SaTC: CORE: Small: Defense by Deception of Smartphone Software Applications For Users With Disabilities

SaTC：核心：小型：针对残障用户的智能手机软件应用程序的欺骗防御

• 批准号: 2129739
• 负责人: Mark Grechanik
• 金额: $ 48.36万
• 依托单位: University of Illinois at Chicago
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-01-01 至 2024-12-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2129739&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Defense; Deception

Graphical User Interface (GUI)-based APplications (GAPs) are ubiquitous, both in business and personal use, and are deployed on diverse software and hardware smartphone platforms. Unfortunately, many users of such GAPs have disabilities - approximately 50 million in the USA alone and over 600 million worldwide - and it is difficult for these users to work with GAPs on their smartphones. Since there are hundreds of types of disabilities that may impair people in vision, movement, memory, oral communication and hearing, users with disabilities need specialized enhancements to GAPs that are based on accessibility technologies, which are fundamentally insecure, thus exposing users with disabilities to a variety of cyber-attacks. These malicious apps can use the accessibility technologies to prey on users with disabilities for financial gain, harming the users financially. Although there are hundreds of assistive approaches, there is almost no research to secure users with disabilities in using GAPs, especially after they are tricked to install and give permissions to run malicious assistive apps on their smartphones. This project addresses these issues by developing software to automatically deceive these malicious applications into revealing their intent, thus effectively detecting them, and protecting Internet users with disabilities. Furthermore, the project includes many activities to broaden the participation of underrepresented groups in computing.This project is based on a novel idea of the first-ever automated Defense by Deception (DbD) approach that protects targeted financial GAPs from malicious assistive apps by using game theory combined with weaponized phishing and realistic login generation, whereby smartphones will be secured even after complex malicious apps are deployed with full accessibility privileges. A key part of this project is to reconstructively generate fake GUIs of the doppelganger GAPs, whose user interface structures closely resemble the target financial GAP, from which the fake GUIs cannot be distinguished algorithmically. With the game-theoretical foundation of automating the use of deception to protect users with disabilities that the investigator produces in this research work, other researchers can collaborate more closely in securing GAPs by building on the proposed unifying abstraction of applying deception in an automated way.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

基于图形用户界面（GUI）的应用程序（GAP）在商业和个人使用中无处不在，并且部署在各种软件和硬件智能手机平台上。不幸的是，这种GAP的许多用户都有残疾-仅在美国就有大约5000万人，全球有6亿多人-这些用户很难在智能手机上使用GAP。由于有数百种类型的残疾可能会损害人们的视力、运动、记忆、口头交流和听力，残疾用户需要对基于无障碍技术的GAP进行专门的增强，这些技术从根本上说是不安全的，因此使残疾用户面临各种网络攻击。这些恶意应用程序可以使用无障碍技术来掠夺残疾用户以获取经济利益，从而在经济上损害用户。虽然有数百种辅助方法，但几乎没有研究可以保护残疾用户使用GAP，特别是在他们被欺骗安装并允许在智能手机上运行恶意辅助应用程序之后。该项目通过开发软件来解决这些问题，自动欺骗这些恶意应用程序以揭示其意图，从而有效地检测它们，并保护残疾互联网用户。此外，该项目还包括许多活动，以扩大代表性不足的群体在计算中的参与。该项目基于有史以来第一个自动防御欺骗（DbD）方法的新颖想法，该方法利用博弈论结合武器化网络钓鱼和真实的登录生成来保护目标金融GAP免受恶意辅助应用程序的攻击，从而即使在复杂的恶意应用程序被部署为具有完全可访问权限之后，智能手机也将受到保护。该项目的一个关键部分是重建生成的假GUI的二重GAP，其用户界面结构非常类似的目标金融GAP，其中的假GUI无法区分算法。随着自动化的欺骗使用，以保护用户的残疾人，调查员在这项研究工作中产生的游戏理论基础，其他研究人员可以通过建立以自动化方式应用欺骗的统一抽象来更密切地合作保护GAP。该奖项反映了NSF的法定使命，并被认为值得通过使用基金会的智力价值和更广泛的影响审查标准。