To date, the application of quantitative security and privacy metrics metrics has seen its greatest successes when exploring the worst-case properties of a system. That is, given a powerful adversary, to what extent does the system preserve some relevant set of properties? While such analyses allow experts to build systems that are resistant to strong attackers, many deployed systems were not designed in this manner. In fact, there is growing evidence that users' privacy is routinely compromised as a byproduct of using social, participatory, and distributed applications. Given that people find inherent utility in using systems that are not secure against worst-case adversaries, this project investigates a complementary question: Can we help users better manage their participation in systems that are not privacy-preserving in an absolute sense?
This project is developing a principled approach that enables individuals to (i) quantitatively specify and assess their security, privacy, and utility goals; (ii) qualitatively express preferences on the relative importance of these goals; (iii) explore the implications of their system interactions by leveraging the trade-off spaces resulting from these quantitative and qualitative specifications; and (iv) enact locally-enforceable changes to their system usage to better balance competing needs. This project is designing computational tools that enable everyday users to better manage their system participation by understanding the interplay between security, privacy, and utility. Educational materials are being developed to support two undergraduate courses---one for computer science majors and one for non-majors---that explore the social, technical, and privacy implications of our increasingly digitized society.
