TU Darmstadt / ULB / TUbiblio

ConXsense – Context Sensing for Adaptive Usable Access Control

Miettinen, Markus and Heuser, Stephan and Kronz, Wiebke and Sadeghi, Ahmad-Reza and Asokan, N. (2013):
ConXsense – Context Sensing for Adaptive Usable Access Control.
[Report]

Abstract

In this paper, we present the design and implementation of ConXsense, a framework utilizing context sensing for easy-to-use and adaptive context-aware access control for mobile devices. Previous work often require either users to laboriously specify detailed policies or they rely on pre-specified, non-personalized and error-prone policies for generic context classes. Recent approaches attempt to address these deficiencies by learning from context data. Our approach improves on this by using context data to automatically estimate the sensitivity and safety of the user’s context and using the estimates for dynamically enforcing access control rules in a highly personalized, nonintrusive and usable manner. Our initial implementation of the framework addresses two smartphone-related problem scenarios for context-aware access control: 1) how to prevent unauthorized apps (like sensory malware) from gathering information about the context of a mobile device (contextual privacy) and 2) how to protect the data and applications on the device from physical threats in the context (like thieves or device misuse by others). We start with a sociological user study, and use its results to inform the design and implementation of ConXsense. We carry out a data collection and analysis study based on which we evaluate the effectiveness and accuracy of ConXsense. Moreover, we integrate ConXsense with a fine-grained access control architecture and show how it can effectively protect against sensory malware as well as device theft and misuse.

Item Type: Report
Erschienen: 2013
Creators: Miettinen, Markus and Heuser, Stephan and Kronz, Wiebke and Sadeghi, Ahmad-Reza and Asokan, N.
Title: ConXsense – Context Sensing for Adaptive Usable Access Control
Language: German
Abstract:

In this paper, we present the design and implementation of ConXsense, a framework utilizing context sensing for easy-to-use and adaptive context-aware access control for mobile devices. Previous work often require either users to laboriously specify detailed policies or they rely on pre-specified, non-personalized and error-prone policies for generic context classes. Recent approaches attempt to address these deficiencies by learning from context data. Our approach improves on this by using context data to automatically estimate the sensitivity and safety of the user’s context and using the estimates for dynamically enforcing access control rules in a highly personalized, nonintrusive and usable manner. Our initial implementation of the framework addresses two smartphone-related problem scenarios for context-aware access control: 1) how to prevent unauthorized apps (like sensory malware) from gathering information about the context of a mobile device (contextual privacy) and 2) how to protect the data and applications on the device from physical threats in the context (like thieves or device misuse by others). We start with a sociological user study, and use its results to inform the design and implementation of ConXsense. We carry out a data collection and analysis study based on which we evaluate the effectiveness and accuracy of ConXsense. Moreover, we integrate ConXsense with a fine-grained access control architecture and show how it can effectively protect against sensory malware as well as device theft and misuse.

Divisions: 20 Department of Computer Science
20 Department of Computer Science > System Security Lab
Profile Areas
Profile Areas > Cybersecurity (CYSEC)
LOEWE
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Date Deposited: 04 Aug 2016 10:13
Identification Number: TUD-CS-2013-0218
Related URLs:
Export:
Suche nach Titel in: TUfind oder in Google

Optionen (nur für Redakteure)

View Item View Item