Collaborative Research: EAGER: Towards Safeguarding the Emerging Miniapp Paradigm in Mobile Super Apps
合作研究:EAGER:捍卫移动超级应用中新兴的小应用范式
基本信息
- 批准号:2330264
- 负责人:
- 金额:$ 15万
- 依托单位:
- 依托单位国家:美国
- 项目类别:Standard Grant
- 财政年份:2023
- 资助国家:美国
- 起止时间:2023-07-01 至 2025-06-30
- 项目状态:未结题
- 来源:
- 关键词:
项目摘要
The rapidly evolving miniapp paradigm within mobile computing is revolutionizing user engagement with mobile applications. Super apps, functioning as hosts with multiple services, facilitate the installation and operation of miniapps within their platforms, thereby cultivating an ecosystem akin to that of Google Play and Apple App Store. This approach, already adopted by leading social apps like WeChat, TikTok, and SnapChat, greatly enhances user convenience and interactivity. However, alongside these advancements, the miniapp paradigm ushers in distinct security and privacy challenges demanding urgent resolution. As the prevalence of miniapps continues to escalate, the establishment of proper safeguards struggles to keep pace. Existing security policies for managing system resources across modern mobile operating systems (OSs) often exhibit opacity and dispersion, impeding effective isolation of miniapps and concealing complexities inherent to diverse mobile OSs. Additionally, super apps, with their capacity to amass substantial user data from numerous miniapps, frequently avoid recognizing themselves as data controllers. This lack of transparency in data practices generates potential privacy threats and regulatory issues. This proposal aims to take the first step towards systematic understanding and safeguarding of the security and privacy of the emerging miniapp paradigm in mobile super apps. We recognize the pressing concerns related to this paradigm and aim to investigate new security and privacy threats, such as cross-platform support, the design and implementation of miniapp APIs, and the management of sensitive data with respect to access control and security and privacy policies. Our research will also explore innovative techniques for risk assessment and vulnerability detection within the miniapp ecosystem. Moreover, we propose to employ formal methods to rigorously reason about these policies and standardize the design and implementation of the APIs, enabling a more secure and privacy-compliant miniapp ecosystem. Our research is expected to pave the way for the development of practical solutions that can be rapidly adopted by super apps and miniapp developers to tackle the urgent security and privacy challenges in this field.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
移动的计算中快速发展的迷你应用范例正在彻底改变用户对移动的应用的参与。超级应用程序作为具有多种服务的主机,便于在其平台内安装和操作迷你应用程序,从而培养类似于Google Play和Apple App Store的生态系统。这种方法已经被微信、TikTok和SnapChat等领先的社交应用所采用,极大地提高了用户的便利性和互动性。然而,除了这些进步之外,迷你应用程序范式还带来了独特的安全和隐私挑战,需要紧急解决。随着迷你应用程序的流行程度不断升级,建立适当的保障措施很难跟上步伐。用于跨现代移动的操作系统(OS)管理系统资源的现有安全策略通常表现出不透明性和分散性,从而妨碍迷你应用的有效隔离并隐藏不同移动的OS固有的复杂性。此外,超级应用程序能够从众多迷你应用程序中收集大量用户数据,因此经常避免将自己视为数据控制者。数据实践缺乏透明度会产生潜在的隐私威胁和监管问题。该提案旨在迈出第一步,系统地理解和保护移动的超级应用程序中新兴迷你应用程序范式的安全和隐私。我们认识到与这种模式相关的紧迫问题,并旨在调查新的安全和隐私威胁,例如跨平台支持,miniapp API的设计和实现,以及访问控制和安全与隐私政策方面的敏感数据管理。我们的研究还将探索迷你应用生态系统中风险评估和漏洞检测的创新技术。此外,我们建议采用正式的方法来严格推理这些策略,并标准化API的设计和实现,从而实现更安全、更隐私的迷你应用生态系统。我们的研究有望为开发实用的解决方案铺平道路,这些解决方案可以被超级应用和迷你应用开发人员迅速采用,以应对该领域紧迫的安全和隐私挑战。该奖项反映了NSF的法定使命,并通过使用基金会的知识价值和更广泛的影响审查标准进行评估,被认为值得支持。
项目成果
期刊论文数量(0)
专著数量(0)
科研奖励数量(0)
会议论文数量(0)
专利数量(0)
数据更新时间:{{ journalArticles.updateTime }}
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
数据更新时间:{{ journalArticles.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ monograph.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ sciAawards.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ conferencePapers.updateTime }}
{{ item.title }}
- 作者:
{{ item.author }}
数据更新时间:{{ patent.updateTime }}
Zhiqiang Lin其他文献
Mammalian Myocardial Regeneration
哺乳动物心肌再生
- DOI:
10.1016/b978-0-12-381510-1.00039-9 - 发表时间:
2012 - 期刊:
- 影响因子:0
- 作者:
Bin Zhou;Zhiqiang Lin;W. Pu - 通讯作者:
W. Pu
Automatic Uncovering of Tap Points from Kernel Executions
自动发现内核执行中的分接点
- DOI:
10.1007/978-3-319-45719-2_3 - 发表时间:
2016 - 期刊:
- 影响因子:0
- 作者:
Junyuan Zeng;Yangchun Fu;Zhiqiang Lin - 通讯作者:
Zhiqiang Lin
Silver Cyanide Powder‐Catalyzed Selective Epoxidation of Cyclohexene and Styrene with its Surface Activation by H2O2(aq) and Assisted by CH3CN as a Non‐Innocent Solvent
氰化银粉末催化环己烯和苯乙烯的选择性环氧化,H2O2(aq) 表面活化,CH3CN 作为非无害溶剂辅助
- DOI:
10.1002/cctc.202200030 - 发表时间:
2022 - 期刊:
- 影响因子:4.5
- 作者:
Yu;Damodar Janmanchi;Thiyagarajan Natarajan;Zhiqiang Lin;W. H. Wanna;I. Hsu;D. Tzou;Tigist Ayalew Abay;S. S. Yu - 通讯作者:
S. S. Yu
An adhesive immune-stimulating multifunctional hydrogel for potent tumor chemoimmunotherapy and postoperative wound healing promotion
- DOI:
10.1002/adfm.202312360 - 发表时间:
2024 - 期刊:
- 影响因子:
- 作者:
Tianran Wang;Junfeng Ding;Shuang Liang;Zhiqiang Lin;Jiaxuan Yang;Zhen Zhang;Zheng Zou;Gao Li;Xuesi Chen;Chaoliang He - 通讯作者:
Chaoliang He
From Virtual Touch to Tesla Command: Unlocking Unauthenticated Control Chains From Smart Glasses for Vehicle Takeover
从虚拟触摸到 Tesla 命令:从智能眼镜解锁未经身份验证的控制链以接管车辆
- DOI:
- 发表时间:
- 期刊:
- 影响因子:0
- 作者:
Xingli Zhang;∗. YazhouTu;Yan Long;Liqun Shan;Mohamed A Elsaadani;Kevin Fu;Zhiqiang Lin;X. Hei - 通讯作者:
X. Hei
Zhiqiang Lin的其他文献
{{
item.title }}
{{ item.translation_title }}
- DOI:
{{ item.doi }} - 发表时间:
{{ item.publish_year }} - 期刊:
- 影响因子:{{ item.factor }}
- 作者:
{{ item.authors }} - 通讯作者:
{{ item.author }}
{{ truncateString('Zhiqiang Lin', 18)}}的其他基金
Collaborative Proposal: SaTC: Frontiers: Center for Distributed Confidential Computing (CDCC)
协作提案:SaTC:前沿:分布式机密计算中心 (CDCC)
- 批准号:
2207202 - 财政年份:2022
- 资助金额:
$ 15万 - 项目类别:
Continuing Grant
Collaborative Research: PPoSS: Planning: Scaling Autonomous Vehicle Systems at the Edge: from On-Board Processing to Cloud Infrastructure
合作研究:PPoSS:规划:扩展边缘自主车辆系统:从车载处理到云基础设施
- 批准号:
2118491 - 财政年份:2021
- 资助金额:
$ 15万 - 项目类别:
Standard Grant
EDU: Collaborative: Using Virtual Machine Introspection for Deep Cyber Security Education
EDU:协作:使用虚拟机自省进行深度网络安全教育
- 批准号:
1834214 - 财政年份:2018
- 资助金额:
$ 15万 - 项目类别:
Standard Grant
TWC: Medium: Collaborative: Systems, Tools, and Techniques for Executing, Managing, and Securing SGX Programs
TWC:媒介:协作:用于执行、管理和保护 SGX 程序的系统、工具和技术
- 批准号:
1834213 - 财政年份:2018
- 资助金额:
$ 15万 - 项目类别:
Standard Grant
SDI-CSCS: Collaborative Research: S2OS Enabling Infrastructure-Wide Programmable Security with SDI
SDI-CSCS:协作研究:S2OS 通过 SDI 实现基础设施范围内的可编程安全性
- 批准号:
1834216 - 财政年份:2018
- 资助金额:
$ 15万 - 项目类别:
Continuing Grant
CAREER: A Dual-VM Binary Code Reuse Based Framework for Automated Virtual Machine Introspection
职业:基于双虚拟机二进制代码重用的自动化虚拟机自省框架
- 批准号:
1834215 - 财政年份:2018
- 资助金额:
$ 15万 - 项目类别:
Continuing Grant
SDI-CSCS: Collaborative Research: S2OS Enabling Infrastructure-Wide Programmable Security with SDI
SDI-CSCS:协作研究:S2OS 通过 SDI 实现基础设施范围内的可编程安全性
- 批准号:
1700507 - 财政年份:2017
- 资助金额:
$ 15万 - 项目类别:
Continuing Grant
TWC: Medium: Collaborative: Systems, Tools, and Techniques for Executing, Managing, and Securing SGX Programs
TWC:媒介:协作:用于执行、管理和保护 SGX 程序的系统、工具和技术
- 批准号:
1564112 - 财政年份:2016
- 资助金额:
$ 15万 - 项目类别:
Standard Grant
EDU: Collaborative: Using Virtual Machine Introspection for Deep Cyber Security Education
EDU:协作:使用虚拟机自省进行深度网络安全教育
- 批准号:
1623325 - 财政年份:2016
- 资助金额:
$ 15万 - 项目类别:
Standard Grant
CI-P: Collaborative: A Community-Driven Open Research Infrastructure for Intel SGX
CI-P:协作:面向英特尔 SGX 的社区驱动的开放研究基础设施
- 批准号:
1629951 - 财政年份:2016
- 资助金额:
$ 15万 - 项目类别:
Standard Grant
相似国自然基金
Research on Quantum Field Theory without a Lagrangian Description
- 批准号:24ZR1403900
- 批准年份:2024
- 资助金额:0.0 万元
- 项目类别:省市级项目
Cell Research
- 批准号:31224802
- 批准年份:2012
- 资助金额:24.0 万元
- 项目类别:专项基金项目
Cell Research
- 批准号:31024804
- 批准年份:2010
- 资助金额:24.0 万元
- 项目类别:专项基金项目
Cell Research (细胞研究)
- 批准号:30824808
- 批准年份:2008
- 资助金额:24.0 万元
- 项目类别:专项基金项目
Research on the Rapid Growth Mechanism of KDP Crystal
- 批准号:10774081
- 批准年份:2007
- 资助金额:45.0 万元
- 项目类别:面上项目
相似海外基金
Collaborative Research: EAGER: IMPRESS-U: Groundwater Resilience Assessment through iNtegrated Data Exploration for Ukraine (GRANDE-U)
合作研究:EAGER:IMPRESS-U:通过乌克兰综合数据探索进行地下水恢复力评估 (GRANDE-U)
- 批准号:
2409395 - 财政年份:2024
- 资助金额:
$ 15万 - 项目类别:
Standard Grant
EAGER/Collaborative Research: An LLM-Powered Framework for G-Code Comprehension and Retrieval
EAGER/协作研究:LLM 支持的 G 代码理解和检索框架
- 批准号:
2347624 - 财政年份:2024
- 资助金额:
$ 15万 - 项目类别:
Standard Grant
EAGER/Collaborative Research: Revealing the Physical Mechanisms Underlying the Extraordinary Stability of Flying Insects
EAGER/合作研究:揭示飞行昆虫非凡稳定性的物理机制
- 批准号:
2344215 - 财政年份:2024
- 资助金额:
$ 15万 - 项目类别:
Standard Grant
Collaborative Research: EAGER: Designing Nanomaterials to Reveal the Mechanism of Single Nanoparticle Photoemission Intermittency
合作研究:EAGER:设计纳米材料揭示单纳米粒子光电发射间歇性机制
- 批准号:
2345581 - 财政年份:2024
- 资助金额:
$ 15万 - 项目类别:
Standard Grant
Collaborative Research: EAGER: Designing Nanomaterials to Reveal the Mechanism of Single Nanoparticle Photoemission Intermittency
合作研究:EAGER:设计纳米材料揭示单纳米粒子光电发射间歇性机制
- 批准号:
2345582 - 财政年份:2024
- 资助金额:
$ 15万 - 项目类别:
Standard Grant
Collaborative Research: EAGER: Designing Nanomaterials to Reveal the Mechanism of Single Nanoparticle Photoemission Intermittency
合作研究:EAGER:设计纳米材料揭示单纳米粒子光电发射间歇性机制
- 批准号:
2345583 - 财政年份:2024
- 资助金额:
$ 15万 - 项目类别:
Standard Grant
Collaborative Research: EAGER: The next crisis for coral reefs is how to study vanishing coral species; AUVs equipped with AI may be the only tool for the job
合作研究:EAGER:珊瑚礁的下一个危机是如何研究正在消失的珊瑚物种;
- 批准号:
2333604 - 财政年份:2024
- 资助金额:
$ 15万 - 项目类别:
Standard Grant
Collaborative Research: EAGER: Energy for persistent sensing of carbon dioxide under near shore waves.
合作研究:EAGER:近岸波浪下持续感知二氧化碳的能量。
- 批准号:
2339062 - 财政年份:2024
- 资助金额:
$ 15万 - 项目类别:
Standard Grant
Collaborative Research: EAGER: The next crisis for coral reefs is how to study vanishing coral species; AUVs equipped with AI may be the only tool for the job
合作研究:EAGER:珊瑚礁的下一个危机是如何研究正在消失的珊瑚物种;
- 批准号:
2333603 - 财政年份:2024
- 资助金额:
$ 15万 - 项目类别:
Standard Grant
EAGER/Collaborative Research: An LLM-Powered Framework for G-Code Comprehension and Retrieval
EAGER/协作研究:LLM 支持的 G 代码理解和检索框架
- 批准号:
2347623 - 财政年份:2024
- 资助金额:
$ 15万 - 项目类别:
Standard Grant