|
Security policies often base access decisions on temporal context (e.g., time of day) and environmental context (e.g., geographic location). Access control policies for operating systems frequently consider execution context (e.g., user ID, program arguments). However, little has been done to incorporate user expectation context into security decision mechanisms. Text artifacts provide a source of user expectation context. When finding, installing, and running software, users are shown natural language text, e.g., textual functionality descriptions, permission requests, privacy notices, and user interface text. This research aims to improve security decisions using expectation context, by relating user-facing natural language text with security operations.
This research focuses specifically on mobile applications by incorporating expectation context when making security decisions. Mobile applications provide specific forms of user text and security operations. This research considers the relationship between an application's description or user interface text and different granularities of security operations. The research forms the foundation for techniques and tools that inform mobile-device users of the security and privacy implications of installing mobile applications. As broader impacts, this research enables developers to produce more secure mobile applications and enables users to use more secure mobile applications.
|
TWC: Medium: Collaborative: Improving Mobile-Application Security via Text Analytics