Cognitive Security for Personal Devicesgreenie/aisec-slides.pdf · Cognitive Security • Humans...

Preview:

Click to see full reader

Citation preview

Cognitive Security for Personal Devices

Rachel Greenstadt (greenie@cs.drexel.edu)Jake Beal (jakebeal@mit.edu)

AISecOctober 28, 2008

mailto:greenie@eecs.harvard.edu
mailto:greenie@eecs.harvard.edu
mailto:jakebeal@mit.edu
mailto:jakebeal@mit.edu

I must be dancing with Jake, after all, this guy knows Jake’s private key....

Human-style authentication

Looks like JakeDances like

Jake

Sounds like Jake

It seems this is Mako and not, in fact, Jake

Computers could recognize other cues

Typing patterns

Touchpad patterns

Use patterns

Camera imageTouchpad patterns

Posture/Device placement

Cognitive Security

• Humans have rich and subtle mechanisms for handling trust and security

• Goal: Intelligent agents mediate security decisions between users and applications

• Build user models via continuously-deployed multi-modal behavioral biometrics

• Use models to aid security decisions

Mismatch Between Users and Machines:An AI and HCI Problem

• We must use human mechanisms sometimes

• Example: passwords to keys

• Security automation considered harmful? [Edwards Poole Stoole 2007]

• Context dependent security decisions

• Can’t be pre-baked in

• Need an agent to observe the context

Machine Imprint on Users,develop models of their behavior

Obviously not appropriate for all scenarios...

Architecture for Machine

Integrity• Sensitive Information• Requires isolation• Lots of research in this sort of model already • Overhead? (VMMs, classifiers, etc) perhaps...

Once computers know their users,they can infer beliefs and goals

Alice:* Knows she wants to visit her bank* Doesn’t know she’s not at her bank

Alice’s device:* Knows Alice is not visiting her bank* Doesn’t know that Alice believes she is at her bank

Adjustably Autonomous Security

• Model users’ belief, desires, intentions

• Understand concepts

• private information

• expected program behavior

• simulate users’ judgment

• pass decisions up when appropriate

Current work

• Authentication

• Keystrokes

• Stylometry

• Anti-phishing

Thank You

• Questions?

• More detail available as MIT CSAIL Tech Report 2008-016

• http://dspace.mit.edu/handle/1721.1/40810

• Email: greenie@cs.drexel.edu, jakebeal@mit.edu

http://dspace.mit.edu/handle/1721.1/40810
http://dspace.mit.edu/handle/1721.1/40810
mailto:greenie@eecs.harvard.edu
mailto:greenie@eecs.harvard.edu

Recommended

Reception booklet Shine Bright, AISEC ALMATY, Kazakhstan
Documents
Buku Pedoman AISEC
Documents
Cognitive radio: some security issues
Technology
AISEC IT-Sicherheit Newsletter 1/2012
Documents
Battista Biggio @ AISec 2014 - Poisoning Behavioral Malware Clustering
Education
Security Features in Cognitive Radio
Documents
Watson - Cognitive Security Advisor for the Security ... - IBM€¦ · Watson - Cognitive Security Advisor for the Security Analyst IBM QRADAR ADVISOR WITH WATSON Dusan Vidovic June
Documents
Cognitive Security - Telco & Mobile Security ('12)
Technology
SEMINAR: OT SECURITY - sec.in.tum.de€¦ · © Fraunhofer AISEC A. Giehl, P. Wagner, M. Heinl SEMINAR: OT SECURITY PRE-COURSE MEETING 29.01.2020 Alexander Giehl, Patrick Wagner,
Documents
AISEC Sondernewsletter
Documents
Cognitive Security - Finance & Banking Security ('12)
Technology
AISEC TR 2012 001 Android OS Security
Documents
Cognitive Radio Network Security
Documents
Security threats and detection technique in cognitive
Engineering
Security Enhanced Communications in Cognitive Networks · Security Enhanced Communications in Cognitive Networks ... techniques, we propose jamming resilient CR communication mechanisms
Documents
Cognitive Threat Analytics on Cisco Cloud Web Security
Documents
Applied Cognitive Security: Complementing the Security · PDF fileApplied Cognitive Security: Complementing the Security Analyst ... •Correlate data ... Watson showed the extent
Documents
Cognitive Radio Network Security a Survey
Documents
AISEC PROPOSAL
Documents
Cognitive security
Software