TWC SBE: Medium: Collaborative: User-Centric Risk Communication and Control on Mobile Devices

TWC SBE：媒介：协作：移动设备上以用户为中心的风险沟通和控制

• 批准号: 1314688
• 负责人: Ninghui Li
• 金额: $ 83.82万
• 依托单位: Purdue University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2013
• 资助国家: 美国
• 起止时间: 2013-09-01 至 2018-08-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1314688&HistoricalAwards=false
• 关键词: TWC; SBE; Medium; Collaborative; User

Risk communication is an important part of many cyber security mechanisms. Android's current risk communication mechanism is based on security warnings and has been demonstrated to be ineffective because users become habituated to ignore such warnings and tend to consent to all prompts. This multi-disciplinary research project aims at developing holistic solutions to usable risk communication and control for the Android platform. This project investigates an approach that presents risk information at multiple granularities, including a high-level numerical risk summary, an intermediate-level summary of risk for different dimensions, and detailed risk information. The high-level risk summary is computed by information integration techniques, using information discovered from multiple sources, e.g., user reviews and app source code. This summary enables proactive risk communication (e.g., when the user searches for apps) so that users can take this information into the decision process. This project also introduces a multi-mode approach that, in addition to communicating risks, also controls risks in the sense of discouraging risky applications and ensuring that users truly understand the risks. The project develops mechanisms that aggregate, communicate, and control risks incurred by apps at runtime, and ways to personalize risk integration, communicate, and control techniques to accommodate differences among users.This project is expected to advance the state of the art in principles and techniques to risk communication and control, and has the potential to impact the Android app ecosystem by collaboration with Google researchers.

风险沟通是许多网络安全机制的重要组成部分。 Android当前的风险沟通机制基于安全警告，但已被证明是无效的，因为用户习惯于忽略此类警告并倾向于同意所有提示。 这个多学科研究项目旨在开发适用于 Android 平台的可用风险沟通和控制的整体解决方案。 该项目研究了一种以多种粒度呈现风险信息的方法，包括高级数字风险摘要、不同维度的中级风险摘要以及详细的风险信息。 高级风险摘要是通过信息集成技术使用从多个来源（例如用户评论和应用程序源代码）发现的信息来计算的。 此摘要支持主动风险沟通（例如，当用户搜索应用程序时），以便用户可以将此信息纳入决策过程。 该项目还引入了一种多模式方法，除了沟通风险之外，还可以从阻止有风险的应用程序并确保用户真正了解风险的意义上控制风险。 该项目开发了聚合、沟通和控制应用程序在运行时产生的风险的机制，以及个性化风险集成、沟通和控制技术的方法，以适应用户之间的差异。该项目预计将推进风险沟通和控制的原理和技术的最先进水平，并有可能通过与谷歌研究人员的合作影响Android应用程序生态系统。