CAREER: Enhancing Mobile Application Security through Contextual Integrity and User Awareness
职业:通过上下文完整性和用户意识增强移动应用程序安全性
基本信息
- 批准号:2318483
- 负责人:
- 金额:$ 50万
- 依托单位:
- 依托单位国家:美国
- 项目类别:Continuing Grant
- 财政年份:2023
- 资助国家:美国
- 起止时间:2023-02-15 至 2026-07-31
- 项目状态:未结题
- 来源:
- 关键词:
项目摘要
As mobile applications (i.e., apps) have become an integral part of daily life, their increasing access to users' sensitive data (e.g., location and contacts) raises serious security concerns. Mainstream smartphone platforms (e.g., Android and iOS) adopt permission-based access-control mechanisms, but such mechanisms fail to consider the context in which permission requests arise and do not explain how and why the app uses sensitive data, causing users to make uninformed decisions. The goal of this project is to develop a context- and user-aware security framework that enables (G1) contextual integrity by notifying users only when sensitive data is used in the ways that cannot be justified by the contexts and the apps’ intentions, and (G2) user awareness by generating natural-language (NL) descriptions that explain the sensitive data uses. The research will have four major tasks. First, the research team will develop a context- and intention-aware model that represents the correlation between the contexts/intentions and the sensitive behaviors in the code, where the contexts and intentions are expressed mainly by unstructured information (i.e., images and text) in the Graphical User Interfaces (GUIs). Second, the team will develop novel program-analysis techniques that associate the contexts and the intentions in GUIs to the sensitive behaviors in the code, which enables the construction of a large-scale high-quality training data. Third, the team will develop a neural machine-translation model that takes as input the contextual information provided by GUI contexts and the vocabulary provided by privacy policies, and synthesizes descriptions for sensitive behaviors in the code. Finally, the team will develop a lightweight instrumentation system that integrates the results of the detected undesired behaviors and the synthesized descriptions. The success of this project will enhance the security of society at large by leading to more secure mobile apps, and the proposed techniques will provide new insights for the cooperation of program analysis and machine learning. New techniques and tools developed in this project will be integrated into undergraduate and graduate education and used to raise public awareness of the importance of mobile-app security.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
作为移动的应用(即,应用程序)已经成为日常生活的组成部分,它们对用户的敏感数据(例如,地点和联系人)引起了严重的安全关切。主流智能手机平台(例如,Android和iOS)采用基于权限的访问控制机制,但此类机制未能考虑权限请求产生的上下文,也没有解释应用程序如何以及为什么使用敏感数据,导致用户做出不知情的决定。该项目的目标是开发一个上下文和用户感知的安全框架,该框架通过仅在敏感数据以上下文和应用程序意图无法证明的方式使用时通知用户来实现(G1)上下文完整性,以及(G2)通过生成解释敏感数据使用的自然语言(NL)描述来实现用户感知。 研究将有四个主要任务。首先,研究团队将开发一个上下文和意图感知模型,该模型表示上下文/意图与代码中的敏感行为之间的相关性,其中上下文和意图主要由非结构化信息(即,图像和文本)在图形用户界面(GUI)中。其次,该团队将开发新的程序分析技术,将GUI中的上下文和意图与代码中的敏感行为相关联,从而能够构建大规模的高质量训练数据。第三,该团队将开发一个神经机器翻译模型,该模型将GUI上下文提供的上下文信息和隐私策略提供的词汇作为输入,并合成代码中敏感行为的描述。最后,该团队将开发一个轻量级的仪器系统,该系统将检测到的不良行为的结果和合成的描述集成在一起。该项目的成功将通过产生更安全的移动的应用程序来增强整个社会的安全性,并且所提出的技术将为程序分析和机器学习的合作提供新的见解。该项目开发的新技术和工具将被整合到本科和研究生教育中,并用于提高公众对移动应用程序安全重要性的认识。该奖项反映了NSF的法定使命,并通过使用基金会的知识价值和更广泛的影响审查标准进行评估,被认为值得支持。
项目成果
期刊论文数量(3)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)
Prompt Learning Unlocked for App Promotion in the Wild
快速学习可在野外推广应用程序
- DOI:
- 发表时间:2023
- 期刊:
- 影响因子:0
- 作者:Ouyang, Zhongyu;Hou, Shifu;Ma, Shang;Chen, Chaoran;Zhang, Chunhui;Li, Toby;Xiao, Xusheng;Zhang, Chuxu;Ye, Yanfang
- 通讯作者:Ye, Yanfang
Wemint:Tainting Sensitive Data Leaks in WeChat Mini-Programs
- DOI:10.1109/ase56229.2023.00151
- 发表时间:2023-09
- 期刊:
- 影响因子:0
- 作者:Shi Meng;Liu Wang;Shenao Wang;Kailong Wang;Xusheng Xiao;Guangdong Bai;Haoyu Wang
- 通讯作者:Shi Meng;Liu Wang;Shenao Wang;Kailong Wang;Xusheng Xiao;Guangdong Bai;Haoyu Wang
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
数据更新时间:{{ journalArticles.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ monograph.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ sciAawards.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ conferencePapers.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ patent.updateTime }}
Xusheng Xiao其他文献
Quantitative analysis of internal defects in chalcogenide glass infrared fibers via 3D scattering imaging
通过三维散射成像对硫系玻璃红外光纤内部缺陷进行定量分析
- DOI:
10.1016/j.optlastec.2025.112963 - 发表时间:
2025-10-01 - 期刊:
- 影响因子:5.000
- 作者:
Yuxin Tang;Yantao Xu;Xiaoxia Cui;Xusheng Xiao;Depeng Kong;Wenlong Li;Zhen Liu;Haitao Guo - 通讯作者:
Haitao Guo
Context-sensitive delta inference for identifying workload-dependent performance bottlenecks
- DOI:
10.1145/2483760.2483784 - 发表时间:
2013-07 - 期刊:
- 影响因子:0
- 作者:
Xusheng Xiao - 通讯作者:
Xusheng Xiao
Gain-switched watt-level thulium-doped fiber laser and amplifier operating at 1.7 μm
- DOI:
10.1017/hpl.2022.33 - 发表时间:
2022 - 期刊:
- 影响因子:4.8
- 作者:
Yang Xiao;Xusheng Xiao;Lutao Liu;Haitao Guo - 通讯作者:
Haitao Guo
APTrace: A Responsive System for Agile Enterprise Level Causality Analysis
APTrace:敏捷企业级因果关系分析的响应系统
- DOI:
- 发表时间:
2020 - 期刊:
- 影响因子:0
- 作者:
Jiaping Gui;Ding Li;Zhengzhang Chen;J. Rhee;Xusheng Xiao;Mu Zhang;Kangkook Jee;Zhichun Li;Haifeng Chen - 通讯作者:
Haifeng Chen
A Query System for Efficiently Investigating Complex Attack Behaviors for Enterprise Security
高效调查企业安全复杂攻击行为的查询系统
- DOI:
- 发表时间:
2018 - 期刊:
- 影响因子:2.5
- 作者:
Peng Gao;Xusheng Xiao;Zhichun Li;Kangkook Jee;Fengyuan Xu;Sanjeev R. Kulkarni;Prateek Mittal - 通讯作者:
Prateek Mittal
Xusheng Xiao的其他文献
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
{{ truncateString('Xusheng Xiao', 18)}}的其他基金
Collaborative Research: EAGER: Enhancing Security and Privacy of Augmented Reality Mobile Applications through Software Behavior Analysis
合作研究:EAGER:通过软件行为分析增强增强现实移动应用程序的安全性和隐私性
- 批准号:
2221842 - 财政年份:2022
- 资助金额:
$ 50万 - 项目类别:
Standard Grant
Collaborative Research: EAGER: Enhancing Security and Privacy of Augmented Reality Mobile Applications through Software Behavior Analysis
合作研究:EAGER:通过软件行为分析增强增强现实移动应用程序的安全性和隐私性
- 批准号:
2318486 - 财政年份:2022
- 资助金额:
$ 50万 - 项目类别:
Standard Grant
CAREER: Enhancing Mobile Application Security through Contextual Integrity and User Awareness
职业:通过上下文完整性和用户意识增强移动应用程序安全性
- 批准号:
2046953 - 财政年份:2021
- 资助金额:
$ 50万 - 项目类别:
Continuing Grant
SaTC: CORE: Small: Scalable Cyber Attack Investigation using Declarative Queriesand Interrogative Analysis
SaTC:核心:小型:使用声明性查询和疑问分析进行可扩展的网络攻击调查
- 批准号:
2028748 - 财政年份:2020
- 资助金额:
$ 50万 - 项目类别:
Standard Grant
CRII: SaTC: Enhancing Mobile App Security by Detecting Icon-Behavior Contradiction
CRII:SaTC:通过检测图标行为矛盾来增强移动应用程序安全性
- 批准号:
1755772 - 财政年份:2018
- 资助金额:
$ 50万 - 项目类别:
Standard Grant
相似海外基金
REU Site: Enhancing Undergraduate Experiences in Data and Mobile Cloud Security
REU 网站:增强本科生在数据和移动云安全方面的经验
- 批准号:
2349233 - 财政年份:2024
- 资助金额:
$ 50万 - 项目类别:
Standard Grant
ERI: From Data to Design: Enhancing Pedestrian Infrastructure for Well-Being through Mobile Sensing and Experience Sampling in the Wild
ERI:从数据到设计:通过移动传感和野外体验采样增强行人基础设施以促进福祉
- 批准号:
2347012 - 财政年份:2024
- 资助金额:
$ 50万 - 项目类别:
Standard Grant
Enhancing safety of liquid and vaporised hydrogen transfer technologies in public areas for mobile applications
增强公共区域移动应用液态和汽化氢传输技术的安全性
- 批准号:
10063519 - 财政年份:2023
- 资助金额:
$ 50万 - 项目类别:
EU-Funded
CAREER: Enhancing Energy Efficiency in Mobile Augmented Reality Apps
职业:提高移动增强现实应用程序的能源效率
- 批准号:
2421244 - 财政年份:2023
- 资助金额:
$ 50万 - 项目类别:
Continuing Grant
ELVHYS - Enhancing safety of Liquid and Vaporised HYdrogen transfer technologies in public areas for mobile applicationS
ELVHYS - 增强移动应用公共区域液态和汽化氢传输技术的安全性
- 批准号:
10070592 - 财政年份:2023
- 资助金额:
$ 50万 - 项目类别:
EU-Funded
Enhancing detection and mobile monitoring of schistosomiasis with urine-based analyte pre-concentration technology
利用基于尿液的分析物预浓缩技术加强血吸虫病的检测和移动监测
- 批准号:
10697011 - 财政年份:2023
- 资助金额:
$ 50万 - 项目类别:
Collaborative Research: EAGER: Enhancing Security and Privacy of Augmented Reality Mobile Applications through Software Behavior Analysis
合作研究:EAGER:通过软件行为分析增强增强现实移动应用程序的安全性和隐私性
- 批准号:
2221842 - 财政年份:2022
- 资助金额:
$ 50万 - 项目类别:
Standard Grant
CAREER: Enhancing Energy Efficiency in Mobile Augmented Reality Apps
职业:提高移动增强现实应用程序的能源效率
- 批准号:
2142406 - 财政年份:2022
- 资助金额:
$ 50万 - 项目类别:
Continuing Grant
Collaborative Research: EAGER: Enhancing Security and Privacy of Augmented Reality Mobile Applications through Software Behavior Analysis
合作研究:EAGER:通过软件行为分析增强增强现实移动应用程序的安全性和隐私性
- 批准号:
2318486 - 财政年份:2022
- 资助金额:
$ 50万 - 项目类别:
Standard Grant
Collaborative Research: EAGER: Enhancing Security and Privacy of Augmented Reality Mobile Applications through Software Behavior Analysis
合作研究:EAGER:通过软件行为分析增强增强现实移动应用程序的安全性和隐私性
- 批准号:
2221843 - 财政年份:2022
- 资助金额:
$ 50万 - 项目类别:
Standard Grant