Miettinen, Markus ; Asokan, N. (2010)
Towards security policy decisions based on context profiling.
Chicago, Illinois, USA
doi: 10.1145/1866423.1866428
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
With the increasing popularity of personal mobile devices like smartphones, more and more ordinary users create and consume valuable, private and sensitive data such as photos, videos, messages, documents as well as access credentials for various resources and services. Without proper access control policies, such data may be disclosed in ways that the user did not intend. Although various applications and services support the possibility of fine-grained security and privacy policies, end users are not capable of understanding or adjusting the policies to suit their needs.
In this position paper we argue that context information can be used to infer likely access control policies. We motivate by briefly describing three usage scenarios where context related to the location of a device can be used to set access control policies. We argue that a simple measure like the "familiarity" of a device and/or context can be calculated and used to infer appropriate policy settings. Finally, we report on our experience in using context observations collected from the devices of two test participants over a period of time.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2010 |
| Autor(en): | Miettinen, Markus ; Asokan, N. |
| Art des Eintrags: | Bibliographie |
| Titel: | Towards security policy decisions based on context profiling |
| Sprache: | Deutsch |
| Publikationsjahr: | 2010 |
| Verlag: | ACM |
| Buchtitel: | Proceedings of the 3rd ACM workshop on Artificial intelligence and security (AISec '10) |
| Reihe: | AISec '10 |
| Veranstaltungsort: | Chicago, Illinois, USA |
| DOI: | 10.1145/1866423.1866428 |
| Kurzbeschreibung (Abstract): | With the increasing popularity of personal mobile devices like smartphones, more and more ordinary users create and consume valuable, private and sensitive data such as photos, videos, messages, documents as well as access credentials for various resources and services. Without proper access control policies, such data may be disclosed in ways that the user did not intend. Although various applications and services support the possibility of fine-grained security and privacy policies, end users are not capable of understanding or adjusting the policies to suit their needs. In this position paper we argue that context information can be used to infer likely access control policies. We motivate by briefly describing three usage scenarios where context related to the location of a device can be used to set access control policies. We argue that a simple measure like the "familiarity" of a device and/or context can be calculated and used to infer appropriate policy settings. Finally, we report on our experience in using context observations collected from the devices of two test participants over a period of time. |
| Freie Schlagworte: | context profiling, context-sensitivity, policy decision making, security policies |
| ID-Nummer: | TUD-CS-2010-23866 |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Systemsicherheit |
| Hinterlegungsdatum: | 07 Aug 2016 23:07 |
| Letzte Änderung: | 27 Sep 2018 09:20 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum