|
Risk communication is an important part of many cyber security mechanisms. Android's current risk communication mechanism is based on security warnings and has been demonstrated to be ineffective because users become habituated to ignore such warnings and tend to consent to all prompts. This multi-disciplinary research project aims at developing holistic solutions to usable risk communication and control for the Android platform.
This project investigates an approach that presents risk information at multiple granularities, including a high-level numerical risk summary, an intermediate-level summary of risk for different dimensions, and detailed risk information. The high-level risk summary is computed by information integration techniques, using information discovered from multiple sources, e.g., user reviews and app source code. This summary enables proactive risk communication (e.g., when the user searches for apps) so that users can take this information into the decision process.
This project also introduces a multi-mode approach that, in addition to communicating risks, also controls risks in the sense of discouraging risky applications and ensuring that users truly understand the risks. The project develops mechanisms that aggregate, communicate, and control risks incurred by apps at runtime, and ways to personalize risk integration, communicate, and control techniques to accommodate differences among users.
This project is expected to advance the state of the art in principles and techniques to risk communication and control, and has the potential to impact the Android app ecosystem by collaboration with Google researchers.
|
TWC SBE: Medium: Collaborative: User-Centric Risk Communication and Control on Mobile Devices