Hi,
  The draw is done. 5 participants win a $50 amazon gift card each. Contact with Dr. Zheng  (zheng@nmt.edu) ASAP.
  Here is the name list:

Andrea Sanchez

Jonathan Evans

Matthew Napolitano

Bridgette Aragon

Joe Stradling

Congratulations to you!

Hello,

We will start the draw 3:00 PM, Thursday, May 9, 2013 at Cramer 221, CS department seminar room.
Welcome to the site.


- NMT CREU Group.

IRB approval

Hello,

Today we received the approval of the New Mexico Tech IRB to proceed with the user study. Tomorrow we will have a meeting to discuss an appropriate location; hopefully we will have many participants, as this week is "dead week", when everything is due and such. I will update tomorrow on the proceedings of the meeting.

- Eunice.

All the Updates

Hello,

Last week the Student Research Symposium occurred in our school, where students presented their research. Danny and I presented a poster for our project; it was my first time presenting. I enjoyed it!


Nonetheless, after a week of filling out the correct forms and typing the process of the user study PLUS the affiliated papers, we got to submit our application to the IRB. Hopefully they will be able to review the documents and reply to us soon, as the semester is coming to a close. For now, Danny and I will be eagerly waiting for the approval.

Until then.
- Eunice.

Finishing Touches

Hey everyone!

As we come to the close of March, we have been coming closer and closer to the end of the design phase of  the user study. We have come up with and have almost finalized the entire user study. As predicted earlier we have not come up with a study that was going to take too much time as a convenience to the users who will participate in the study. The convenience to the users will not however come at a cost to the information that will be gathered by the study.

Keeping the study concise we believed will keep the users focused and answering the best way that reflects the way they truly feel versus merely answering question to get the study over with. Finalizing the user study and the methods to be used to conduct the study will not allow us to submit our IRB form in order to receive permission to conduct the user study since we will be using human participants.

Our next steps from now are to finish up the study in the next few days, submit the IRB for approval by our institution, and then move on to actually conducting the study.

Until next time.

-Daniel

Questionaire

Hello, hello,

As Danny mentioned, we have been working on the user study. Today we determined a few details about the questionnaire, for example

1. It should gather simple background information about the user
2. It will not be a lengthy survey
3. Appropriate wording will take a bit longer than determining the questions
4. We may give the several groups (control and the others) the same questionnaire

This week we will have a meeting with Dr. Zheng where we will discuss how to determine the effectiveness of the visuals. Hence, soon I will post more information on the questions that may be found in the survey. Till then.

- Eunice.

Itty Bitty Update

Hello,

Since coming back from Tapia we have been busy preparing for the user study. Recently, we have finished working on a Google Chrome browser extension that was really simple to implement after already having a javaScript file from the Firefox implementation. Using a simple .json configuration file, the Chrome extension was made to manipulate description pages of applications. Before the end of the school year you may be able to find this extension for download on the chrome web store.

The extension works the same way the GreaseMonkey script works in the Firefox browser. Later today we should be meeting to discuss the design of the survey. Until then!

-Daniel

Tapia 2013

Hi,

As some may or may not have known, last week end was the 2013 Richard Tapia Celebration of Diversity in Computing Conference. It was a great conference with plenty of great speakers and diverse representatives from all fields of computer science.

 I attended as a presenter for the student research poster session to present our current research. Overall the research was engaging to attendees of the conference and it sparked much interest more then likely due to the great poster design done by Eunice. I also got to meet many other students part of CREU as well as Jamika Burge. Talking with these students and hearing about all the other research that is possible because of this program was a great experience. Below is a picture of our poster and me next to it.

Next we are looking to finalizing our code and expand to a comprehensive user study. More will be discussed at a meeting tomorrow. Until next post!

-Daniel

Status of Poster

Hello,

Our poster for the Tapia Conference is essentially complete. Dr. Zheng will review it and then we shall proceed to print it. Hopefully the specialized printer in charge of that mighty task will be as interesting as it seems (an oversized printer!) Nonetheless, again, Danny is leaving for the conference on Thursday.

- Eunice.

Update

Hello,

This will be the second post of the day. Last week our team met on Friday to go over smaller details of the user study, which will be our second step, and to discuss the contents of our research poster, which is still a work in progress. Also, our meetings now occur every other week.

Since the scripts are completed, Danny and I have focused on completing the poster for the Tapia conference. He is leaving on Thursday morning, and I believe that the conference takes place on Friday. Nonetheless, tomorrow we will get to print it and possibly show you.

- Eunice.

Scripts in Action

Hello,

Here we go, screenshots of the scripts in action! The following three images show the app's overall security risk score.

See the permissions tab? It shows which permissions are requested by the application.

If we click on it, we get the following

CSS for a Script

Hello,

Danny and I have been working on multiple scripts that change the appearance of the permissions tab within Google Play. For example, if we look at this app, we see four tabs indicating the overview, user reviews, what's new, permissions for it (above). Within the permissions tab, permissions categories are listed, and under those categories we find the permission names. Our scripts add more content next to the permission name, such as a security rating and a percentage bar. The total risk score of the app is displayed above the star rating (pictured above).

Soon I will post prettier and more detailed pictures of the script's visual result.

- Eunice.

Our work so far

Hi,

After one semester of work as well as most of winter break to look a good bit of it over there are some working visuals associated with our work. As a quick summary of it you can browse the following screenshots of a working part of out work so far. 

 Above is an example of an applications web page on the google play website and below shows what is changed when we calculate a score for the app and present the information to the user.

With the simple graphics on the page as well as some other similar changes to the webpage, an idea about an apps potential maliciousness can be conveyed to the user in a quick easy manner. 

Lastly below is an example of an app that may not be malicious necessarily, but requests an abnormally large number of permissions that put it in a position to be potentially dangerous.

there will be more to come in the coming weeks, stay tuned!

-Daniel