ConXsense - Automated Context Classification for Context-Aware Access Control

We present ConXsense, the first framework for context-aware access control on mobile devices based on context classification. Previous context-aware access control systems often require users to laboriously specify detailed policies or they rely on pre-defined policies not adequately reflecting the true preferences of users. We present the design and implementation of a context-aware framework that uses a probabilistic approach to overcome these deficiencies. The framework utilizes context sensing and machine learning to automatically classify contexts according to their security and privacy-related properties. We apply the framework to two important smartphone-related use cases: protection against device misuse using a dynamic device lock and protection against sensory malware. We ground our analysis on a sociological survey examining the perceptions and concerns of users related to contextual smartphone security and analyze the effectiveness of our approach with real-world context data. We also demonstrate the integration of our framework with the FlaskDroid architecture for fine-grained access control enforcement on the Android platform.Comment: Recipient of the Best Paper Awar

Organizing risk: organization and management theory for the risk society

Risk has become a crucial part of organizing, affecting a wide range of organizations in all sectors. We identify, review and integrate diverse literatures relevant to organizing risk, building on an existing framework that describes how risk is organized in three ‘modes’ – prospectively, in real-time, and retrospectively. We then identify three critical issues in the existing literature: its fragmented nature; its neglect of the tensions associated with each of the modes; and its tendency to assume that the meaning of an object in relation to risk is singular and stable. We provide a series of new insights with regard to each of these issues. First, we develop the concept of a risk cycle that shows how organizations engage with all three modes and transition between them over time. Second, we explain why the tensions have been largely ignored and show how studies using a risk work perspective can provide further insights into them. Third, we develop the concept of risk translation to highlight the ways in the meanings of risks can be transformed and to identify the political consequences of such translations. We conclude the paper with a research agenda to elaborate these insights and ideas further

The core executive's approach to regulation: from 'better regulation' to 'risk-tolerant deregulation'

This article examines changes in the New Labour core executive's approach to regulation and its relationship with risk, through analysing documentary, legislative and press sources concerning approaches to regulatory decision-making. It claims that an initial commitment to ‘better regulation’ has gradually been replaced by explicit support for deregulation. A reduction in the scope of regulation was also promoted by the Thatcher and Major governments. The New Labour core executive shares previous (Conservative) administrations’ concern to include business in deregulatory decision-making. However, the article claims that there is one significant difference in the New Labour deregulatory approach: a new toleration of risk. Deregulation is, now, described as a corrective to regulators’ over-reactions to perceived risks, which, it is claimed, are holding back economic and technological progress. However, this new approach excludes competing views concerning how risk should be regulated. In particular, it does not engage with widespread popular views that governments should continue to protect against risk