Theses and Dissertations from UMD

Permanent URI for this communityhttp://hdl.handle.net/1903/2

New submissions to the thesis/dissertation collections are added automatically as they are received from the Graduate School. Currently, the Graduate School deposits all theses and dissertations from a given semester after the official graduation date. This means that there may be up to a 4 month delay in the appearance of a give thesis/dissertation in DRUM

More information is available at Theses and Dissertations at University of Maryland Libraries.

Browse

Filters

2014 - 20172

Settings

Subject: search.filters.subject.hci

Search Results

Now showing 1 - 2 of 2
  • Thumbnail Image
    Item
    INTERACTION-BASED SECURITY FOR MOBILE APPS
    (2017) Micinski, Kristopher K.; Foster, Jeffrey S; Computer Science; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    Mobile operating systems pervade our modern lives. Security and privacy is of particular concern on these systems, as they have access to a wide range of sensitive resources. Apps access these sensitive resources to help users perform tasks. However, apps may use these sensitive resources in a way that the user does not expect. For example, an app may look up reviews of restaurants nearby, but also leak the user’s location to an ad service every hour. I claim that interaction serves as a valuable component of security decisions, because the user’s interaction with the app’s user interface (UI) deeply informs their mental model of how apps access sensitive data. I introduce the notion of interaction-based security, wherein security decisions are driven by this interaction. To help understand and enforce interaction-based security, I present four pieces of work. The first is Redexer, which performs binary instrumentation of off-the-shelf Android binaries. Binary instrumentation is a useful tool for enforcing and studying security properties. I demonstrate one example of how Redexer can be used to study location privacy in apps. Android permissions constrain how data enters apps, but do not constrain how the information is used or where it goes. Information-flow allows us to formally define what it means for data to leak from applications, but it is unclear how to use information-flow policies for Android apps, because apps frequently declassify information. I define interaction-based declassification policies, and show how they can be used to define policies for several example apps. I then implement a symbolic executor which checks Android apps to ensure they respect these policies. Next, I test the hypothesis that the app’s UI influences security decisions. I outline an app study that measures when apps use sensitive resources with respect to their UI. I then conduct a user study to measure how an app’s UI influences their expectation that a sensitive resource will be accessed. I find that interactivity plays a large role in determining user expectation of sensitive resource use, and that apps largely access sensitive resources interactively. I also find that users may not always understand background uses of these sensitive resources and using them expectation requires special care in some circumstances. Last, I present a tool which can help a security auditor quickly understand how apps use resources. My tool uses a novel combination of app logging, symbolic execution, and abstract interpretation to infer a formula that holds on each per- mission use. I evaluate my tool on several moderately-sized apps and show that it infers the same formulas we laboriously found by hand.
  • Thumbnail Image
    Item
    ACCESSIBILITY IN CONTEXT: UNDERSTANDING THE TRULY MOBILE EXPERIENCE OF USERS WITH MOTOR IMPAIRMENTS
    (2014) Naftali, Maia; Findlater, Leah; History/Library & Information Systems; Digital Repository at the University of Maryland; University of Maryland (College Park, Md.)
    Touchscreen smartphones are becoming broadly adopted by the US population. Ensuring that these devices are accessible for people with disabilities is critical for equal access. For people with motor impairments, the vast majority of studies on touchscreen mobile accessibility have taken place in the laboratory. These studies show that while touchscreen input offers advantages, such as requiring less strength than physical buttons, it also presents accessibility challenges, such as the difficulty of tapping on small targets or making multitouch gestures. However, because of the focus on controlled lab settings, past work does not provide an understanding of contextual factors that impact smartphone use in everyday life, and the activities these devices enable for people with motor impairments. To investigate these issues, this thesis research includes two studies, first, an in-person study with four participants with motor impairments that included diary entries and an observational session, and, secondarily, an online survey with nine respondents. Using case study analysis for the in-person participants, we found that mobile devices have the potential to help motor-impaired users reduce the physical effort required for everyday tasks (e.g., turning on a TV, checking transit accessibility in advance), that challenges in touchscreen input still exist, and that the impact of situational impairments to this population can be impeding. The online survey results confirm these findings, for example, highlighting the difficulty of text input, particularly when users are out and mobile rather than at home. Based on these findings, future research should focus on the enhancement of current touchscreen input, exploring the potential of wearable devices for mobile accessibility, and designing more applications and services to improve access to physical world.