Computer Security: Blame Game
To err is human, but to foul
things up completely takes a computer, or so the old saw goes. Although this
may seem a little unfair to computers, a group of cyber-security experts led by
Jim Blythe of the University of the
Mistakes by users are estimated to
be responsible for as many as 60% of breaches of computer security. Repeated
warnings about being vigilant, for example, often go unheeded as people fail to
recognize the dangers of seemingly innocuous actions such as downloading files.
On top of that, some “mistakes” are actually the result of deliberation. Users –
both regular staff and members of the information – often disable security
features of their computers, because those features slow things down or make
the computer more complicated to use.
Yet according to Dr Blythe, such
human factors are often overlooked when security systems are tested. This is
partly because it would be impractical to manipulate the behavior of users in
ways that would give meaningful results. He and his colleagues have therefore
created a way of testing security systems with computer programs called
cognitive agents. These agents’ motives and behaviors can be fine-tuned to mess
things up with the same aplomb as a real employee. The difference is that what
happened can be analyzed precisely afterwards.
Another factor that can influence
an agent’s behavior is its physiology. Agents can get tired and become hungry,
just like people. According to Dr Blythe, “we have focused mainly on fatigue,
the physical need to go to the bathroom.” And agents may also skive off,
choosing to switch to a spot of web browsing on a synthetic internet that the
researchers have created for the purpose.
The team plans a full-scale test
later this year, but preliminary results, which Dr Blythe will present to the
Association for the Advancement of Artificial Intelligence’s 25th annual
conference in
计算机安全:谁之过?
犯错是人之天性,但要把事情完全搞糟却少不了电脑——有句老话好像是这样说的。尽管这种说法对电脑似乎有点不公,但由南加州大学的Jim Blythe领导的一个网络安全专家团队却认为种种说法背后至少有点道理。他们设计了一个系统用来测试计算机的安全网络,在该系统中,计算机将会模拟各种人为错误,正是这些错误是的网络脆弱不堪。
在各类违反计算机操作安全的错误中,用户自身所犯错误估计占到60%之多。例如,反复被警告应提高警惕,但这些警告常常被当作耳边风——因为人们未能认识到下载文件等看似无害的行为的潜在危险。除此之外,一些“错误”实际上是有意为之。包括正式员工及懂行的信息技术人员在内的计算机用户通常会关闭电脑安全功能,因为这些功能会让系统变慢,或是电脑更复杂难用。
不过按照Blythe博士的说法,在对安全系统进行测试时,对这样的人为因素往往忽略不计。部分原因是通过操纵用户行为来产生有意义的结果的做法不现实。Blythe博士和他的同事因此设计了一种测试安全系统的方法,这种方法包含一种称为“认知代理”的程序。这些代理的动机和行为可以微调的与真实雇员一样沉着冷静地把事情搞砸。不同的是所发生的事情事后可以得到精确的分析。
另外一个可以影响到代理行为的因素是其生理状态。像普通人一样,代理也会疲倦、饥饿。按Blythe博士的说法,“我们已集中主要精力研究疲劳、每隔一定时间就休息和如厕等的生理需要。”而代理也可能会偷懒,自行决定切换页面去浏览研究人员故意设计出来的合成网。
该小组计划于今年晚些时候才进行全面测试,不过初步的结果看起来很有希望。该结果将由Blythe博士于
(许建平
译) |
|部落|Archiver|手机版|英文巴士 ( 渝ICP备10012431号-2 )
GMT+8, 2016-7-24 15:21 , Processed in 0.062317 second(s), 9 queries , Gzip On, Redis On.