Skip to main content

Use of Ratings from Personalized Communities for Trustworthy Application Installation

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNSC,volume 7127)

Abstract

The problem of identifying inappropriate software is a daunting one for ordinary users.  The two currently prevalent methods are intrinsically centralized: certification of “good” software by platform vendors and flagging of “bad” software by antivirus vendors or other global entities. However, because appropriateness has cultural and social dimensions, centralized means of signaling appropriateness is ineffective and can lead to habituation (user clicking-through warnings) or disputes (users discovering that certified software is inappropriate).

In this work, we look at the possibility of relying on inputs from personalized communities (consisting of friends and experts whom individual users trust) to avoid installing inappropriate software. Drawing from theories, we developed a set of design guidelines for a trustworthy application installation process. We had an initial validation of the guidelines through an online survey; we verified the high relevance of information from a personalized community and found strong user motivation to protect friends and family members when know of digital risks. We designed and implemented a prototype system on the Nokia N810 tablet. In addition to showing risk signals from personalized community prominently, our prototype installer deters unsafe actions by slowing the user down with habituation-breaking mechanisms. We conducted also a hands-on evaluation and verified the strength of opinion communicated through friends over opinion by online community members.

Keywords

  • Usable security
  • User-centered design
  • Risk signaling

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (Canada)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (Canada)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (Canada)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aarts, H., Dijksterhuis, A.: Habits as Knowledge structures: Automaticity in goal directed behavior. Journal of Personality and Social Psychology 78(1), 53–63 (2000)

    CrossRef  Google Scholar 

  2. Brustoloni, J.C., Villamarin-Salomon, R.: Improving security decisions with polymorphic and audited dialogs. In: Proc. SOUPS 2007 (2007)

    Google Scholar 

  3. Burt, R.S.: The social capital of opinion leaders. Annals of the American Academy of Political and Social Science: The Social Diffusion of Ideas and Things 566, 37–54 (1999)

    CrossRef  Google Scholar 

  4. Camp, J.L.: Reliable, usable signaling to defeat masquerade attacks. In: Proc. WEIS 2006 (2006)

    Google Scholar 

  5. Chia, P.H.: Secure software installation via social rating, Masters Thesis, Helsinki University of Technology (TKK) and Royal Institute of Technology (KTH)

    Google Scholar 

  6. Douceur, J.R.: The sybil attack. In: Proc. IPTPS 2001(2001)

    Google Scholar 

  7. Frederick, S.: Automated Choice Heuristics. In: Gilovich, T., Griffin, D., Kahneman, D. (eds.) Heuristics and Biases. Cambridge University Press (2002)

    Google Scholar 

  8. Gong, L., Ellison, G., Dageforde, M.: Inside Java 2 Platform Security: Architecture, API Design, and Implementation. Addison Wesley (2003)

    Google Scholar 

  9. Good, N.S., Grossklags, J., Mulligan, D.K., Konstan, J.A.: Noticing notice: a large-scale experiment on the timing of software license agreements. In: Proc. CHI 2007 (2007)

    Google Scholar 

  10. Heath, C.: Symbian OS Platform Security. John Wiley & Sons (2006)

    Google Scholar 

  11. Heiner, A.P., Asokan, N.: Secure software installation in a mobile environment (poster). In: Proc. SOUPS 2007 (2007)

    Google Scholar 

  12. Kahneman, D.: Maps of Bounded Rationality: Psychology for Behavioral Economics. The American Economic Review 93(5), 1449–1475 (2003)

    CrossRef  Google Scholar 

  13. Lazarsfeld, P., Berelson, B., Gaudet, H.: The people’s choice (1944)

    Google Scholar 

  14. Lyn Bartram, L., Ware, C., Calvert, T.: Moving Icons: Moving icons: detection, distraction and task. In: Hirose, M. (ed.) Proc. INTERACT 2001 (2001)

    Google Scholar 

  15. María Ruz, M., Lupiáñez, J.: A review of attentional capture: On its automaticity and sensitivity to endogenous control. Psicológica 23, 283–309 (2002)

    Google Scholar 

  16. Moore, T., Clayton, R.C.: Evaluating the Wisdom of Crowds in Assessing Phishing Websites. In: Tsudik, G. (ed.) FC 2008. LNCS, vol. 5143, pp. 16–30. Springer, Heidelberg (2008)

    CrossRef  Google Scholar 

  17. Neal, D.T., Wood, W., Quinn, J.M.: Habits: A repeat performance. Current Directions in Psychological Science 15, 198–202 (2006)

    CrossRef  Google Scholar 

  18. Peters, R.J., Itti, L.: Beyond bottom-up: Incorporating task-dependent influences into a computational model of spatial attention. In: Proc. CVPR 2007 (2007)

    Google Scholar 

  19. Rogers, E.: Diffusion of innovation, 5th edn. Free Press (2003) ISBN: 978-0743222099

    Google Scholar 

  20. Rubinstein, J.S., Meyer, D.E., Evans, J.E.: Executive Control of Cognitive Processes in Task Switching. Journal of Experimental Psychology: Human Perception and Performance 27(4), 763–797 (2001)

    Google Scholar 

  21. Schneider, W., Chein, J.M.: Controlled and automatic processing: behavior, theory, and biological mechanisms. Cognitive Science 27, 525–559 (2003)

    CrossRef  Google Scholar 

  22. Schneier, B.: The psychology of security (2008), http://www.schneier.com/essay-155.html

  23. Schechter, S.E., Dhamija, R., Ozment, A., Fischer, I.: The emperor’s new security indicators. In: Proc. S&P 2007 (2007)

    Google Scholar 

  24. Wu, M., Miller, R.C., Garfinkel, S.L.: Do security toolbars actually prevent phishing attacks? In: Proc. CHI 2006 (2006)

    Google Scholar 

  25. Yan, Z., Liu, C., Niemi, V., Yu, G.: Trust Indication’s Influence on Mobile Application Usage, NRC Technical Report (2009), http://research.nokia.com/files/NRCTR2009004.pdf

  26. Yee, K.-P.: Aligning security and usability. IEEE Security and Privacy 2(5), 48–55 (2004)

    CrossRef  MathSciNet  Google Scholar 

  27. Developing applications for Palm webOS using HTML, CSS and JavaScript, http://developer.palm.com/index.php?option=com_content&view=article&id=1603&Itemid=43

  28. OviAppWizard for Symbian, http://oviappwizard.com

  29. AppWizard for iPhone, http://www.appwizard.com/

  30. StopBadware, http://www.stopbadware.org/

  31. Java Verified Program, http://javaverified.com/

  32. Symbian Signed, https://www.symbiansigned.com/app/page

  33. F-Secure identified FlexiSpy as a spyware, http://www.f-secure.com/sw-desc/spyware_symbos_flexispy_f.shtml

  34. Objections towards iTunes Appstore approval process, http://news.cnet.com/8301-13506_3-10317057-17.html , http://www.eff.org/deeplinks/2009/06/oh-come-apple-reject , http://www.eff.org/deeplinks/2009/05/apple-says-public-do , http://www.eff.org/deeplinks/2009/02/south-park-iphone-app-denied , http://www.thelocal.de/society/20091125-23501.html

  35. PhishTank, http://www.phishtank.com

  36. Web of Trust, http://www.mywot.com

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Chia, P.H., Heiner, A.P., Asokan, N. (2012). Use of Ratings from Personalized Communities for Trustworthy Application Installation. In: Aura, T., Järvinen, K., Nyberg, K. (eds) Information Security Technology for Applications. NordSec 2010. Lecture Notes in Computer Science, vol 7127. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27937-9_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-27937-9_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-27936-2

  • Online ISBN: 978-3-642-27937-9

  • eBook Packages: Computer ScienceComputer Science (R0)