正文
经济学人下载:计算机安全 推脱责任
Science and technology
科学技术
Computer security
计算机安全
Blame game
推脱责任
How to mimic human laxness with computers
如何用计算机模拟人类错误
TO ERR is human, but to foul things up completely takes a computer, or so the old saw goes.
犯错是人类的天性,不过某些错误要完全归咎于电脑,
Although this may seem a little unfair to computers,
也种说法也说不过去。
a group of cybersecurity experts led by Jim Blythe of the University of Southern California are counting on there being at least some truth in the saying.
由南加州大学的Jim Blythe领导的一个网络安全专家团队正在研究这种说法的背后是否真的存在着一些事实—虽然说这对于电脑有点不公平。
They have created a system for testing computer-security networks by making computers themselves simulate the sorts of human error that leave networks vulnerable.
他们设计了一个系统用来测试计算机的安全网络,在这个系统中 ,计算机将会模拟人类的各种错误行动,正是这些导致了网络的脆弱。
Mistakes by users are estimated to be responsible for as many as 60% of breaches of computer security.
与破坏计算机安全有关的事件中,由用户自己制造的错误估计占到60%。
Repeated warnings about being vigilant, for example,
例如,对于危险频繁的警告经常被人们忽略,
often go unheeded as people fail to recognise the dangers of seemingly innocuous actions such as downloading files.
当人们下载文件时这种看似无害的行为让人很难意识到其中的危险。
On top of that, some mistakes are actually the result of deliberation.
除此之外,一些错误甚至是深思熟虑的结果。
Users—both regular staff and members of the information-technology department, who should know better—often disable security features on their computers,
正规的工作人员和信息技术部门的职员他们应该对此有更好的了解—他们通常会关闭电脑上的安全功能,
because those features slow things down or make the computer more complicated to use.
因为这些功能会让系统变慢或者许让电脑使用起来更加复杂。
Yet according to Dr Blythe, such human factors are often overlooked when security systems are tested.
不过按照Blythe博士的说法,当安全系统进行测试时,这样的人为的因素往往忽略掉。
This is partly because it would be impractical to manipulate the behaviour of users in ways that would give meaningful results.
因为这种行为会产生的是有意义的结果,在某种程度上来讲,模拟这种用户的行为是不切实际的。
He and his colleagues have therefore created a way of testing security systems with computer programs called cognitive agents.
他和他的同事因此就设计了一种测试安全系统的方法,这种方法包含一种被称之这认知行为者的计算机程序。
These agents' motives and behaviours can be fine-tuned to mess things up with the same aplomb as a real employee.
这些行为者的动机和行为与真实的雇员一样有着相应的沉着,它们可以进行精确地调节来搞砸某些事情。
The difference is that what happened can be analysed precisely afterwards.
有所不同的就是事后可以精确地分析这些行为者所发生的行为。
Each agent represents a run-of-the-mill user, a manager or a member of the IT staff.
每个行为者都代表一个普通的用户,一个经理或者说是一个信息部门的员工。
It is given its own set of beliefs, desires and intentions, along with a job to do and a deadline by which that job must be done.
每个行为者有自己的一套信仰,要求和意图,他们有工作并且必须在限定的时间内完成该工作。
All operations connected with the job are mediated through a standard Microsoft Windows interface that is hooked up to the security system.
所有与工作有关的操作都将通过一个标准的微软视窗界面进行协调,并且该界面与安全系统相连。
Agents can also be given group tasks, which in turn may be influenced by their own group dynamics.
同时,可以给行为者们分配集体任务,这些行为者的整体动态反过来又可以影响它们自己。
Put simply, the agents can have friends, shared interests and power relations,
简而言之,这些行为者可以拥有朋友,共享利益与权力关系,
and can trust some agents more than others, all of which will affect how quickly they perform the job at hand.
还可以更加信任其他的一些行为者,所有的这些行为都将会影响他们完成手头工作的进度。
Another factor that can influence an agent's behaviour is its physiology.
另外一个可以影响到行为者行为的因素就是它们的生理状态了。
Agents can get tired and become hungry, just like people.
行为者们就像人一样,会疲倦,会饥饿。
According to Dr Blythe, we have focused mainly on fatigue, the physical need to take breaks at regular intervals,
据Blythe说,我们已经集中于研究它们的疲劳了,行为者的身体需要定期的休息,
or the need to go to the bathroom.
或者需要去洗手间。
And agents may also skive off, choosing to switch to a spot of web browsing on a synthetic internet that the researchers have created for the purpose.
另外,行为者们也可能会偷懒,会切换到网页去浏览一些网上的同步内容——这些内容研究人员故意设计出来的。
The team plans a full-scale test later this year,
该小组计划于今年晚些时候进行全面的测试,
but preliminary results, which Dr Blythe will present to the Association for the Advancement of Artificial Intelligence's 25th annual conference in San Francisco on August 9th, look promising.
不过初步的结果看起来很有希望,该结果将由Blythe博士在人工智能发展学会第25次年会上发布—会议将于8月9日在旧金山举行。
For example, as users fall foul of so-called phishing attacks—giving away sensitive details such as passwords while browsing the internet,
例如,用户们遇到的所谓的钓鱼式攻击—在浏览网页的时候会泄露密码等敏感信息,
or allowing code that corrupts work files to be downloaded—the ability of IT staff to cope with the consequences diminishes as they become increasingly overwhelmed and tired.
或者那些导致毁坏文件的代码被下载下来—信息技术的工作人们处理这些问题的能力会随着他们增加的重担和持续的疲倦而下降。
The next stage after applying emotional and physiological pressure to the agents is to apply financial pressure—by constraining,
在考察了情绪和生理的压力后,下个阶段将会对行为者引入财务的压力因素的考察—
for example, an agent's income compared with the amount of money it needs to earn in order to meet its outgoings.
例如,与满足一个行为者开支所需的收入相比,通过限制它的收入来实现关于这种因素的考察。
Doing this may tempt some agents to double deal.
这样做的话,会使得一些行为者变得口是心非。
In time, then, Dr Blythe's agents may serve to vindicate another familiar saying about computers:
不久以后,Blythe博士的行为者或许就会证明另外一种关于电脑熟悉的说法:
that behind every error blamed on computers there are at least two human errors, including the error of blaming it on the computer.
每个人该指责的电脑背后至少有两个人为的错误,其中包括指责计算机错误的这个错误。