Abstract
The problem of identifying inappropriate software is a daunting one for ordinary users. The two currently prevalent methods are intrinsically centralized: certification of “good” software by platform vendors and flagging of “bad” software by antivirus vendors or other global entities. However, because appropriateness has cultural and social dimensions, centralized means of signaling appropriateness is ineffective and can lead to habituation (user clicking-through warnings) or disputes (users discovering that certified software is inappropriate).
In this work, we look at the possibility of relying on inputs from personalized communities (consisting of friends and experts whom individual users trust) to avoid installing inappropriate software. Drawing from theories, we developed a set of design guidelines for a trustworthy application installation process. We had an initial validation of the guidelines through an online survey; we verified the high relevance of information from a personalized community and found strong user motivation to protect friends and family members when know of digital risks. We designed and implemented a prototype system on the Nokia N810 tablet. In addition to showing risk signals from personalized community prominently, our prototype installer deters unsafe actions by slowing the user down with habituation-breaking mechanisms. We conducted also a hands-on evaluation and verified the strength of opinion communicated through friends over opinion by online community members.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Aarts, H., Dijksterhuis, A.: Habits as Knowledge structures: Automaticity in goal directed behavior. Journal of Personality and Social Psychology 78(1), 53–63 (2000)
Brustoloni, J.C., Villamarin-Salomon, R.: Improving security decisions with polymorphic and audited dialogs. In: Proc. SOUPS 2007 (2007)
Burt, R.S.: The social capital of opinion leaders. Annals of the American Academy of Political and Social Science: The Social Diffusion of Ideas and Things 566, 37–54 (1999)
Camp, J.L.: Reliable, usable signaling to defeat masquerade attacks. In: Proc. WEIS 2006 (2006)
Chia, P.H.: Secure software installation via social rating, Masters Thesis, Helsinki University of Technology (TKK) and Royal Institute of Technology (KTH)
Douceur, J.R.: The sybil attack. In: Proc. IPTPS 2001(2001)
Frederick, S.: Automated Choice Heuristics. In: Gilovich, T., Griffin, D., Kahneman, D. (eds.) Heuristics and Biases. Cambridge University Press (2002)
Gong, L., Ellison, G., Dageforde, M.: Inside Java 2 Platform Security: Architecture, API Design, and Implementation. Addison Wesley (2003)
Good, N.S., Grossklags, J., Mulligan, D.K., Konstan, J.A.: Noticing notice: a large-scale experiment on the timing of software license agreements. In: Proc. CHI 2007 (2007)
Heath, C.: Symbian OS Platform Security. John Wiley & Sons (2006)
Heiner, A.P., Asokan, N.: Secure software installation in a mobile environment (poster). In: Proc. SOUPS 2007 (2007)
Kahneman, D.: Maps of Bounded Rationality: Psychology for Behavioral Economics. The American Economic Review 93(5), 1449–1475 (2003)
Lazarsfeld, P., Berelson, B., Gaudet, H.: The people’s choice (1944)
Lyn Bartram, L., Ware, C., Calvert, T.: Moving Icons: Moving icons: detection, distraction and task. In: Hirose, M. (ed.) Proc. INTERACT 2001 (2001)
María Ruz, M., Lupiáñez, J.: A review of attentional capture: On its automaticity and sensitivity to endogenous control. Psicológica 23, 283–309 (2002)
Moore, T., Clayton, R.C.: Evaluating the Wisdom of Crowds in Assessing Phishing Websites. In: Tsudik, G. (ed.) FC 2008. LNCS, vol. 5143, pp. 16–30. Springer, Heidelberg (2008)
Neal, D.T., Wood, W., Quinn, J.M.: Habits: A repeat performance. Current Directions in Psychological Science 15, 198–202 (2006)
Peters, R.J., Itti, L.: Beyond bottom-up: Incorporating task-dependent influences into a computational model of spatial attention. In: Proc. CVPR 2007 (2007)
Rogers, E.: Diffusion of innovation, 5th edn. Free Press (2003) ISBN: 978-0743222099
Rubinstein, J.S., Meyer, D.E., Evans, J.E.: Executive Control of Cognitive Processes in Task Switching. Journal of Experimental Psychology: Human Perception and Performance 27(4), 763–797 (2001)
Schneider, W., Chein, J.M.: Controlled and automatic processing: behavior, theory, and biological mechanisms. Cognitive Science 27, 525–559 (2003)
Schneier, B.: The psychology of security (2008), http://www.schneier.com/essay-155.html
Schechter, S.E., Dhamija, R., Ozment, A., Fischer, I.: The emperor’s new security indicators. In: Proc. S&P 2007 (2007)
Wu, M., Miller, R.C., Garfinkel, S.L.: Do security toolbars actually prevent phishing attacks? In: Proc. CHI 2006 (2006)
Yan, Z., Liu, C., Niemi, V., Yu, G.: Trust Indication’s Influence on Mobile Application Usage, NRC Technical Report (2009), http://research.nokia.com/files/NRCTR2009004.pdf
Yee, K.-P.: Aligning security and usability. IEEE Security and Privacy 2(5), 48–55 (2004)
Developing applications for Palm webOS using HTML, CSS and JavaScript, http://developer.palm.com/index.php?option=com_content&view=article&id=1603&Itemid=43
OviAppWizard for Symbian, http://oviappwizard.com
AppWizard for iPhone, http://www.appwizard.com/
StopBadware, http://www.stopbadware.org/
Java Verified Program, http://javaverified.com/
Symbian Signed, https://www.symbiansigned.com/app/page
F-Secure identified FlexiSpy as a spyware, http://www.f-secure.com/sw-desc/spyware_symbos_flexispy_f.shtml
Objections towards iTunes Appstore approval process, http://news.cnet.com/8301-13506_3-10317057-17.html , http://www.eff.org/deeplinks/2009/06/oh-come-apple-reject , http://www.eff.org/deeplinks/2009/05/apple-says-public-do , http://www.eff.org/deeplinks/2009/02/south-park-iphone-app-denied , http://www.thelocal.de/society/20091125-23501.html
PhishTank, http://www.phishtank.com
Web of Trust, http://www.mywot.com
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chia, P.H., Heiner, A.P., Asokan, N. (2012). Use of Ratings from Personalized Communities for Trustworthy Application Installation. In: Aura, T., Järvinen, K., Nyberg, K. (eds) Information Security Technology for Applications. NordSec 2010. Lecture Notes in Computer Science, vol 7127. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27937-9_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-27937-9_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-27936-2
Online ISBN: 978-3-642-27937-9
eBook Packages: Computer ScienceComputer Science (R0)