ConXsense - Automated Context Classification for Context-Aware Access Control

We present ConXsense, the first framework for context-aware access control on mobile devices based on context classification. Previous context-aware access control systems often require users to laboriously specify detailed policies or they rely on pre-defined policies not adequately reflecting the true preferences of users. We present the design and implementation of a context-aware framework that uses a probabilistic approach to overcome these deficiencies. The framework utilizes context sensing and machine learning to automatically classify contexts according to their security and privacy-related properties. We apply the framework to two important smartphone-related use cases: protection against device misuse using a dynamic device lock and protection against sensory malware. We ground our analysis on a sociological survey examining the perceptions and concerns of users related to contextual smartphone security and analyze the effectiveness of our approach with real-world context data. We also demonstrate the integration of our framework with the FlaskDroid architecture for fine-grained access control enforcement on the Android platform.Comment: Recipient of the Best Paper Awar

Formal Specification of CA-UCON model using CCA

A Context-Aware Usage CONtrol (CAUCON) model is an extension of the traditional UCON model which enables adaptation to environmental changes in the aim of preserving continuity of usage in a pervasive computing system. When the authorisations and obligations requirements are met by the subject and the object, and the conditions requirements fail due to changes in the environment or the system context, CAUCON model triggers specific actions to adapt to the new situation. Besides the data protection, CA-UCON model so enhances the quality of services, striving to keep explicit interactions with the user at a minimum. This paper proposes a formal specification of the CA-UCON model in the Calculus of Context-aware Ambients (CCA in short). This enables formal analysis of the CA-UCON model using the execution environment of CCA. For illustration, some properties of the CA-UCON model are validated for a ubiquitous learning system

A contextual usage control model

Model praćenja uporabe (UCON) je najnovije veliko poboljšanje tradicionalnih modela za praćenje pristupa. On omogućava promjenljivost atributa subjekta i objekta i kontinuitet praćenja uporabe. Međutim, taj model može zabraniti pristup zbog promjena u okolini čak i ako su zadovoljeni zahtjevi autorizacije i obveze te tako korisnicima stvoriti prekide. Predložen je kontekstualni UCON (CUC) kako bi se prevladala ta osnovna slabost UCONa. U CUC-u se uvodi kontekst kao zamjena za komponentu uvjeta u UCON-u. Dodaje se modul upravljanja za manipuliranje atributima subjekta, objekta i konteksta. CUC izravno kombinira module praćenja i upravljanja i može dinamički prilagođavati promjene u kontekstu te je uistinu baziran na atributima. Primijenjen je algebarski pristup za opis sintakse i semantike CUCa.The usage control model (UCON) is the latest major enhancement of traditional access control models. It enables subject and object attributes mutability and usage control continuity. However, with the model access permission may be denied as a result of the environmental changes even though the authorization and obligation requirements are met, thus causing disruptions to users. Contextual UCON (CUC) was proposed to overcome this major weakness of UCON. In CUC context was introduced to replace the conditions component in UCON. And management module was added to manipulate the subject and object and context attributes. CUC seamlessly combines control and management modules and has the ability to dynamically adapt the changes in context, and is truly attribute-based. An algebra approach was employed to describe CUC syntax and semantics formally

CA-ARBAC: privacy preserving using context-aware role-based access control on Android permission system

Existing mobile platforms are based on manual way of granting and revoking permissions to applications. Once the user grants a given permission to an application, the application can use it without limit, unless the user manually revokes the permission. This has become the reason for many privacy problems because of the fact that a permission that is harmless at some occasion may be very dangerous at another condition. One of the promising solutions for this problem is context-aware access control at permission level that allows dynamic granting and denying of permissions based on some predefined context. However, dealing with policy configuration at permission level becomes very complex for the user as the number of policies to configure will become very large. For instance, if there are A applications, P permissions, and C contexts, the user may have to deal with A × P × C number of policy configurations. Therefore, we propose a context-aware role-based access control model that can provide dynamic permission granting and revoking while keeping the number of policies as small as possible. Although our model can be used for all mobile platforms, we use Android platform to demonstrate our system. In our model, Android applications are assigned roles where roles contain a set of permissions and contexts are associated with permissions. Permissions are activated and deactivated for the containing role based on the associated contexts. Our approach is unique in that our system associates contexts with permissions as opposed to existing similar works that associate contexts with roles. As a proof of concept, we have developed a prototype application called context-aware Android role-based access control. We have also performed various tests using our application, and the result shows that our model is working as desired

CA-ARBAC: privacy preserving using context-aware role-based access control on Android permission system

Existing mobile platforms are based on manual way of granting and revoking permissions to applications. Once the user grants a given permission to an application, the application can use it without limit, unless the user manually revokes the permission. This has become the reason for many privacy problems because of the fact that a permission that is harmless at some occasion may be very dangerous at another condition. One of the promising solutions for this problem is context-aware access control at permission level that allows dynamic granting and denying of permissions based on some predefined context. However, dealing with policy configuration at permission level becomes very complex for the user as the number of policies to configure will become very large. For instance, if there are A applications, P permissions, and C contexts, the user may have to deal with A × P × C number of policy configurations. Therefore, we propose a context-aware role-based access control model that can provide dynamic permission granting and revoking while keeping the number of policies as small as possible. Although our model can be used for all mobile platforms, we use Android platform to demonstrate our system. In our model, Android applications are assigned roles where roles contain a set of permissions and contexts are associated with permissions. Permissions are activated and deactivated for the containing role based on the associated contexts. Our approach is unique in that our system associates contexts with permissions as opposed to existing similar works that associate contexts with roles. As a proof of concept, we have developed a prototype application called context-aware Android role-based access control. We have also performed various tests using our application, and the result shows that our model is working as desired