Secure software installation in a mobile environment

Symposium On Usable Privacy and Security Pub Date : 2007-07-18 DOI:10.1145/1280680.1280705

A. Heiner, N. Asokan

{"title":"Secure software installation in a mobile environment","authors":"A. Heiner, N. Asokan","doi":"10.1145/1280680.1280705","DOIUrl":null,"url":null,"abstract":"Software security in mobile devices today is done by granting privileges to software, usually based on code signing. The cost of obtaining signatures and meeting strict quality requirements deters hobbyist developers from participating and contributing to application development. If a certain piece of software does not come with an acceptable signature, the mobile device may give the user the option of deciding whether that software should be granted the requested privileges. Naturally, designing the user interaction for this step without hampering usability and security is tricky. When users are simply prompted whether they want to grant certain privileges to some software, they often do not have enough information to understand the implications of this action.\n We propose that using community feedback can be an effective way of helping the user to decide whether to grant privileges to software. Community feedback includes opinions and ratings on both security and functionality attributes of software. We argue that users will use community feedback to decide whether they want to use a piece of software and that the decisions to download, install, and grant necessary privileges are implied by the decision to use.","PeriodicalId":273244,"journal":{"name":"Symposium On Usable Privacy and Security","volume":"57 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Symposium On Usable Privacy and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1280680.1280705","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

Abstract

Software security in mobile devices today is done by granting privileges to software, usually based on code signing. The cost of obtaining signatures and meeting strict quality requirements deters hobbyist developers from participating and contributing to application development. If a certain piece of software does not come with an acceptable signature, the mobile device may give the user the option of deciding whether that software should be granted the requested privileges. Naturally, designing the user interaction for this step without hampering usability and security is tricky. When users are simply prompted whether they want to grant certain privileges to some software, they often do not have enough information to understand the implications of this action. We propose that using community feedback can be an effective way of helping the user to decide whether to grant privileges to software. Community feedback includes opinions and ratings on both security and functionality attributes of software. We argue that users will use community feedback to decide whether they want to use a piece of software and that the decisions to download, install, and grant necessary privileges are implied by the decision to use.

查看原文本刊更多论文

移动环境下的安全软件安装

如今，移动设备中的软件安全是通过授予软件权限来实现的，通常基于代码签名。获得签名和满足严格的质量要求的成本使业余开发人员不敢参与应用程序开发并做出贡献。如果某个软件没有提供可接受的签名，移动设备可能会让用户选择是否应该授予该软件所请求的特权。当然，在不影响可用性和安全性的情况下为这一步设计用户交互是很棘手的。当仅仅提示用户是否要向某些软件授予某些特权时，他们通常没有足够的信息来理解此操作的含义。我们建议使用社区反馈可以是帮助用户决定是否授予软件特权的有效方法。社区反馈包括对软件的安全性和功能属性的意见和评级。我们认为，用户将使用社区反馈来决定他们是否想要使用某个软件，并且下载、安装和授予必要特权的决定隐含在使用的决定中。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Symposium On Usable Privacy and Security

自引率

0.00%

发文量