Home Page
CS169, Misperception and Security, Winter 2012
Home Page
Computer security aims to ensure only "good" behavior happens in computer systems, despite potential action by malicious adversaries. Consequently, the field has focused primarily on the technology to prohibit "bad things," according to some set of rules, and to a lesser extent on the structure of such rules.
Unfortunately, fieldwork and anecdotes report how we keep getting the rules "wrong."
Interestingly, the computer security field has largely ignored the process by which humans produce these sets of rules. However, psychology and related disciplines can tell us a lot about such processes---including ways the human mind systematically misperceives things when making evaluations and judgments. In this research seminar course, we will examine whether systematic flaws in how humans produce these rule sets lie at the core of real-world security frustration----and whether we can use these insights to improve the situation.
The course will draw on IT security issues in real-world domains including finance, healthcare, power.
As a potential model of what may come out of this course, consider Stephanie Trudeau's senior thesis which led to the following refereed paper:
S. Trudeau, S. Sinclair, S.W. Smith.
"The Effects of Introspection on Creating Privacy Policy."
WPES 2009: Proceedings of the 8th ACM Workshop on Privacy in the Electronic Society.
1--10. November 2009
Back to Dartmouth CS Home Page
Sean Smith
< sws@cs.dartmouth.edu>