SaTC: CORE: Small: Defense by Deception of Smartphone Software Applications For Users With Disabilities

SaTC：核心：小型：针对残障用户的智能手机软件应用程序的欺骗防御

• 批准号: 2129739
• 负责人: Mark Grechanik
• 金额: $ 48.36万
• 依托单位: University of Illinois at Chicago
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2022
• 资助国家: 美国
• 起止时间: 2022-01-01 至 2024-12-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2129739&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Defense; Deception

Graphical User Interface (GUI)-based APplications (GAPs) are ubiquitous, both in business and personal use, and are deployed on diverse software and hardware smartphone platforms. Unfortunately, many users of such GAPs have disabilities - approximately 50 million in the USA alone and over 600 million worldwide - and it is difficult for these users to work with GAPs on their smartphones. Since there are hundreds of types of disabilities that may impair people in vision, movement, memory, oral communication and hearing, users with disabilities need specialized enhancements to GAPs that are based on accessibility technologies, which are fundamentally insecure, thus exposing users with disabilities to a variety of cyber-attacks. These malicious apps can use the accessibility technologies to prey on users with disabilities for financial gain, harming the users financially. Although there are hundreds of assistive approaches, there is almost no research to secure users with disabilities in using GAPs, especially after they are tricked to install and give permissions to run malicious assistive apps on their smartphones. This project addresses these issues by developing software to automatically deceive these malicious applications into revealing their intent, thus effectively detecting them, and protecting Internet users with disabilities. Furthermore, the project includes many activities to broaden the participation of underrepresented groups in computing.This project is based on a novel idea of the first-ever automated Defense by Deception (DbD) approach that protects targeted financial GAPs from malicious assistive apps by using game theory combined with weaponized phishing and realistic login generation, whereby smartphones will be secured even after complex malicious apps are deployed with full accessibility privileges. A key part of this project is to reconstructively generate fake GUIs of the doppelganger GAPs, whose user interface structures closely resemble the target financial GAP, from which the fake GUIs cannot be distinguished algorithmically. With the game-theoretical foundation of automating the use of deception to protect users with disabilities that the investigator produces in this research work, other researchers can collaborate more closely in securing GAPs by building on the proposed unifying abstraction of applying deception in an automated way.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

基于图形用户界面 (GUI) 的应用程序 (GAP) 在商业和个人使用中无处不在，并且部署在不同的软件和硬件智能手机平台上。不幸的是，此类 GAP 的许多用户都有残疾——仅在美国就有约 5000 万用户，全球有超过 6 亿人——这些用户很难在智能手机上使用 GAP。由于有数百种类型的残疾可能会损害人们的视力、运动、记忆、口头交流和听力，因此残疾用户需要对基于无障碍技术的 GAP 进行专门的增强，而这些技术从根本上来说是不安全的，从而使残疾用户面临各种网络攻击。这些恶意应用程序可以利用辅助功能技术来欺骗残障用户以获取经济利益，从而对用户造成经济损失。尽管有数百种辅助方法，但几乎没有研究来保护残疾用户使用 GAP，尤其是在他们被欺骗在智能手机上安装并授予运行恶意辅助应用程序的权限之后。该项目通过开发软件来自动欺骗这些恶意应用程序以揭示其意图，从而有效地检测它们并保护残疾互联网用户，从而解决这些问题。此外，该项目还包括许多活动，以扩大代表性不足的群体在计算领域的参与。该项目基于首个自动欺骗防御 (DbD) 方法的新颖理念，该方法通过使用游戏来保护目标财务缺口免受恶意辅助应用程序的侵害该理论与武器化网络钓鱼和现实登录生成相结合，即使在部署了具有完全访问权限的复杂恶意应用程序后，智能手机也将受到保护。该项目的一个关键部分是重构生成分身 GAP 的假 GUI，其用户界面结构与目标金融 GAP 非常相似，无法通过算法将假 GUI 与目标金融 GAP 区分开来。凭借研究人员在这项研究工作中自动使用欺骗手段来保护残障用户的博弈论基础，其他研究人员可以通过建立以自动化方式应用欺骗的统一抽象概念，在确保差距方面进行更密切的合作。该奖项反映了 NSF 的法定使命，并通过使用基金会的智力价值和更广泛的影响审查标准进行评估，被认为值得支持。