Skip to main content
SpringerLink
Log in

Use of Ratings from Personalized Communities for Trustworthy Application Installation

  • Conference paper
Information Security Technology for Applications (NordSec 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7127))

Included in the following conference series:

Abstract

The problem of identifying inappropriate software is a daunting one for ordinary users.  The two currently prevalent methods are intrinsically centralized: certification of “good” software by platform vendors and flagging of “bad” software by antivirus vendors or other global entities. However, because appropriateness has cultural and social dimensions, centralized means of signaling appropriateness is ineffective and can lead to habituation (user clicking-through warnings) or disputes (users discovering that certified software is inappropriate).

In this work, we look at the possibility of relying on inputs from personalized communities (consisting of friends and experts whom individual users trust) to avoid installing inappropriate software. Drawing from theories, we developed a set of design guidelines for a trustworthy application installation process. We had an initial validation of the guidelines through an online survey; we verified the high relevance of information from a personalized community and found strong user motivation to protect friends and family members when know of digital risks. We designed and implemented a prototype system on the Nokia N810 tablet. In addition to showing risk signals from personalized community prominently, our prototype installer deters unsafe actions by slowing the user down with habituation-breaking mechanisms. We conducted also a hands-on evaluation and verified the strength of opinion communicated through friends over opinion by online community members.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aarts, H., Dijksterhuis, A.: Habits as Knowledge structures: Automaticity in goal directed behavior. Journal of Personality and Social Psychology 78(1), 53–63 (2000)

    Article  Google Scholar 

  2. Brustoloni, J.C., Villamarin-Salomon, R.: Improving security decisions with polymorphic and audited dialogs. In: Proc. SOUPS 2007 (2007)

    Google Scholar 

  3. Burt, R.S.: The social capital of opinion leaders. Annals of the American Academy of Political and Social Science: The Social Diffusion of Ideas and Things 566, 37–54 (1999)

    Article  Google Scholar 

  4. Camp, J.L.: Reliable, usable signaling to defeat masquerade attacks. In: Proc. WEIS 2006 (2006)

    Google Scholar 

  5. Chia, P.H.: Secure software installation via social rating, Masters Thesis, Helsinki University of Technology (TKK) and Royal Institute of Technology (KTH)

    Google Scholar 

  6. Douceur, J.R.: The sybil attack. In: Proc. IPTPS 2001(2001)

    Google Scholar 

  7. Frederick, S.: Automated Choice Heuristics. In: Gilovich, T., Griffin, D., Kahneman, D. (eds.) Heuristics and Biases. Cambridge University Press (2002)

    Google Scholar 

  8. Gong, L., Ellison, G., Dageforde, M.: Inside Java 2 Platform Security: Architecture, API Design, and Implementation. Addison Wesley (2003)

    Google Scholar 

  9. Good, N.S., Grossklags, J., Mulligan, D.K., Konstan, J.A.: Noticing notice: a large-scale experiment on the timing of software license agreements. In: Proc. CHI 2007 (2007)

    Google Scholar 

  10. Heath, C.: Symbian OS Platform Security. John Wiley & Sons (2006)

    Google Scholar 

  11. Heiner, A.P., Asokan, N.: Secure software installation in a mobile environment (poster). In: Proc. SOUPS 2007 (2007)

    Google Scholar 

  12. Kahneman, D.: Maps of Bounded Rationality: Psychology for Behavioral Economics. The American Economic Review 93(5), 1449–1475 (2003)

    Article  Google Scholar 

  13. Lazarsfeld, P., Berelson, B., Gaudet, H.: The people’s choice (1944)

    Google Scholar 

  14. Lyn Bartram, L., Ware, C., Calvert, T.: Moving Icons: Moving icons: detection, distraction and task. In: Hirose, M. (ed.) Proc. INTERACT 2001 (2001)

    Google Scholar 

  15. María Ruz, M., Lupiáñez, J.: A review of attentional capture: On its automaticity and sensitivity to endogenous control. Psicológica 23, 283–309 (2002)

    Google Scholar 

  16. Moore, T., Clayton, R.C.: Evaluating the Wisdom of Crowds in Assessing Phishing Websites. In: Tsudik, G. (ed.) FC 2008. LNCS, vol. 5143, pp. 16–30. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  17. Neal, D.T., Wood, W., Quinn, J.M.: Habits: A repeat performance. Current Directions in Psychological Science 15, 198–202 (2006)

    Article  Google Scholar 

  18. Peters, R.J., Itti, L.: Beyond bottom-up: Incorporating task-dependent influences into a computational model of spatial attention. In: Proc. CVPR 2007 (2007)

    Google Scholar 

  19. Rogers, E.: Diffusion of innovation, 5th edn. Free Press (2003) ISBN: 978-0743222099

    Google Scholar 

  20. Rubinstein, J.S., Meyer, D.E., Evans, J.E.: Executive Control of Cognitive Processes in Task Switching. Journal of Experimental Psychology: Human Perception and Performance 27(4), 763–797 (2001)

    Google Scholar 

  21. Schneider, W., Chein, J.M.: Controlled and automatic processing: behavior, theory, and biological mechanisms. Cognitive Science 27, 525–559 (2003)

    Article  Google Scholar 

  22. Schneier, B.: The psychology of security (2008), http://www.schneier.com/essay-155.html

  23. Schechter, S.E., Dhamija, R., Ozment, A., Fischer, I.: The emperor’s new security indicators. In: Proc. S&P 2007 (2007)

    Google Scholar 

  24. Wu, M., Miller, R.C., Garfinkel, S.L.: Do security toolbars actually prevent phishing attacks? In: Proc. CHI 2006 (2006)

    Google Scholar 

  25. Yan, Z., Liu, C., Niemi, V., Yu, G.: Trust Indication’s Influence on Mobile Application Usage, NRC Technical Report (2009), http://research.nokia.com/files/NRCTR2009004.pdf

  26. Yee, K.-P.: Aligning security and usability. IEEE Security and Privacy 2(5), 48–55 (2004)

    Article  MathSciNet  Google Scholar 

  27. Developing applications for Palm webOS using HTML, CSS and JavaScript, http://developer.palm.com/index.php?option=com_content&view=article&id=1603&Itemid=43

  28. OviAppWizard for Symbian, http://oviappwizard.com

  29. AppWizard for iPhone, http://www.appwizard.com/

  30. StopBadware, http://www.stopbadware.org/

  31. Java Verified Program, http://javaverified.com/

  32. Symbian Signed, https://www.symbiansigned.com/app/page

  33. F-Secure identified FlexiSpy as a spyware, http://www.f-secure.com/sw-desc/spyware_symbos_flexispy_f.shtml

  34. Objections towards iTunes Appstore approval process, http://news.cnet.com/8301-13506_3-10317057-17.html , http://www.eff.org/deeplinks/2009/06/oh-come-apple-reject , http://www.eff.org/deeplinks/2009/05/apple-says-public-do , http://www.eff.org/deeplinks/2009/02/south-park-iphone-app-denied , http://www.thelocal.de/society/20091125-23501.html

  35. PhishTank, http://www.phishtank.com

  36. Web of Trust, http://www.mywot.com

Download references

Author information

Authors and Affiliations

  1. Q2S NTNU, Trondheim, Norway

    Pern Hui Chia

  2. Nokia Research Centre, Helsinki, Finland

    Andreas P. Heiner & N. Asokan

Authors
  1. Pern Hui Chia
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andreas P. Heiner
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. N. Asokan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Science and Technology, Aalto University, Konemiehentie 2, 02150, Espoo, Finland

    Tuomas Aura

  2. Department of Information and Computer Science, Aalto University, Konemiehentie 2, 02150, Aalto, Finland

    Kimmo Järvinen  & Kaisa Nyberg  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Chia, P.H., Heiner, A.P., Asokan, N. (2012). Use of Ratings from Personalized Communities for Trustworthy Application Installation. In: Aura, T., Järvinen, K., Nyberg, K. (eds) Information Security Technology for Applications. NordSec 2010. Lecture Notes in Computer Science, vol 7127. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27937-9_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-27937-9_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-27936-2

  • Online ISBN: 978-3-642-27937-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation