Cyber-attacks and security breaches are more and more frequent every year (with a 48% yearly increase in 2014). End-users are among the favorite targets of cyber-attacks since they are considered the weakest link in the security loop, making them a favorable target to attackers. To counter this threat, cyber-security mechanisms increasingly track users' machines and activities, compromising people's privacy as a result and potentially driving them to evade cyber-security mechanisms altogether.
1. Objectives
This project aims to evaluate methods for understanding the trade-off between privacy and cyber- security, and to propose methods for balancing it. Specifically, the project will study how personal data stores can be used to process cyber behavior without transmitting it to a centralized server.
2. Methodology
The study will include a multidisciplinary methodology. First, we will use empirical methods to analyze measures of privacy (i.e., anonymity and knowledge coverage) and cyber-security measures, using real-world data collected from large-scale cyber-security systems. Second, we will design and evaluate personal data store mechanisms that can be adopted to cyber-security. Finally, we will evaluate the effect of these mechanisms on the willingness of users to cooperate with the system and their understanding of the data use practices. In the studies, we will focus in two specific scenarios: organizational cyber-security, including mechanisms such as malware detection and data leakage prevention, and mobile cyber-security scenarios, including application tracking and malware analysis.
3. Potential scientific contribution of the proposed research
The formalized measures of cyber-security can lead to a significant change in the way cyber solutions are developed, proposing basic technologies to balance these two crucial aspects of computing. Furthermore, PACS will provide a framework to analyze and understand the privacy of cyber-security solutions, allowing developers, regulators and the public to meaningfully discuss the trade-off between privacy and security. The implementation of personal data stores and the behavioral analysis will provide useful insight into the reaction of people to this new mechanism and provide direction for future development of cyber-security technologies.
4. Mode of cooperation and added value
The combination of the four teams involved in the project provides a strong basis for interdisciplinary cooperation, between cyber-security and privacy approaches, and between technical and human aspects of the problem. To enhance international collaboration, the work plan will comprise of work packages, each involving the collaboration of an Italian team and an Israeli team with complementary abilities.
1. Objectives
This project aims to evaluate methods for understanding the trade-off between privacy and cyber- security, and to propose methods for balancing it. Specifically, the project will study how personal data stores can be used to process cyber behavior without transmitting it to a centralized server.
2. Methodology
The study will include a multidisciplinary methodology. First, we will use empirical methods to analyze measures of privacy (i.e., anonymity and knowledge coverage) and cyber-security measures, using real-world data collected from large-scale cyber-security systems. Second, we will design and evaluate personal data store mechanisms that can be adopted to cyber-security. Finally, we will evaluate the effect of these mechanisms on the willingness of users to cooperate with the system and their understanding of the data use practices. In the studies, we will focus in two specific scenarios: organizational cyber-security, including mechanisms such as malware detection and data leakage prevention, and mobile cyber-security scenarios, including application tracking and malware analysis.
3. Potential scientific contribution of the proposed research
The formalized measures of cyber-security can lead to a significant change in the way cyber solutions are developed, proposing basic technologies to balance these two crucial aspects of computing. Furthermore, PACS will provide a framework to analyze and understand the privacy of cyber-security solutions, allowing developers, regulators and the public to meaningfully discuss the trade-off between privacy and security. The implementation of personal data stores and the behavioral analysis will provide useful insight into the reaction of people to this new mechanism and provide direction for future development of cyber-security technologies.
4. Mode of cooperation and added value
The combination of the four teams involved in the project provides a strong basis for interdisciplinary cooperation, between cyber-security and privacy approaches, and between technical and human aspects of the problem. To enhance international collaboration, the work plan will comprise of work packages, each involving the collaboration of an Italian team and an Israeli team with complementary abilities.