overlooked in terms of usable security. However, consequences of unusable or inadequate tools can be devastating for entire networks or for software deployed worldwide. A first research direction includes improving support for security code reviews by developing tools to help programmers detect security vulnerabilities, prioritize security fixes, and encourage collaborative reviewing of code, partially inspired by Agile software engineering methods. A second direction relates to security analysts who must frequently merge several data sets, find previously undetermined associations among them, and share expertise. We intend to explore such collaborative work and devise new security visualization of large data sets.

We have conducted significant research into understanding the human factors and security implications of knowledge-based authentication, and will continue working towards real-world solutions. For example, we have recently turned our attention to user authentication for children, a subject which has received almost no attention in the research community. We are working towards a child-friendly authentication scheme and a parent-child password manager addressing the need for autonomy and privacy while ensuring some parental oversight.

In more exploratory research, we are interested in the usable security and privacy for the Internet of Things devices and implications for Smart Cities. This emerging area has significant usable privacy and security implications for end-users, and offers opportunity to affect the implementation of new technologies while their design is still flexible.