Speaker: Professor Jean Camp, Indiana University
Abstract:Computer systems increasingly target the weakest link: communication with the user. Those arguments that indicate that the user is the weakest link overstate the level of user communication provided by systems. Coordinating the user response with the risk profile of the activities and context can enable superior network self-defense. Such coordination requires neither full transparency with complete technical details nor opaque, vague, decontextualized warnings. I propose instead translucent security. I propose a level of translucent security that informs individuals of the risk state of their virtual context, and teams with the individual to create the appropriate security posture. Consider that the domain names and IP ranges of FDIC-insured banks and credit unions are readily available to the machine, but not the user. Clear communication to an individual that he or she is interacting a legitimate financial institution, or not, depends on an awareness that is not included in browsers today. Implementing appropriate security settings for a financial transaction requires a time commitment and system competence held by few users. Translucent security approaches users as individuals making complex risk decisions. Instead of a plethora of add-ins, add-ons, and ever expanding vocabulary of attacks and defense, each individual is provided with a single narrative with a consistent metaphor about the context, and a path to risk mitigation. By coordinating the user communication and security settings of the system interaction, translucent security enables responsive secure computer-mediated interaction as well as careless risk-taking downloads with the user being able to distinguish and protect him or herself appropriately. You may think you are in a bank, but you could be in a shack in Nigeria. Your computer knows, but you don’t.
Speaker Bio:Jean Camp is an Associate Professor at the School of Informatics, Adjunct Professor of Telecommunications, and an Adjunct Professor of Computer Science at Indiana University. Professor Camp's core interest is technical trust mechanisms in economic and social context. It was this interest that led Prof. Camp from graduate electrical engineering research in North Carolina to the Department of Engineering and Public Policy at Carnegie Mellon, and it remained her core interests as a Senior Member of the Technical Staff at Sandia National Laboratories. At Sandia National Laboratories her work focused on computer security. She left Sandia National Laboratories for eight years at Harvard's Kennedy School. Now as a tenured Professor at Indiana Unviersity's School of Informatics her research addresses security in society. Professor L. Jean Camp is the author of Trust and Risk in Internet Commerce (MIT Press), Economics of Identity Theft (Springer) and the editor the Economics of Information Security (Kluwer Academic). She has authored over one hundred works, including seventy peer-reviewed works and eighteen book chapters. She has participated in organizing and presented at scores of conferences. Her service has included the Board of Directors of Computer Professionals for Social Responsibility, the Board of Governors of the IEEE Society on Social Implications of Technology, Senior Member of the IEEE, and longstanding member of the USACM.
http://www.ljean.com
Net Trust: http://code.google.com/p/nettrust/
Economics of Security:http://www.infosecon.net/
ETHOS: http://ethos.indiana.edu
Congressional Fellow: http://www.ieeeusa.org/policy/govfel/congfel.asp