CA-ARBAC: privacy preserving using context-aware role-based access control on Android permission system

Existing mobile platforms are based on manual way of granting and revoking permissions to applications. Once the user grants a given permission to an application, the application can use it without limit, unless the user manually revokes the permission. This has become the reason for many privacy problems because of the fact that a permission that is harmless at some occasion may be very dangerous at another condition. One of the promising solutions for this problem is context-aware access control at permission level that allows dynamic granting and denying of permissions based on some predefined context. However, dealing with policy configuration at permission level becomes very complex for the user as the number of policies to configure will become very large. For instance, if there are A applications, P permissions, and C contexts, the user may have to deal with A × P × C number of policy configurations. Therefore, we propose a context-aware role-based access control model that can provide dynamic permission granting and revoking while keeping the number of policies as small as possible. Although our model can be used for all mobile platforms, we use Android platform to demonstrate our system. In our model, Android applications are assigned roles where roles contain a set of permissions and contexts are associated with permissions. Permissions are activated and deactivated for the containing role based on the associated contexts. Our approach is unique in that our system associates contexts with permissions as opposed to existing similar works that associate contexts with roles. As a proof of concept, we have developed a prototype application called context-aware Android role-based access control. We have also performed various tests using our application, and the result shows that our model is working as desired

A Paradigm for Safe Adaptation of Collaborating Robots

The dynamic forces that transit back and forth traditional boundaries of system development have led to the emergence of digital ecosystems. Within these, business gains are achieved through the development of intelligent control that requires a continuous design and runtime co-engineering process endangered by malicious attacks. The possibility of inserting specially crafted faults capable to exploit the nature of unknown evolving intelligent behavior raises the necessity of malicious behavior detection at runtime.Adjusting to the needs and opportunities of fast AI development within digital ecosystems, in this paper, we envision a novel method and framework for runtime predictive evaluation of intelligent robots' behavior for assuring a cooperative safe adjustment

Kablosuz algılayıcı ağlarda güvenlik ve servis kalitesi.

Security and quality of service (QoS) issues in cluster-based wireless sensor networks are investigated. The QoS perspective is mostly at application level consisting of four attributes, which are spatial resolution, coverage, system lifetime and packet loss due to collisions. The addressed security aspects are message integrity and authentication. Under this scope, the interactions between security and service quality are analyzed with particular emphasis on the tradeoff between security and spatial resolution for channel capacity. The optimal security and spatial resolution levels which yield the best tradeoff are determined. In addition, a control strategy is proposed to achieve the desired quality of service and security levels during the entire operation of a cluster-based sensor network. Compared to the existing studies, the proposed method is simpler and has superior performance.Ph.D. - Doctoral Progra

Modeling and performance analysis of a linear cellular network with vehicle interactions

Ankara : The Department of Electrical and Electronics Engineering and the Institute of Engineering and Sciences of Bilkent University, 2001.Thesis (Master's) -- Bilkent University, 2001.Includes bibliographical references leaves 83-85Tomur, EmrahM.S

A practical NFC relay attack on mobile devices using card emulation mode

38th International Convention on Information and Communication Technology, Electronics and Microelectronics, MIPRO 2015; Grand Hotel Adriatic Congress Centre and Hotel Admiral in Opatija; Croatia; 25 May 2015 through 29 May 2015In this study, a practical card-emulated relay attack is implemented on Near Field Communication (NFC) equipped mobile devices. NFC is a promising communication technology which is also used in smart mobile devices. As an effective and flexible communication technology, NFC is frequently used in innovative solutions nowadays such as payments, access control etc. Because of the nature of these transactions, security is a critical issue that should be considered in system design and development phases. Although inherited from Radio Frequency Identification (RFID) technology, NFC security needs, requirements and solutions differ in terms of its usage areas and solutions. Based on these parameters, security precautions in communication layer of RFID technology do not prevent relay attacks occurred in the application layer NFC solutions. This study is conducted to prove relay attack practicability with using only mobile phones for relaying credentials instead of RFID based smart cards in an access control application. The Host Card Emulation (HCE) mode also eases relay attacks in NFC communication. The study explains the conceptual description of proposed relay attack, development and operating logic of mobile applications working based on card emulation mode and server software and also data communication basics between modules and web services descriptions

Application of temporal and spatial role based access control in 802.11 wireless networks

In this study, we have investigated the security aspects of wireless local area networks and discussed the weaknesses associated with various conventional 802.11 security protocols such as WEP and 802.1X. We propose an architecture to control access to 802.11 wireless networks, based on roles, location and time information, using the tested wired network components such as VPNs and Firewalls. The presented architecture, in which temporal and spatial RBAC is implemented, reduces the security risks in enterprise level deployment of wireless LANs

An Analysis for the Correlation of Coverage and Spatial Resolution for Wireless Sensor Networks

In this study, we investigate the interactions between coverage and spatial resolution for cluster-based wireless sensor networks (WSN). We present an approximate probabilistic analysis for the mentioned correlation and verify this analysis by simulation. Our analysis includes the k-coverage case

A layered security architecture for corporate 802.11 wireless networks

In this study we have investigated the security aspects of wireless local area networks and discussed the weaknesses associated with various conventional 802.11 security protocols such as WEP and 802.1x. We propose an architecture to control access to corporate 802.11 wireless networks, based on the privileges and location of users, using the tested wired network components such as VPNs and Firewalls. The presented architecture reduces the security risks in enterprise level deployment of wireless LANs

Tradeoff analysis and optimization of security and spatial resolution for sensor networks

In this study, we investigate the correlation between security and spatial resolution -a measure of service quality- in cluster-based wireless sensor networks (WSN). We analyze the tradeoff between these two concepts resulting from the limited channel capacity and propose a method to determine the best tradeoff between security and spatial resolution for cases where network capacity is not sufficient to support required levels. We also present some numerical results obtained by application of the proposed method to a sample sensor network

Security and Spatial Resolution Optimization for Cluster-Based Wireless Sensor Networks

In this study, we investigate the correlation between security and spatial resolution -a measure of service quality- in cluster-based wireless sensor networks (WSN). We analyze the tradeoff between these two concepts resulting from the limited channel capacity. We propose a method based on combinatorial optimization to determine the best tradeoff between security and spatial resolution for cases where network capacity is not sufficient to support required levels. The proposed method involves formulation of an optimization problem by utility maximizing approach and its solution by a heuristic algorithm providing minimal operational complexity. We also present some numerical results obtained by application of the proposed method to a sample sensor network. The numerical results demonstrate the effect of utility function parameters on the optimal solution