TU Darmstadt / ULB / TUbiblio

Towards security policy decisions based on context profiling

Miettinen, Markus ; Asokan, N. :
Towards security policy decisions based on context profiling.
In: AISec '10 . ACM
[Konferenz- oder Workshop-Beitrag], (2010)

Kurzbeschreibung (Abstract)

With the increasing popularity of personal mobile devices like smartphones, more and more ordinary users create and consume valuable, private and sensitive data such as photos, videos, messages, documents as well as access credentials for various resources and services. Without proper access control policies, such data may be disclosed in ways that the user did not intend. Although various applications and services support the possibility of fine-grained security and privacy policies, end users are not capable of understanding or adjusting the policies to suit their needs.

In this position paper we argue that context information can be used to infer likely access control policies. We motivate by briefly describing three usage scenarios where context related to the location of a device can be used to set access control policies. We argue that a simple measure like the "familiarity" of a device and/or context can be calculated and used to infer appropriate policy settings. Finally, we report on our experience in using context observations collected from the devices of two test participants over a period of time.

Typ des Eintrags: Konferenz- oder Workshop-Beitrag (Keine Angabe)
Erschienen: 2010
Autor(en): Miettinen, Markus ; Asokan, N.
Titel: Towards security policy decisions based on context profiling
Sprache: Deutsch
Kurzbeschreibung (Abstract):

With the increasing popularity of personal mobile devices like smartphones, more and more ordinary users create and consume valuable, private and sensitive data such as photos, videos, messages, documents as well as access credentials for various resources and services. Without proper access control policies, such data may be disclosed in ways that the user did not intend. Although various applications and services support the possibility of fine-grained security and privacy policies, end users are not capable of understanding or adjusting the policies to suit their needs.

In this position paper we argue that context information can be used to infer likely access control policies. We motivate by briefly describing three usage scenarios where context related to the location of a device can be used to set access control policies. We argue that a simple measure like the "familiarity" of a device and/or context can be calculated and used to infer appropriate policy settings. Finally, we report on our experience in using context observations collected from the devices of two test participants over a period of time.

Buchtitel: Proceedings of the 3rd ACM workshop on Artificial intelligence and security (AISec '10)
Reihe: AISec '10
Verlag: ACM
Freie Schlagworte: context profiling, context-sensitivity, policy decision making, security policies
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Systemsicherheit
Veranstaltungsort: Chicago, Illinois, USA
Hinterlegungsdatum: 07 Aug 2016 23:07
DOI: 10.1145/1866423.1866428
ID-Nummer: TUD-CS-2010-23866
Export:

Optionen (nur für Redakteure)

Eintrag anzeigen Eintrag anzeigen