Presentation is loading. Please wait.

Presentation is loading. Please wait.

Characteristic Studies of User- Perceived Information in Security Analysis Wei Yang Univ. of Illinois.

Published byMarjorie Wilkinson Modified over 9 years ago

Similar presentations

Presentation on theme: "Characteristic Studies of User- Perceived Information in Security Analysis Wei Yang Univ. of Illinois."— Presentation transcript:

1 Characteristic Studies of User- Perceived Information in Security Analysis Wei Yang Univ. of Illinois

2 An Aesop's Fable

3 Security Warnings

4 Users stop paying attention –When a security dialog does contain information that could alert users to a real risk, they are less likely to notice it.

5 Why So Many Warnings? –Existing techniques report all security/privacy-sensitive operations Security is conservative –Computer is unable to tell what is malicious and what is expected

6 Automating part of manual efforts –Mimicking human analysis process –Leveraging user-perceived information AsDroid (UI Text) WHYPER (App Description) CHABADA (App Description) Others (User Reviews; Category; Ratings etc.) Contextual Information (User Perceived ) Functionality Technical Information (User/Inspector’s Knowledge) Expected Behavior Infer Program Behavior Compare

7 Is User-perceived Information Effective? Literature Survey –What is the type of user-perceived information used, how it is used, and what is the effectiveness of the technique in each literature. Empirical Study –What are the commonly used permission whose permission uses are often reflected by the user-perceived information? –Which types of user-perceived information are often used to reflect these permission use? –How these user-perceived information reflect the purpose of permission uses?

8 Taxonomy of User-Perceived Information Meta Information –App Name, Permissions, Category, Number of installs, Ratings, Package Name, App Developers. UI Information –UI Text/Icon Texts/Icons on the button triggering permission uses Texts/Icons on the surrounding labels Texts/Icons on the subsequent screen after the UI actions –Transitional screen (middle of the screen) –Other screen (Top of the screen (E.g., Titles)) Texts/Icons at other places that can indicate the permission uses or the app functionality using the permissions –UI Layout Previous/Current/Subsequent screen Layout Descriptive Information –Description, Reviews

9 Study Methodology –Manually explore all the functionality of the app –Log the functionality and user-perceived information if a permission is used. –Verify the information by second authors Exploring LoggingVerifying

10 Exploring Priorities of UI actions on the same screen: –Text entering  Check Options (E.g., CheckBox, RadioButton)  Clicks  Gestures (E.g., Swipe, Drag) Strategies for the navigations among multiple screens: –Depth-First Search

11 Logging Instrument and rebuilt Android System to log the permission uses. Manually log all the user-perceived information when permission uses occur. –We use timestamp to build the link between UI actions and permission uses. Manually check the user-perceived information that reflect the permission uses.

12 Verifying Second authors will repeat the logging process to verify the results.

13 Preliminary Finding Existing techniques mainly used textual and numerical data in user-perceived information. They apply textual analysis and statistical analysis techniques on these data.

14 Preliminary Finding Sensitive operations are more frequently reflected from interfaces (E.g., READ_SMS) Common permissions are less likely to be reflected from interfaces. (E.g., INTERNET) PermissionReflect from Interfaces READ_EXTERNAL_STO RAGEY(>80%) READ_PHONE_STATEN(<20%) INTERNETN(<20%) READ_SMSY(>80%) SEND_SMSY(>80%) RECEIVE_SMSY(>80%) VIBRATEN(<20%) RECEIVE_BOOT_COMP LETEDN(<20%) ACCESS_FINE_LOCATI ONY(<80%)

15 Preliminary Finding UI layout(position) often determine the real meaning of UI text/icon. (E.g., Choose Location in a DropDownList and Choose Location besides icon)

16 Conclusion We Categorize the user-perceived information and study effectiveness and limitations of each category We study the effectiveness & limitation of user-perceived information in general –How much (and what types) of the app security behavior can be automatically determined without user involvement in the security guarding, and why so. –How much (and what types) of the app security behavior needs to engage end users to help out in the security guarding, and why so.

17 Question?

Download ppt "Characteristic Studies of User- Perceived Information in Security Analysis Wei Yang Univ. of Illinois."

Similar presentations

Google Forms King William County Schools.  Google Forms is a free tool from Google that allows you to do the following: ● Create forms, surveys, quizzes,

Google Forms King William County Schools.  Google Forms is a free tool from Google that allows you to do the following: ● Create forms, surveys, quizzes,
AIMSweb Progress Monitor Online User Training

AIMSweb Progress Monitor Online User Training
How-To & Search Strategies April 16 th, 2013. Contents Using Grant Forward Search Results Filtering your Search – Keywords – Categories – Sponsors – Deadlines.

How-To & Search Strategies April 16 th, Contents Using Grant Forward Search Results Filtering your Search – Keywords – Categories – Sponsors – Deadlines.
6 th Annual Focus Users’ Conference 6 th Annual Focus Users’ Conference Accounts Receivable Presented by: Robert Myers Presented by: Robert Myers.

6 th Annual Focus Users’ Conference 6 th Annual Focus Users’ Conference Accounts Receivable Presented by: Robert Myers Presented by: Robert Myers.
SMART Tip Sheets Maryland February 2008 IGSR Technical Support: 301.397.2330 SMART Basic Navigation Menus/Toolbars Navigation Buttons/Table Actions Controls.

SMART Tip Sheets Maryland February 2008 IGSR Technical Support: SMART Basic Navigation Menus/Toolbars Navigation Buttons/Table Actions Controls.
Chapter 11 - Monitoring Server Performance1 Ch. 11 – Monitoring Server Performance MIS 431 – created Spring 2006.

Chapter 11 - Monitoring Server Performance1 Ch. 11 – Monitoring Server Performance MIS 431 – created Spring 2006.
Tutorial Holdings Management Adding, Editing, and Assigning Notes support.ebsco.com.

Tutorial Holdings Management Adding, Editing, and Assigning Notes support.ebsco.com.
1 Introduction to Human Computer Interaction  Livecode Overview  Based on Livecode User Guide from RunRev Ltd. (2010) 

1 Introduction to Human Computer Interaction  Livecode Overview  Based on Livecode User Guide from RunRev Ltd. (2010) 
Exploring the Basics of Windows XP

Exploring the Basics of Windows XP
1 CGS1060 Mobile UIs Copyright 2012 by Janson Industries.

1 CGS1060 Mobile UIs Copyright 2012 by Janson Industries.
Lawson System Foundation 9.0

Lawson System Foundation 9.0
SATERN for Supervisors May 2006. Session Objectives At the end of the session, participants will be able to:  Describe the benefits of SATERN.  Log.

SATERN for Supervisors May Session Objectives At the end of the session, participants will be able to:  Describe the benefits of SATERN.  Log.
Career Exploration Armstrong Middle School. Career Exploration Session 1 PLEASE ENTER SILENTLY AND LOG IN TO A COMPUTER.

Career Exploration Armstrong Middle School. Career Exploration Session 1 PLEASE ENTER SILENTLY AND LOG IN TO A COMPUTER.
Adagio4 Web Content Management EP Information Offices.

Adagio4 Web Content Management EP Information Offices.
LGC Website and Customer On-line Tools LGC RESOURCE 2014.

LGC Website and Customer On-line Tools LGC RESOURCE 2014.
Visual Basic Chapter 1 Mr. Wangler.

Visual Basic Chapter 1 Mr. Wangler.
1 Entering Grades and Indicators in the Standards-Based Report Card (SBRC) Users Manual for SBRC On-line Entry Interim Progress ReportsInterim Progress.

1 Entering Grades and Indicators in the Standards-Based Report Card (SBRC) Users Manual for SBRC On-line Entry Interim Progress ReportsInterim Progress.
OFFICE 365 C&G USER TRAINING. PRESENT BY MICROSOFT SOLUTION ENTERPRISE SECTION.

OFFICE 365 C&G USER TRAINING. PRESENT BY MICROSOFT SOLUTION ENTERPRISE SECTION.
Microsoft Windows Vista Chapter 1 Fundamentals of Using Microsoft Windows Vista.

Microsoft Windows Vista Chapter 1 Fundamentals of Using Microsoft Windows Vista.
Automating Database Processing Chapter 6. Chapter Introduction Design and implement user-friendly menu – Called navigation form Macros – Automate repetitive.

Automating Database Processing Chapter 6. Chapter Introduction Design and implement user-friendly menu – Called navigation form Macros – Automate repetitive.

Similar presentations

Ads by Google