Friday, January 13, 2017
Title: Holistic and Human-Centric Cyber Security
Computer systems are everywhere. Society is dependent on networked computer systems and software for everything, from running the smart grid that powers your house to social networking with your family and friends. The societal dependency requires sound methods and practices to protect computer systems from attack and to protect users against threats created by ubiquitous computer systems. These methods and practices must consider both threats from attackers looking to compromise systems and the human factors considerations that new systems bring to users. The cyber security community is also faced with the daunting task of not just securing systems against lone individuals, but also preventing nation-states from using computer systems to carry out their political and military agendas. One word summarizes the types of cyber attacks that our society will face in the next few years: targeted. Organizations are now targets of advanced persistent threat (APTs) attacks, which are well–planned and orchestrated infiltrations combining different types of malicious software and which attempt to blend in with normal activities. Further, users have increasingly been found to be victims of cyber–social engineering attacks, which are targeted emails, fake web pages, and online ads attempting to lure an Internet user into visiting web pages that procure personal information or into clicking on links to malicious downloads.
In this talk, I will give an overview of the holistic (involving many layers of abstraction that make up a computer system) and human-centric solutions I have proposed to secure computer systems and their users against these target attacks. Then, I will discuss in details two pieces of work. The first is about spear phishing susceptibilities in the older adult population as a function of psychological principles of influence. Older adults’ susceptibility to cyber social engineering has important implications for cyber security because they are the fastest growing population in the Western world, control over half of the US financial wealth, and occupy many positions of power. The second piece of work addresses how operating system-hardware collaboration can make computer systems more secure. Finally I will discuss my plans for future research and my vision for cybersecurity.