cognitive security for personal devicesgreenie/aisec-slides.pdf · cognitive security • humans...
TRANSCRIPT
![Page 1: Cognitive Security for Personal Devicesgreenie/aisec-slides.pdf · Cognitive Security • Humans have rich and subtle mechanisms for handling trust and security • Goal: Intelligent](https://reader034.vdocument.in/reader034/viewer/2022042313/5edfc2bead6a402d666b1302/html5/thumbnails/1.jpg)
Cognitive Security for Personal Devices
Rachel Greenstadt ([email protected])Jake Beal ([email protected])
AISecOctober 28, 2008
![Page 2: Cognitive Security for Personal Devicesgreenie/aisec-slides.pdf · Cognitive Security • Humans have rich and subtle mechanisms for handling trust and security • Goal: Intelligent](https://reader034.vdocument.in/reader034/viewer/2022042313/5edfc2bead6a402d666b1302/html5/thumbnails/2.jpg)
I must be dancing with Jake, after all, this guy knows Jake’s private key....
![Page 3: Cognitive Security for Personal Devicesgreenie/aisec-slides.pdf · Cognitive Security • Humans have rich and subtle mechanisms for handling trust and security • Goal: Intelligent](https://reader034.vdocument.in/reader034/viewer/2022042313/5edfc2bead6a402d666b1302/html5/thumbnails/3.jpg)
Human-style authentication
Looks like JakeDances like
Jake
Sounds like Jake
![Page 4: Cognitive Security for Personal Devicesgreenie/aisec-slides.pdf · Cognitive Security • Humans have rich and subtle mechanisms for handling trust and security • Goal: Intelligent](https://reader034.vdocument.in/reader034/viewer/2022042313/5edfc2bead6a402d666b1302/html5/thumbnails/4.jpg)
It seems this is Mako and not, in fact, Jake
Computers could recognize other cues
Typing patterns
Touchpad patterns
Use patterns
Camera imageTouchpad patterns
Posture/Device placement
![Page 5: Cognitive Security for Personal Devicesgreenie/aisec-slides.pdf · Cognitive Security • Humans have rich and subtle mechanisms for handling trust and security • Goal: Intelligent](https://reader034.vdocument.in/reader034/viewer/2022042313/5edfc2bead6a402d666b1302/html5/thumbnails/5.jpg)
Cognitive Security
• Humans have rich and subtle mechanisms for handling trust and security
• Goal: Intelligent agents mediate security decisions between users and applications
• Build user models via continuously-deployed multi-modal behavioral biometrics
• Use models to aid security decisions
![Page 6: Cognitive Security for Personal Devicesgreenie/aisec-slides.pdf · Cognitive Security • Humans have rich and subtle mechanisms for handling trust and security • Goal: Intelligent](https://reader034.vdocument.in/reader034/viewer/2022042313/5edfc2bead6a402d666b1302/html5/thumbnails/6.jpg)
Mismatch Between Users and Machines:An AI and HCI Problem
• We must use human mechanisms sometimes
• Example: passwords to keys
• Security automation considered harmful? [Edwards Poole Stoole 2007]
• Context dependent security decisions
• Can’t be pre-baked in
• Need an agent to observe the context
![Page 7: Cognitive Security for Personal Devicesgreenie/aisec-slides.pdf · Cognitive Security • Humans have rich and subtle mechanisms for handling trust and security • Goal: Intelligent](https://reader034.vdocument.in/reader034/viewer/2022042313/5edfc2bead6a402d666b1302/html5/thumbnails/7.jpg)
Machine Imprint on Users,develop models of their behavior
Obviously not appropriate for all scenarios...
![Page 8: Cognitive Security for Personal Devicesgreenie/aisec-slides.pdf · Cognitive Security • Humans have rich and subtle mechanisms for handling trust and security • Goal: Intelligent](https://reader034.vdocument.in/reader034/viewer/2022042313/5edfc2bead6a402d666b1302/html5/thumbnails/8.jpg)
Architecture for Machine
Integrity• Sensitive Information• Requires isolation• Lots of research in this sort of model already • Overhead? (VMMs, classifiers, etc) perhaps...
![Page 9: Cognitive Security for Personal Devicesgreenie/aisec-slides.pdf · Cognitive Security • Humans have rich and subtle mechanisms for handling trust and security • Goal: Intelligent](https://reader034.vdocument.in/reader034/viewer/2022042313/5edfc2bead6a402d666b1302/html5/thumbnails/9.jpg)
Once computers know their users,they can infer beliefs and goals
Alice:* Knows she wants to visit her bank* Doesn’t know she’s not at her bank
Alice’s device:* Knows Alice is not visiting her bank* Doesn’t know that Alice believes she is at her bank
![Page 10: Cognitive Security for Personal Devicesgreenie/aisec-slides.pdf · Cognitive Security • Humans have rich and subtle mechanisms for handling trust and security • Goal: Intelligent](https://reader034.vdocument.in/reader034/viewer/2022042313/5edfc2bead6a402d666b1302/html5/thumbnails/10.jpg)
Adjustably Autonomous Security
• Model users’ belief, desires, intentions
• Understand concepts
• private information
• expected program behavior
• simulate users’ judgment
• pass decisions up when appropriate
![Page 11: Cognitive Security for Personal Devicesgreenie/aisec-slides.pdf · Cognitive Security • Humans have rich and subtle mechanisms for handling trust and security • Goal: Intelligent](https://reader034.vdocument.in/reader034/viewer/2022042313/5edfc2bead6a402d666b1302/html5/thumbnails/11.jpg)
Current work
• Authentication
• Keystrokes
• Stylometry
• Anti-phishing
![Page 12: Cognitive Security for Personal Devicesgreenie/aisec-slides.pdf · Cognitive Security • Humans have rich and subtle mechanisms for handling trust and security • Goal: Intelligent](https://reader034.vdocument.in/reader034/viewer/2022042313/5edfc2bead6a402d666b1302/html5/thumbnails/12.jpg)
Thank You
• Questions?
• More detail available as MIT CSAIL Tech Report 2008-016
• http://dspace.mit.edu/handle/1721.1/40810
• Email: [email protected], [email protected]