TU Darmstadt / ULB / TUbiblio

Towards security policy decisions based on context profiling

Miettinen, Markus and Asokan, N. (2010):
Towards security policy decisions based on context profiling.
In: Proceedings of the 3rd ACM workshop on Artificial intelligence and security (AISec '10), ACM, Chicago, Illinois, USA, In: AISec '10, ISBN 978-1-4503-0088-9,
DOI: 10.1145/1866423.1866428,
[Conference or Workshop Item]

Abstract

With the increasing popularity of personal mobile devices like smartphones, more and more ordinary users create and consume valuable, private and sensitive data such as photos, videos, messages, documents as well as access credentials for various resources and services. Without proper access control policies, such data may be disclosed in ways that the user did not intend. Although various applications and services support the possibility of fine-grained security and privacy policies, end users are not capable of understanding or adjusting the policies to suit their needs.

In this position paper we argue that context information can be used to infer likely access control policies. We motivate by briefly describing three usage scenarios where context related to the location of a device can be used to set access control policies. We argue that a simple measure like the "familiarity" of a device and/or context can be calculated and used to infer appropriate policy settings. Finally, we report on our experience in using context observations collected from the devices of two test participants over a period of time.

Item Type: Conference or Workshop Item
Erschienen: 2010
Creators: Miettinen, Markus and Asokan, N.
Title: Towards security policy decisions based on context profiling
Language: German
Abstract:

With the increasing popularity of personal mobile devices like smartphones, more and more ordinary users create and consume valuable, private and sensitive data such as photos, videos, messages, documents as well as access credentials for various resources and services. Without proper access control policies, such data may be disclosed in ways that the user did not intend. Although various applications and services support the possibility of fine-grained security and privacy policies, end users are not capable of understanding or adjusting the policies to suit their needs.

In this position paper we argue that context information can be used to infer likely access control policies. We motivate by briefly describing three usage scenarios where context related to the location of a device can be used to set access control policies. We argue that a simple measure like the "familiarity" of a device and/or context can be calculated and used to infer appropriate policy settings. Finally, we report on our experience in using context observations collected from the devices of two test participants over a period of time.

Title of Book: Proceedings of the 3rd ACM workshop on Artificial intelligence and security (AISec '10)
Series Name: AISec '10
Publisher: ACM
ISBN: 978-1-4503-0088-9
Uncontrolled Keywords: context profiling, context-sensitivity, policy decision making, security policies
Divisions: 20 Department of Computer Science
20 Department of Computer Science > System Security Lab
Event Location: Chicago, Illinois, USA
Date Deposited: 07 Aug 2016 23:07
DOI: 10.1145/1866423.1866428
Identification Number: TUD-CS-2010-23866
Export:
Suche nach Titel in: TUfind oder in Google

Optionen (nur für Redakteure)

View Item View Item