Skip to main content

Currently Skimming:

Computer Security and Privacy: Where Human Factors Meet Engineering--Franziska Roesner
Pages 11-20

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.


From page 11...
... . These malicious applications incur direct and indirect costs by stealing financial and other information or by secretly sending costly premium SMS messages.
From page 12...
... are academic subdisciplines unto themselves, but all work together and inform each other to improve the security and privacy properties of existing and emerging technologies. Many computer security and privacy challenges arise when the expectations of end users do not match the actual security and privacy properties and behaviors of the technologies they use -- for example, when installed applications secretly send premium SMS messages or leak a user's location to advertisers, or when invisible trackers observe a user's behavior on the web.
From page 13...
... . Users thus unintentionally grant applications too many permissions and become vulnerable to applications that use the permissions in malicious or questionable ways (e.g., secretly sending SMS messages or leaking location information)
From page 14...
... once, Android and iOS applications can continue to access it in the background without the user's knowledge. Access Based on User Intent This finding speaks for an alternate approach: modifying the system to better match user expectations about permission granting.
From page 15...
... Access Control Gadgets To allow the operating system to interpret permission-granting intent, we developed access control gadgets (ACGs) , special, system-controlled user interface elements that grant permissions to the embedding application.
From page 16...
... 2006) were experimental desktop computer systems that applied a similar approach to file system access, giving applications minimal privileges but allowing users to grant applications permission to access individual files via a "powerbox" user interface (essentially a secure file picking dialog)
From page 17...
... . To mitigate the associated privacy concerns, we applied a user-driven access control design philosophy to develop ShareMeNot, which allows tracking only when the user clicks the associated social media button.
From page 18...
... This paper has illustrated efforts across several contexts to achieve this balance by designing computer systems that remove the burden from the user. However, more work remains to be done in all of these and other domains, particularly in emerging areas that rely on ubiquitous sensors, such as the augmented reality technologies of Google Glass and Microsoft HoloLens.
From page 19...
... Investigating user account control practices. Proceedings of the 6th Symposium on Usable Pri vacy and Security (SOUPS)


This material may be derived from roughly machine-read images, and so is provided only to facilitate research.
More information on Chapter Skim is available.