TWC: Medium: Collaborative: Improving Mobile-Application Security via Text Analytics

TWC：媒介：协作：通过文本分析提高移动应用程序安全性

• 批准号: 1513690
• 负责人: William Enck
• 金额: $ 30万
• 依托单位: North Carolina State University
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2015
• 资助国家: 美国
• 起止时间: 2015-07-01 至 2019-06-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1513690&HistoricalAwards=false
• 关键词: TWC; Medium; Collaborative; Improving; Mobile

Security policies often base access decisions on temporal context (e.g., time of day) and environmental context (e.g., geographic location). Access control policies for operating systems frequently consider execution context (e.g., user ID, program arguments). However, little has been done to incorporate user expectation context into security decision mechanisms. Text artifacts provide a source of user expectation context. When finding, installing, and running software, users are shown natural language text, e.g., textual functionality descriptions, permission requests, privacy notices, and user interface text. This research aims to improve security decisions using expectation context, by relating user-facing natural language text with security operations.This research focuses specifically on mobile applications by incorporating expectation context when making security decisions. Mobile applications provide specific forms of user text and security operations. This research considers the relationship between an application's description or user interface text and different granularities of security operations. The research forms the foundation for techniques and tools that inform mobile-device users of the security and privacy implications of installing mobile applications. As broader impacts, this research enables developers to produce more secure mobile applications and enables users to use more secure mobile applications.

安全策略通常基于时间上下文（例如，一天中的时间）和环境背景（例如，地理位置）。操作系统的访问控制策略经常考虑执行上下文（例如，用户ID、程序参数）。然而，很少有人把用户的期望上下文到安全决策机制。文本工件提供了用户期望上下文的来源。在查找、安装和运行软件时，向用户显示自然语言文本，例如，文本功能描述、权限请求、隐私声明和用户界面文本。本研究旨在通过将面向用户的自然语言文本与安全操作联系起来，利用期望上下文来改进安全决策。本研究特别关注移动的应用程序，在做出安全决策时结合期望上下文。移动的应用程序提供特定形式的用户文本和安全操作。这项研究考虑了应用程序的描述或用户界面文本和不同粒度的安全操作之间的关系。这项研究为技术和工具奠定了基础，这些技术和工具可以告知移动设备用户安装移动的应用程序的安全性和隐私影响。作为更广泛的影响，这项研究使开发人员能够产生更安全的移动的应用程序，并使用户能够使用更安全的移动的应用程序。