17 research outputs found
ConXsense - Automated Context Classification for Context-Aware Access Control
We present ConXsense, the first framework for context-aware access control on
mobile devices based on context classification. Previous context-aware access
control systems often require users to laboriously specify detailed policies or
they rely on pre-defined policies not adequately reflecting the true
preferences of users. We present the design and implementation of a
context-aware framework that uses a probabilistic approach to overcome these
deficiencies. The framework utilizes context sensing and machine learning to
automatically classify contexts according to their security and privacy-related
properties. We apply the framework to two important smartphone-related use
cases: protection against device misuse using a dynamic device lock and
protection against sensory malware. We ground our analysis on a sociological
survey examining the perceptions and concerns of users related to contextual
smartphone security and analyze the effectiveness of our approach with
real-world context data. We also demonstrate the integration of our framework
with the FlaskDroid architecture for fine-grained access control enforcement on
the Android platform.Comment: Recipient of the Best Paper Awar
Formal Specification of CA-UCON model using CCA
A Context-Aware Usage CONtrol (CAUCON)
model is an extension of the traditional UCON
model which enables adaptation to environmental changes
in the aim of preserving continuity of usage in a pervasive
computing system. When the authorisations and
obligations requirements are met by the subject and
the object, and the conditions requirements fail due to
changes in the environment or the system context, CAUCON
model triggers specific actions to adapt to the new
situation. Besides the data protection, CA-UCON model so
enhances the quality of services, striving to keep explicit
interactions with the user at a minimum. This paper
proposes a formal specification of the CA-UCON model in
the Calculus of Context-aware Ambients (CCA in short).
This enables formal analysis of the CA-UCON model using
the execution environment of CCA. For illustration, some
properties of the CA-UCON model are validated for a
ubiquitous learning system
A contextual usage control model
Model praćenja uporabe (UCON) je najnovije veliko poboljšanje tradicionalnih modela za praćenje pristupa. On omogućava promjenljivost atributa subjekta i objekta i kontinuitet praćenja uporabe. Međutim, taj model može zabraniti pristup zbog promjena u okolini čak i ako su zadovoljeni zahtjevi autorizacije i obveze te tako korisnicima stvoriti prekide. Predložen je kontekstualni UCON (CUC) kako bi se prevladala ta osnovna slabost UCONa. U CUC-u se uvodi kontekst kao zamjena za komponentu uvjeta u UCON-u. Dodaje se modul upravljanja za manipuliranje atributima subjekta, objekta i konteksta. CUC izravno kombinira module praćenja i upravljanja i može dinamički prilagođavati promjene u kontekstu te je uistinu baziran na atributima. Primijenjen je algebarski pristup za opis sintakse i semantike CUCa.The usage control model (UCON) is the latest major enhancement of traditional access control models. It enables subject and object attributes mutability and usage control continuity. However, with the model access permission may be denied as a result of the environmental changes even though the authorization and obligation requirements are met, thus causing disruptions to users. Contextual UCON (CUC) was proposed to overcome this major weakness of UCON. In CUC context was introduced to replace the conditions component in UCON. And management module was added to manipulate the subject and object and context attributes. CUC seamlessly combines control and management modules and has the ability to dynamically adapt the changes in context, and is truly attribute-based. An algebra approach was employed to describe CUC syntax and semantics formally
CA-ARBAC: privacy preserving using context-aware role-based access control on Android permission system
Existing mobile platforms are based on manual way of granting and revoking permissions to applications. Once the user grants a given permission to an application, the application can use it without limit, unless the user manually revokes the permission. This has become the reason for many privacy problems because of the fact that a permission that is harmless at some occasion may be very dangerous at another condition. One of the promising solutions for this problem is context-aware access control at permission level that allows dynamic granting and denying of permissions based on some predefined context. However, dealing with policy configuration at permission level becomes very complex for the user as the number of policies to configure will become very large. For instance, if there are A applications, P permissions, and C contexts, the user may have to deal with A × P × C number of policy configurations. Therefore, we propose a context-aware role-based access control model that can provide dynamic permission granting and revoking while keeping the number of policies as small as possible. Although our model can be used for all mobile platforms, we use Android platform to demonstrate our system. In our model, Android applications are assigned roles where roles contain a set of permissions and contexts are associated with permissions. Permissions are activated and deactivated for the containing role based on the associated contexts. Our approach is unique in that our system associates contexts with permissions as opposed to existing similar works that associate contexts with roles. As a proof of concept, we have developed a prototype application called context-aware Android role-based access control. We have also performed various tests using our application, and the result shows that our model is working as desired
CA-ARBAC: privacy preserving using context-aware role-based access control on Android permission system
Existing mobile platforms are based on manual way of granting and revoking permissions to applications. Once the user grants a given permission to an application, the application can use it without limit, unless the user manually revokes the permission. This has become the reason for many privacy problems because of the fact that a permission that is harmless at some occasion may be very dangerous at another condition. One of the promising solutions for this problem is context-aware access control at permission level that allows dynamic granting and denying of permissions based on some predefined context. However, dealing with policy configuration at permission level becomes very complex for the user as the number of policies to configure will become very large. For instance, if there are A applications, P permissions, and C contexts, the user may have to deal with A × P × C number of policy configurations. Therefore, we propose a context-aware role-based access control model that can provide dynamic permission granting and revoking while keeping the number of policies as small as possible. Although our model can be used for all mobile platforms, we use Android platform to demonstrate our system. In our model, Android applications are assigned roles where roles contain a set of permissions and contexts are associated with permissions. Permissions are activated and deactivated for the containing role based on the associated contexts. Our approach is unique in that our system associates contexts with permissions as opposed to existing similar works that associate contexts with roles. As a proof of concept, we have developed a prototype application called context-aware Android role-based access control. We have also performed various tests using our application, and the result shows that our model is working as desired