Characteristic Studies of User- Perceived Information in Security Analysis Wei Yang Univ. of Illinois.

Slides:



Advertisements
Similar presentations
Google Forms King William County Schools.  Google Forms is a free tool from Google that allows you to do the following: ● Create forms, surveys, quizzes,
Advertisements

AIMSweb Progress Monitor Online User Training
How-To & Search Strategies April 16 th, Contents Using Grant Forward Search Results Filtering your Search – Keywords – Categories – Sponsors – Deadlines.
6 th Annual Focus Users’ Conference 6 th Annual Focus Users’ Conference Accounts Receivable Presented by: Robert Myers Presented by: Robert Myers.
SMART Tip Sheets Maryland February 2008 IGSR Technical Support: SMART Basic Navigation Menus/Toolbars Navigation Buttons/Table Actions Controls.
Chapter 11 - Monitoring Server Performance1 Ch. 11 – Monitoring Server Performance MIS 431 – created Spring 2006.
Tutorial Holdings Management Adding, Editing, and Assigning Notes support.ebsco.com.
1 Introduction to Human Computer Interaction  Livecode Overview  Based on Livecode User Guide from RunRev Ltd. (2010) 
Exploring the Basics of Windows XP
1 CGS1060 Mobile UIs Copyright 2012 by Janson Industries.
Lawson System Foundation 9.0
SATERN for Supervisors May Session Objectives At the end of the session, participants will be able to:  Describe the benefits of SATERN.  Log.
Career Exploration Armstrong Middle School. Career Exploration Session 1 PLEASE ENTER SILENTLY AND LOG IN TO A COMPUTER.
Adagio4 Web Content Management EP Information Offices.
LGC Website and Customer On-line Tools LGC RESOURCE 2014.
Visual Basic Chapter 1 Mr. Wangler.
1 Entering Grades and Indicators in the Standards-Based Report Card (SBRC) Users Manual for SBRC On-line Entry Interim Progress ReportsInterim Progress.
OFFICE 365 C&G USER TRAINING. PRESENT BY MICROSOFT SOLUTION ENTERPRISE SECTION.
Microsoft Windows Vista Chapter 1 Fundamentals of Using Microsoft Windows Vista.
Automating Database Processing Chapter 6. Chapter Introduction Design and implement user-friendly menu – Called navigation form Macros – Automate repetitive.
Site Training Installation. Navigate to location of the install package Important – Launch the e-ISuite Installer using your agency’s install protocol.
Downloading defined: Downloading is the process of copying a file (such as a game or utility) from one computer to another across the internet. When you.
Cool Reader design guide v0.1 Copyright© by Ohio State University. All Rights Reserved. Page 1 Beta Text-To-Speech Design Guidelines for CoolReader.
Getting Started with BDI-2™ Mobile Data Solution for Windows®
Chapter 6 Publishing to the iPad. Installing Software for Working with the iPad When you create layout in InDesign, you can use the Adobe Content Viewer.
® Microsoft Office 2010 Exploring the Basics of Microsoft Windows 7.
ARMS Advanced Risk Management System User Documentation.
1 Mezzanine Ware (Pty) Ltd © 2014 Installing\Uninstalling the Mezzanine Helium Android application.
1 Lesson 11 Exploring Microsoft Office 2010 Computer Literacy BASICS: A Comprehensive Guide to IC 3, 4 th Edition Morrison / Wells.
® Microsoft Office 2010 Exploring the Basics of Microsoft Windows 7.
Spectrum Patron’s Catalog A Guide to the access and use Of the Patron’s Catalog.
Simple Copying an Android project in Eclipse Reference: existing-project-with-a-new-name 1.
Searching ClassWeb. Book title: How to catalog a rare book.
Designing a Newsletter PUBLISHER Objectives: Designing a Newsletter Why should you create a newsletter? When should you create a newsletter? How.
Easy Access with templates I: Create a database Lesson 16 By the end of this lesson you will be able to complete the following: Find the best database.
GitHub 101 Tutorial Justin Longo, Assistant Professor & Cisco Systems Research Chair in Big Data and Open Government Johnson-Shoyama Graduate School of.
“What the is That? Deception and Countermeasures in the Android User Interface” Presented by Luke Moors.
Transfer Contacts from iPhone to Android From:
Microsoft Excel Consolidation. Contents Introduction to Multiple Workbook Applications Working with Multiple Workbook Applications using normal keyboard.
WHAT THE APP IS THAT? DECEPTION AND COUNTERMEASURES IN THE ANDROID USER INTERFACE.
General Navigation Training Presentation for Raytheon Supply Chain Platform (RSCP) April 2016.
Sanitary Inspector/Engineer Learning Module For Swachh City- Swachh Bharat app Android Play store - SBM Engineer App.
Visual Basic.NET Windows Programming
Appendix A Introduction to Windows 7
Getting Started with BDI-2™ Mobile Data Solution for Windows®
Module 5 Proposal Creation.
Your Name Proposal Creation Module 5 Your Name
Delicious Social Bookmarking
Catalogue User Guide
CONTENT MANAGEMENT SYSTEM CSIR-NISCAIR, New Delhi
Lawson System Foundation 9.0
Quotes of Scholars Presented by W3dreamers Powered by:W3dreamers
MS-Excel Part 1.
Lecture 13 RPM and its advantages.
Getting Started with Microsoft Office 2010
Catalogue User Guide
Welcome to FOCUS FOCUS website:
eDIRECT: User Management
Windows xp PART 1 DR.WAFAA SHRIEF.
Introduction to EBSCOhost
How to send messages to students and other SimpleVLE users
Exploring the Basics of Microsoft Windows 7
Getting Started with BDI-2™ Mobile Data Solution for Windows®
Online Testing System Assessment Viewing Application (AVA)
Form Creation.
Download the My Learning App
Catalogue User Guide
Searching ClassWeb.
JSA Gram Sabha mobile app
Presentation transcript:

Characteristic Studies of User- Perceived Information in Security Analysis Wei Yang Univ. of Illinois

An Aesop's Fable

Security Warnings

Users stop paying attention –When a security dialog does contain information that could alert users to a real risk, they are less likely to notice it.

Why So Many Warnings? –Existing techniques report all security/privacy-sensitive operations Security is conservative –Computer is unable to tell what is malicious and what is expected

Automating part of manual efforts –Mimicking human analysis process –Leveraging user-perceived information AsDroid (UI Text) WHYPER (App Description) CHABADA (App Description) Others (User Reviews; Category; Ratings etc.) Contextual Information (User Perceived ) Functionality Technical Information (User/Inspector’s Knowledge) Expected Behavior Infer Program Behavior Compare

Is User-perceived Information Effective? Literature Survey –What is the type of user-perceived information used, how it is used, and what is the effectiveness of the technique in each literature. Empirical Study –What are the commonly used permission whose permission uses are often reflected by the user-perceived information? –Which types of user-perceived information are often used to reflect these permission use? –How these user-perceived information reflect the purpose of permission uses?

Taxonomy of User-Perceived Information Meta Information –App Name, Permissions, Category, Number of installs, Ratings, Package Name, App Developers. UI Information –UI Text/Icon Texts/Icons on the button triggering permission uses Texts/Icons on the surrounding labels Texts/Icons on the subsequent screen after the UI actions –Transitional screen (middle of the screen) –Other screen (Top of the screen (E.g., Titles)) Texts/Icons at other places that can indicate the permission uses or the app functionality using the permissions –UI Layout Previous/Current/Subsequent screen Layout Descriptive Information –Description, Reviews

Study Methodology –Manually explore all the functionality of the app –Log the functionality and user-perceived information if a permission is used. –Verify the information by second authors Exploring LoggingVerifying

Exploring Priorities of UI actions on the same screen: –Text entering  Check Options (E.g., CheckBox, RadioButton)  Clicks  Gestures (E.g., Swipe, Drag) Strategies for the navigations among multiple screens: –Depth-First Search

Logging Instrument and rebuilt Android System to log the permission uses. Manually log all the user-perceived information when permission uses occur. –We use timestamp to build the link between UI actions and permission uses. Manually check the user-perceived information that reflect the permission uses.

Verifying Second authors will repeat the logging process to verify the results.

Preliminary Finding Existing techniques mainly used textual and numerical data in user-perceived information. They apply textual analysis and statistical analysis techniques on these data.

Preliminary Finding Sensitive operations are more frequently reflected from interfaces (E.g., READ_SMS) Common permissions are less likely to be reflected from interfaces. (E.g., INTERNET) PermissionReflect from Interfaces READ_EXTERNAL_STO RAGEY(>80%) READ_PHONE_STATEN(<20%) INTERNETN(<20%) READ_SMSY(>80%) SEND_SMSY(>80%) RECEIVE_SMSY(>80%) VIBRATEN(<20%) RECEIVE_BOOT_COMP LETEDN(<20%) ACCESS_FINE_LOCATI ONY(<80%)

Preliminary Finding UI layout(position) often determine the real meaning of UI text/icon. (E.g., Choose Location in a DropDownList and Choose Location besides icon)

Conclusion We Categorize the user-perceived information and study effectiveness and limitations of each category We study the effectiveness & limitation of user-perceived information in general –How much (and what types) of the app security behavior can be automatically determined without user involvement in the security guarding, and why so. –How much (and what types) of the app security behavior needs to engage end users to help out in the security guarding, and why so.

Question?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.