Cognitive security for personal devices

Humans should be able to think of computers as extensions of their body, as craftsmen do with their tools. Current security models, however, are too unlike those used in human minds-for example, computers authenticate users by challenging them to repeat a secret rather than by continually observing the many subtle cues offered by their appearance and behavior. We propose two lines of research that can be combined to produce cognitive security on computers and other personal devices: continuously deployed multi-modal biometrics and adjustably autonomous security.

[1]  M. G. Bader,et al.  Design and applications , 2000 .

[2]  Yoav Freund,et al.  A decision-theoretic generalization of on-line learning and an application to boosting , 1997, EuroCOLT.

[3]  Niels Provos,et al.  The Ghost in the Browser: Analysis of Web-based Malware , 2007, HotBots.

[4]  Yoav Freund,et al.  A decision-theoretic generalization of on-line learning and an application to boosting , 1995, EuroCOLT.

[5]  Arun Ross,et al.  Information fusion in biometrics , 2003, Pattern Recognit. Lett..

[6]  Sean W. Smith Trusted Computing Platforms - Design and Applications , 2005 .

[7]  Seth David Schoen,et al.  EOF: give TCPA an owner override , 2003 .

[8]  Stefan Berger,et al.  vTPM: Virtualizing the Trusted Platform Module , 2006, USENIX Security Symposium.

[9]  Tal Garfinkel,et al.  Terra: a virtual machine-based platform for trusted computing , 2003, SOSP '03.

[10]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[11]  John J. Leggett,et al.  Dynamic Identity Verification via Keystroke Characteristics , 1991, Int. J. Man Mach. Stud..

[12]  Annie I. Antón,et al.  Towards understanding user perceptions of authentication technologies , 2007, WPES '07.

[13]  Eric Horvitz,et al.  Principles of mixed-initiative user interfaces , 1999, CHI '99.

[14]  Roberto Brunelli,et al.  Person identification using multiple cues , 1995, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[15]  Fabian Monrose,et al.  Authentication via keystroke dynamics , 1997, CCS '97.

[16]  K. Lorenz Studies in animal and human behaviour , 1970 .

[17]  W. Keith Edwards,et al.  Security automation considered harmful? , 2008, NSPW '07.

[18]  David Sarne,et al.  Estimating information value in collaborative multi-agent planning systems , 2007, AAMAS '07.

[19]  R. Polikar,et al.  Ensemble based systems in decision making , 2006, IEEE Circuits and Systems Magazine.

[20]  Xuxian Jiang,et al.  Stealthy malware detection through vmm-based "out-of-the-box" semantic view reconstruction , 2007, CCS '07.

[21]  Julian Fiérrez,et al.  Combining Biometric Evidence for Person Authentication , 2003, Advanced Studies in Biometrics.

[22]  John J. Leggett,et al.  Verifying Identity via Keystroke Characteristics , 1988, Int. J. Man Mach. Stud..