GGrantIndex
← Search

CAREER: Security and Privacy Foundations of Internet-Scale User-Centered Automation

$527,657FY2022CSENSF

University Of California-San Diego, La Jolla CA

Investigators

Abstract

This award is funded in whole or in part under the American Rescue Plan Act of 2021 (Public Law 117-2). The digital and physical resources of people, such as emails, health data, smart home, and city devices, are now accessible on the Internet. By bringing all these systems online and making them interoperable, system operators enable new functionality and drive efficiencies. The enabler of such useful interconnections is the Internet-scale automation system, whose hallmark is permitting non-programmers to create automations, thus democratizing the bridge between digital and physical resources. Unfortunately, these automation systems are not secure and do not guarantee user privacy— attackers can steal sensitive user data and manipulate resources, including physical ones, at large scale. This project pursues an integrated research and education approach to endow Internet-scale automation with the correct security and privacy foundations. The project’s novelty is leveraging the unique properties of Internet-scale automation to develop a framework for securing them that strikes different trade-offs in functionality, performance, security, and usability. The broader significance and importance of the project are empowering non-programmers to securely create automations that improve convenience, safety, and energy efficiency in a privacy-preserving fashion. To provide the correct security foundations, the project focuses on building least-privilege distributed computer systems. Specifically, the unique properties of Internet-scale automation allow the adaptation of techniques from the theory of language-based data minimization, computing on encrypted data and human-centered design. Contributions to applied cryptography and data minimization include system-level innovations to make practical use of garbled circuits and program dependency analyses. Contributions to human-centered design include empirical studies and data-driven interface designs to help users write better automation programs. Rather than finding the security architecture, the project develops a framework of security architectures that strikes different trade-off points in functionality, usability, security, privacy, and performance. The project also introduces an automation simulator that integrates research results and makes them available for experimentation to students at universities and K-12. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

View original record on NSF Award Search →