Usable Security and Privacy Projects

AppCensus: Learn the Privacy Costs of Free Apps

There exists a mature ecosystem of developers and service providers that produce mobile applications, often offering them at zero up-front cost. These free apps are supported by advertising networks, who distribute software libraries that developers use for drop-in integration of ad delivery and audience tracking functionality. However, integrated advertiser code and core application code run with the same access privileges, a security and privacy risk not readily apparent to end-users and developers alike.

Using Individual Differences to Personalize Security Mitigations

Researchers at ICSI are leveraging well-studied individual differences in the psychology literature in order to improve computer security outcomes. Specifically, they are looking at how people with different decision-making styles may be more or less receptive to different types of security messaging. Applying techniques from behavioral economics, the goal is to frame security mitigations for individual users so that they see the security messages that are most likely to have an effect on them.

Mobile Contextual Privacy

This project is rethinking how smartphones grant third-party applications access to sensitive user data. Currently, mobile platforms ask the user for permission the first time an application attempts to access certain data types; when access is granted, the user is never asked to make this decision again, even if the context in which subsequent data requests occur are substantially different from the context of the first request. For example, no distinction is made between using location data for location-based features and user tracking.

Security and Privacy for Wearable and Continuous Sensing Platforms

In this collaborative project, researchers at ICSI, UC Berkeley, and University of Washington are systematically exploring the security and privacy issues brought up by the increasing popularity of wearable computers. The recent demand for devices like Google Glass, smart watches, and wearable fitness monitors suggests that wearable computers may become as ubiquitous as cellphones.

Science of Security

In this collaborative project, researchers at ICSI are utilizing Carnegie Mellon University's Security Behavior Observatory (SBO) infrastructure to conduct quantitative experiments about how end-users make security decisions. The results of these experiments are used to design new security mitigations and interventions, which are then iteratively evaluated in the laboratory and the field. This collaboration is designed to provide keen insights into how users make security decisions in situ.

Teaching Resources for Online Privacy Education (TROPE)

Researchers are developing classroom-ready teaching modules to educate young people about why and how to protect their privacy online, as well as a Teachers' Guide with background information, suggested lesson plans, and guidance on how to employ the modules in the classroom.

Privacy Literacy with San Jose Public Library

ICSI researchers are collaborating with the San Jose Public Library and San Jose State University's Game Development club to develop an online tool which will help individuals understand privacy in the digital age and make informed decisions about their online activity. Beyond the standard educational aid, this tool will be non-biased, acknowledging that people have many different definitions of privacy and may have different needs based on what kind of online persona they have created.