Change search
ReferencesLink to record
Permanent link

Direct link
Privacy-Invasive Software
Responsible organisation
2010 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

As computers are increasingly more integrated into our daily lives we become more dependent on software. This situation is exploited by villainous actors on the Internet that distribute malicious software in search for fast financial gains on the expense of deceived computer users. As a result, computer users need more accurate and aiding mechanisms to assist them when separating legitimate software from its unwanted counterparts. However, such separations are complicated due to a greyzone of software that exists between legitimate and purely malicious software. The software in this greyzone often vaguely labeled spyware. This work introduce both user-aiding mechanisms and an attempt to clarify the greyzone by introducing the concept of privacy-invasive software (PIS) as a category of software that ignores the users’ right to be left alone. Such software is distributed with a specific intent (often of commercial nature), which negatively affect the users to various degree. PIS is therefore classified with respect to the degree of informed consent and the amount of negative consequences for the users. To mitigate the effects from PIS, two novel mechanisms for safeguarding user consent during software installation are introduced; a collaborative software reputation system; and an automated End User License Agreement (EULA) classification. In the software reputation system, users collaborate by sharing experiences of previously used software programs, allowing new users to rely on the collective experience when installing software. The EULA classification generalizes patterns from a set of both legitimate and questionable software EULAs, so that computer users can automatically classify previously unknown EULAs as belonging to legitimate software or not. Both techniques increase user awareness about software program behavior, which allow users to make more informed decisions concerning software installations, which arguably reduces the threat from PIS. We present experimental results showing the ability of a set of machine learning algorithms ability to perform automated EULA classification. In addition, we also present a prototype implementation of a software reputation system, together with simulation results of the large-scale use of the system.

Place, publisher, year, edition, pages
Karlskrona: Blekinge Institute of Technology , 2010.
Blekinge Institute of Technology Doctoral Dissertation Series, ISSN 1653-2090 ; 2
National Category
Computer Science
URN: urn:nbn:se:bth-00459Local ID: 978-91-7295-177-8OAI: diva2:835533
Available from: 2012-09-18 Created: 2010-03-02 Last updated: 2015-06-30Bibliographically approved

Open Access in DiVA

fulltext(3126 kB)812 downloads
File information
File name FULLTEXT01.pdfFile size 3126 kBChecksum SHA-512
Type fulltextMimetype application/pdf

Search in DiVA

By author/editor
Boldt, Martin
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
Total: 812 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 63 hits
ReferencesLink to record
Permanent link

Direct link