EAGER: Securing Smartphone Applications Against Rapidly Expanding Accessibility-Based Attacks

EAGER：保护智能手机应用程序免受快速扩展的基于辅助功能的攻击

基本信息

批准号：
1650000
负责人：
Mark Grechanik
金额：
$ 9.71万
依托单位：
University of Illinois at Chicago
依托单位国家：
美国
项目类别：
Standard Grant
财政年份：
2016
资助国家：
美国
起止时间：
2016-08-01 至 2017-07-31
项目状态：
已结题

来源：
https://www.nsf.gov/awardsearch/showAward?AWD_ID=1650000&HistoricalAwards=false
关键词：
EAGER Securing Smartphone Applications Against

项目摘要

The project will study graphical user interface (GUI) applications that are difficult for users with disabilities such as vision, movement, remembering, hearing, communicating, etc.. Currently, mobile assistive applications provide enhancement services using specialized accessibility technologies that are fundamentally insecure, thus exposing users to a variety of attacks. These attacks are showing up in the press and are of great concern. Accessibility applications are prime examples of "usable security" issues, often being used in college courses to illustrate the tradeoffs between enabling needed functionality versus keeping devices secure from attack. Typically, the method of keeping users safe is to warned them to not use certain functionality that they need, thus users are safe but not able to fully function. The exploratory project will study a body of software to better understand how security issues affect users with disabilities. It will use this new knowledge to explore new abstractions and algorithms that guide analyses of the software. A prototype security testing tool will be developed that demonstrates how to avoid violation of security constraints while enabling accessibility. A deeper understanding of mobile assistive applications may open up new research directions for usable security in ubiquitous devices.

该项目将研究图形用户界面（GUI）应用程序，这些应用程序对于视力、运动、记忆、听力、交流等残疾用户来说有困难。目前，移动辅助应用程序使用专门的辅助功能技术提供增强服务，但这些技术从根本上来说是不安全的，从而使用户面临各种攻击。这些攻击出现在媒体上并引起高度关注。辅助功能应用程序是“可用安全”问题的主要示例，通常在大学课程中用于说明启用所需功能与保护设备免受攻击之间的权衡。通常，保证用户安全的方法是警告他们不要使用他们需要的某些功能，因此用户是安全的，但无法充分发挥功能。该探索性项目将研究一系列软件，以更好地了解安全问题如何影响残疾用户。它将利用这些新知识来探索指导软件分析的新抽象和算法。将开发一个原型安全测试工具，演示如何在实现可访问性的同时避免违反安全约束。对移动辅助应用程序的更深入了解可能会为无处不在的设备中的可用安全性开辟新的研究方向。