SaTC: CORE: Small: Defense by Deception of Smartphone Software Applications For Users With Disabilities

SaTC：核心：小型：针对残障用户的智能手机软件应用程序的欺骗防御

• 批准号: 2129739
• 负责人: Mark Grechanik
• 金额: $ 48.36万
• 依托单位: University of Illinois at Chicago
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-01-01 至 2024-12-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2129739&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Defense; Deception

Graphical User Interface (GUI)-based APplications (GAPs) are ubiquitous, both in business and personal use, and are deployed on diverse software and hardware smartphone platforms. Unfortunately, many users of such GAPs have disabilities - approximately 50 million in the USA alone and over 600 million worldwide - and it is difficult for these users to work with GAPs on their smartphones. Since there are hundreds of types of disabilities that may impair people in vision, movement, memory, oral communication and hearing, users with disabilities need specialized enhancements to GAPs that are based on accessibility technologies, which are fundamentally insecure, thus exposing users with disabilities to a variety of cyber-attacks. These malicious apps can use the accessibility technologies to prey on users with disabilities for financial gain, harming the users financially. Although there are hundreds of assistive approaches, there is almost no research to secure users with disabilities in using GAPs, especially after they are tricked to install and give permissions to run malicious assistive apps on their smartphones. This project addresses these issues by developing software to automatically deceive these malicious applications into revealing their intent, thus effectively detecting them, and protecting Internet users with disabilities. Furthermore, the project includes many activities to broaden the participation of underrepresented groups in computing.This project is based on a novel idea of the first-ever automated Defense by Deception (DbD) approach that protects targeted financial GAPs from malicious assistive apps by using game theory combined with weaponized phishing and realistic login generation, whereby smartphones will be secured even after complex malicious apps are deployed with full accessibility privileges. A key part of this project is to reconstructively generate fake GUIs of the doppelganger GAPs, whose user interface structures closely resemble the target financial GAP, from which the fake GUIs cannot be distinguished algorithmically. With the game-theoretical foundation of automating the use of deception to protect users with disabilities that the investigator produces in this research work, other researchers can collaborate more closely in securing GAPs by building on the proposed unifying abstraction of applying deception in an automated way.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

基于图形的用户界面（GUI）应用程序（差距）无处不在，无论是在商业和个人使用中，并且都在多样化的软件和硬件智能手机平台上部署。不幸的是，许多此类差距的用户都有残疾 - 仅在美国，大约有5000万个用户在全球范围内超过6亿次 - 这些用户很难在其智能手机上处理差距。由于有数百种类型的残疾可能会损害视力，运动，记忆，口腔交流和听力的人，因此残疾用户需要专门的增强功能来实现基于可及性技术的差距，这些差距从根本上是不可能的，从而使残疾用户暴露于各种网络攻击中。这些恶意应用程序可以使用可访问性技术来捕食残疾用户的经济利益，从而在财务上损害用户。尽管有数百种辅助方法，但几乎没有研究来确保残疾用户使用空白，尤其是在他们被欺骗他们安装并提供了在其智能手机上运行恶意辅助应用程序的许可之后。该项目通过开发软件来解决这些问题，以自动欺骗这些恶意应用程序以揭示其意图，从而有效地检测到它们并保护残疾人的互联网用户。此外，该项目包括许多活动，以扩大代表性不足的群体参与计算。该项目基于对有史以来第一个通过欺骗（DBD）方法进行自动防御（DBD）方法的新颖概念，该方法可以通过使用武器的网络钓鱼和智能的智能范围来保护有针对性的财务差距（DBD）方法，从而通过使用游戏理论进行了更加智能的范围来保护恶意的辅助应用程序，甚至将其与现实的私人置于智能范围内。该项目的一个关键部分是重新构造生成Doppelganger差距的假GUI，其用户界面结构非常类似于目标财务差距，从而无法从中无法区分算法。凭借游戏理论的基础，该基础是使用脱衣来保护研究人员在这项研究工作中产生的残疾用户，其他研究人员可以通过建立拟议的统一统一欺骗的欺骗性欺骗的方式来更加紧密地合作，以自动化的方式进行欺骗。这一奖项反映了NSF的法定委员和审查的范围，并通过评估了Intelpriatiach的范围。