Divide and conquer: the role of trust and assurance in the design of secure socio-technical systems
NSPW '05 Proceedings of the 2005 workshop on New security paradigms
Use of ratings from personalized communities for trustworthy application installation
NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
| Hi-index | 0.01 |
Software security in mobile devices today is done by granting privileges to software, usually based on code signing. The cost of obtaining signatures and meeting strict quality requirements deters hobbyist developers from participating and contributing to application development. If a certain piece of software does not come with an acceptable signature, the mobile device may give the user the option of deciding whether that software should be granted the requested privileges. Naturally, designing the user interaction for this step without hampering usability and security is tricky. When users are simply prompted whether they want to grant certain privileges to some software, they often do not have enough information to understand the implications of this action. We propose that using community feedback can be an effective way of helping the user to decide whether to grant privileges to software. Community feedback includes opinions and ratings on both security and functionality attributes of software. We argue that users will use community feedback to decide whether they want to use a piece of software and that the decisions to download, install, and grant necessary privileges are implied by the decision to use.