About
The Security Misconceptions Project is an NSF funded investigation (Award #1821788) into "commonsense" security misconceptions. We aim to find common misconceptions in computer security, create a test to evaluate student understanding and create active learning modules that "cure" the misconception.
Commonsense misconceptions are rooted in the common sense of the holder based on observations they made in the course of working in a particular area or living and interacting with that topic. The idea is that these misconceptions are attractive, or perhaps work well enough in one context, but because they are erroneous, they can lead to faulty reasoning in other contexts. Importantly, because they are attractive and/or developed over a long period of time, these faulty mental models can be hard to dispel through typical education. It may take some intentional effort to disabuse students of these faulty ideas.
The classic example of this kind of research is the Force Concepts Inventory (FCI), created by Hestenes, Halloun, Wells, and Swackhamer and introduced in the paper "The Initial Knowledge State of College Physics Students". In it, the researchers present the notion of commonsense misconceptions in Newtonian physics, and a test to measure students' understanding of those concepts. A classic example of a misconception about physics is that heavier objects (e.g., a bowling ball) should fall faster than lighter ones (e.g., a baseball). This is intuitive, and it often seems to be true, because lighter objects are often more affected by drag, are less dense, and so on. (It helps the misconception that most of us lack access to a vacuum space in which to perform the experiment, and we often pick tricky objects, such as a feather, for our lightweight object.)
People develop ideas about physics because they interact with Physics in the universe every single day. It's natural that they would develop ideas about how things work. But we believe that people develop ideas about how computers work and what is secure or insecure based on their intuition, the abstractions we present to them, or other reasons. For example, I have heard many people state an implied belief that having a full Desktop folder (and the attendant visual mess) could meaningfully "slow down" their computer. It is true that a full hard disk, or lots of extra processes, can slow down a computer. Experts know that the Desktop is just one folder, having items on the Desktop does not consume much in the way of computing resources, and the "space" on the Desktop is really defined by screen resolution and icon size -- irrelevant to the storage capacity of the system. The novice, however, may not understand any of those things. We're interested in misconceptions about computer security of this type, and why they occur, so that we can identify students who hold them and remediate those misconceptions through targeted, hands-on exercises and videos.
To do this, we will survey computer security experts and code their responses using social science techniques in order to build a list of the most common misconceptions. Then, we will create a test to identify whether students hold the "correct" view of the misconception, or the commonsense misconception. Then, we'll create hands-on, active-learning educational interventions and videos designed to directly "break" the misconceptions so that students will recognize the correct answers.
This blog will be our record of our process and results, musings about our progress, and so on. Our hope is that it will be helpful for us when we think back on the project, and that it also might be helpful for others undertaking similar research.
Commonsense misconceptions are rooted in the common sense of the holder based on observations they made in the course of working in a particular area or living and interacting with that topic. The idea is that these misconceptions are attractive, or perhaps work well enough in one context, but because they are erroneous, they can lead to faulty reasoning in other contexts. Importantly, because they are attractive and/or developed over a long period of time, these faulty mental models can be hard to dispel through typical education. It may take some intentional effort to disabuse students of these faulty ideas.
The classic example of this kind of research is the Force Concepts Inventory (FCI), created by Hestenes, Halloun, Wells, and Swackhamer and introduced in the paper "The Initial Knowledge State of College Physics Students". In it, the researchers present the notion of commonsense misconceptions in Newtonian physics, and a test to measure students' understanding of those concepts. A classic example of a misconception about physics is that heavier objects (e.g., a bowling ball) should fall faster than lighter ones (e.g., a baseball). This is intuitive, and it often seems to be true, because lighter objects are often more affected by drag, are less dense, and so on. (It helps the misconception that most of us lack access to a vacuum space in which to perform the experiment, and we often pick tricky objects, such as a feather, for our lightweight object.)
 |
| The Leaning Tower of Pisa. Photo Credit: Saffron Blaze - http://www.mackenzie.co |
To do this, we will survey computer security experts and code their responses using social science techniques in order to build a list of the most common misconceptions. Then, we will create a test to identify whether students hold the "correct" view of the misconception, or the commonsense misconception. Then, we'll create hands-on, active-learning educational interventions and videos designed to directly "break" the misconceptions so that students will recognize the correct answers.
This blog will be our record of our process and results, musings about our progress, and so on. Our hope is that it will be helpful for us when we think back on the project, and that it also might be helpful for others undertaking similar research.
Comments
Post a Comment