SEcurity RequIrements for seriOUS apps

Funded by:NWO under project nr. 628.001.011
Duration:January 2015 until January 2019
Contact:Prof.Dr. P.H. Hartel (Pieter)

A serious App is used for serious business such as tele-treatment, or tele-learning. Serious Apps process important data that must only be shared with authorised parties. End-users find it difficult to manage the security and privacy risks of Apps because current platforms such as Google Android, Apple iOS and Windows Phone do not provide the end-user with usable tools. For example the Android permission system has a large number of system oriented permissions that do not necessarily mean much to the end-user. The aim of the SERIOUS project is to help end-users to manage security and privacy risks of serious Apps. To achieve this aim we will build software that will enable a human guardian to manage the risks for the end-user. The guardian could be a nurse in the case of a tele-treatment App, or a teacher in the case of a tele-learning App. The software will be developed in three phases. In the first phase the guardian has to be involved in every security and privacy decision. We will conduct social science experiments with end-users of serious Apps in three different domains to research how end-users and guardians manage security and privacy risks. This knowledge will be codified in subsequent versions of the software to lighten the work of the guardian. The final version should operate with no, or minimal assistance of the guardian. The main research challenge is to understand how to manage security and privacy risks and how to codify that knowledge into usable tools.