Sylvia J. Spengler CNS Division Of Computer and Network Systems
CSE Direct For Computer & Info Scie & Enginr
September 1, 2013
August 31, 2017 (Estimated)
Awarded Amount to Date:
Ninghui Li firstname.lastname@example.org (Principal Investigator)
Robert Proctor (Co-Principal Investigator) Luo Si (Co-Principal Investigator)
West Lafayette, IN
Secure &Trustworthy Cyberspace
Program Reference Code(s):
Program Element Code(s):
Risk communication is an important part of many cyber security mechanisms. Android's current risk communication mechanism is based on security warnings and has been demonstrated to be ineffective because users become habituated to ignore such warnings and tend to consent to all prompts. This multi-disciplinary research project aims at developing holistic solutions to usable risk communication and control for the Android platform.
This project investigates an approach that presents risk information at multiple granularities, including a high-level numerical risk summary, an intermediate-level summary of risk for different dimensions, and detailed risk information. The high-level risk summary is computed by information integration techniques, using information discovered from multiple sources, e.g., user reviews and app source code. This summary enables proactive risk communication (e.g., when the user searches for apps) so that users can take this information into the decision process.
This project also introduces a multi-mode approach that, in addition to communicating risks, also controls risks in the sense of discouraging risky applications and ensuring that users truly understand the risks. The project develops mechanisms that aggregate, communicate, and control risks incurred by apps at runtime, and ways to personalize risk integration, communicate, and control techniques to accommodate differences among users.
This project is expected to advance the state of the art in principles and techniques to risk communication and control, and has the potential to impact the Android app ecosystem by collaboration with Google researchers.
PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH
Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).
Some links on this page may take you to non-federal websites. Their policies may differ from this site.
Chris S. Gates, Jing Chen, Ninghui Li, Robert W. Proctor. "Effective Risk Communication for Android Apps," IEEE Transactions on Dependable and Secure Computing, v.11, 2014, p. 252-265.
Cen Lei, Chris S. Gates, Luo Si, Ninghui Li. "A Probabilistic Discriminative Model for Android Malware Detection with Decompiled Source Code," IEEE Transactions on Dependable and Secure Computing, v.11, 2014.
Jing Chen, Christopher S. Gates, Ninghui Li, Robert W. Proctor. "Influence of Risk/Safety Information Framing on Android App-Installation Decisions," Journal of Cognitive Engineering and Decision Making, v.9, 2015, p. 149-168.
Robert W. Proctor & Jing Chen. "The Role of Human Factors/Ergonomics in the Science of Security: Decision Making and Action Selection in Cyberspace.," Human Factors, 2015.