research-article

Towards security policy decisions based on context profiling

Authors:

Markus Miettinen,

N. AsokanAuthors Info & Claims

AISec '10: Proceedings of the 3rd ACM workshop on Artificial intelligence and security

Pages 19 - 23

https://doi.org/10.1145/1866423.1866428

Published: 08 October 2010 Publication History

Get Access

Abstract

With the increasing popularity of personal mobile devices like smartphones, more and more ordinary users create and consume valuable, private and sensitive data such as photos, videos, messages, documents as well as access credentials for various resources and services. Without proper access control policies, such data may be disclosed in ways that the user did not intend. Although various applications and services support the possibility of fine-grained security and privacy policies, end users are not capable of understanding or adjusting the policies to suit their needs.

In this position paper we argue that context information can be used to infer likely access control policies. We motivate by briefly describing three usage scenarios where context related to the location of a device can be used to set access control policies. We argue that a simple measure like the "familiarity" of a device and/or context can be calculated and used to infer appropriate policy settings. Finally, we report on our experience in using context observations collected from the devices of two test participants over a period of time.

References

[1]

]]George Danezis. Inferring privacy policies for social networking services. In Proceedings of AISec'09, pages 5--9. ACM, Nov 2009.

Digital Library

Google Scholar

[2]

]]W. Keith Edwards, Erika Shehan Poole, and Jennifer Stoll. Security automation considered harmful? In NSPW '07: Proceedings of the 2007 Workshop on New Security Paradigms, pages 33--42, New York, NY, USA, 2008. ACM.

Digital Library

Google Scholar

[3]

]]Rachel Greenstadt and Jacob Beal. Cognitive security for personal devices. In Proceedings of AISec'08, pages 27--30. ACM, Oct 2008.

Digital Library

Google Scholar

[4]

]]Markus Jakobsson et al. Implicit authentication for mobile devices. In Proceddings of the 4th Usenix Workshop on Hot Topocs in Security (HotSec '09). Usenix, Aug 2009. http://www.usenix.org/event/hotsec09/tech/full_papers/jakobsson.pdf.

Digital Library

Google Scholar

[5]

]]Patrick Gage Kelley et al. User-controllable learning of security and privacy policies. In Proceedings of AISec'08, pages 11--18. ACM, Oct 2008.

Digital Library

Google Scholar

[6]

]]Mika Klemettinen. Enabling technologies for mobile services : the MobiLife book. J. Wiley, Chichester, England; Hoboken, NJ, 2007.

Digital Library

Google Scholar

[7]

]]Eric Paulos and Elizabeth Goodman. The familiar stranger: anxiety, comfort, and play in public places. In CHI '04: Proceedings of the SIGCHI conference on Human factors in computing systems, pages 223--230, New York, NY, USA, 2004. ACM.

Digital Library

Google Scholar

Cited By

View all

Bilogrevic IHuguenin KAgir BJadliwala MGazaki MHubaux J(2016)A machine-learning based approach to privacy-aware information-sharing in mobile social networksPervasive and Mobile Computing10.1016/j.pmcj.2015.01.00625(125-142)Online publication date: Jan-2016
https://doi.org/10.1016/j.pmcj.2015.01.006
Lubomski PKrawczyk H(2016)Clustering Context Items into User Trust LevelsDependability Engineering and Complex Systems10.1007/978-3-319-39639-2_29(333-342)Online publication date: 18-Jun-2016
https://doi.org/10.1007/978-3-319-39639-2_29
Bilogrevic IHuguenin KAgir BJadliwala MHubaux JMattern FSantini SCanny JLangheinrich MRekimoto J(2013)Adaptive information-sharing for privacy-aware mobile social networksProceedings of the 2013 ACM international joint conference on Pervasive and ubiquitous computing10.1145/2493432.2493510(657-666)Online publication date: 8-Sep-2013
https://dl.acm.org/doi/10.1145/2493432.2493510
Show More Cited By

Index Terms

Towards security policy decisions based on context profiling

Recommendations

On Security Policy Migrations
SACMAT '20: Proceedings of the 25th ACM Symposium on Access Control Models and Technologies

There has been over the past decade a rapid change towards computational environments that are comprised of large and diverse sets of devices, many of them mobile, which can connect in flexible and context-dependent ways. Examples range from networks ...
A Category-Based Model for ABAC
ABAC'18: Proceedings of the Third ACM Workshop on Attribute-Based Access Control

In Attribute-Based Access Control (ABAC) systems, access to resources is controlled by evaluating rules against the attributes of the user and the object involved in the access request, as well as the values of the relevant attributes from the ...
Intuitive Security Policy Configuration in Mobile Devices Using Context Profiling
SOCIALCOM-PASSAT '12: Proceedings of the 2012 ASE/IEEE International Conference on Social Computing and 2012 ASE/IEEE International Conference on Privacy, Security, Risk and Trust

Configuring access control policies in mobile devices can be quite tedious and unintuitive for users. Software designers attempt to address this problem by setting up default policy configurations. But such global defaults may not be sensible for all ...

Comments

Information & Contributors

Information

Published In

AISec '10: Proceedings of the 3rd ACM workshop on Artificial intelligence and security

October 2010

78 pages

ISBN:9781450300889

DOI:10.1145/1866423

General Chair:
Rachel Greenstadt
Drexel University

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 October 2010

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '10

Sponsor:

SIGSAC

CCS '10: 17th ACM Conference on Computer and Communications Security 2010

October 8, 2010

Illinois, Chicago, USA

Acceptance Rates

AISec '10 Paper Acceptance Rate 10 of 15 submissions, 67%;

Overall Acceptance Rate 94 of 231 submissions, 41%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
355
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)1

Reflects downloads up to 01 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Bilogrevic IHuguenin KAgir BJadliwala MGazaki MHubaux J(2016)A machine-learning based approach to privacy-aware information-sharing in mobile social networksPervasive and Mobile Computing10.1016/j.pmcj.2015.01.00625(125-142)Online publication date: Jan-2016
https://doi.org/10.1016/j.pmcj.2015.01.006
Lubomski PKrawczyk H(2016)Clustering Context Items into User Trust LevelsDependability Engineering and Complex Systems10.1007/978-3-319-39639-2_29(333-342)Online publication date: 18-Jun-2016
https://doi.org/10.1007/978-3-319-39639-2_29
Bilogrevic IHuguenin KAgir BJadliwala MHubaux JMattern FSantini SCanny JLangheinrich MRekimoto J(2013)Adaptive information-sharing for privacy-aware mobile social networksProceedings of the 2013 ACM international joint conference on Pervasive and ubiquitous computing10.1145/2493432.2493510(657-666)Online publication date: 8-Sep-2013
https://dl.acm.org/doi/10.1145/2493432.2493510
Gupta AMiettinen MNagy MAsokan NWetzel A(2012)PeerSense: Who is near you?2012 IEEE International Conference on Pervasive Computing and Communications Workshops10.1109/PerComW.2012.6197553(516-518)Online publication date: Mar-2012
https://doi.org/10.1109/PerComW.2012.6197553
Asokan NKuo C(2012)Usable mobile securityProceedings of the 8th international conference on Distributed Computing and Internet Technology10.1007/978-3-642-28073-3_1(1-6)Online publication date: 2-Feb-2012
https://dl.acm.org/doi/10.1007/978-3-642-28073-3_1
Gupta AMiettinen MAsokan N(2011)Using context-profiling to aid access control decisions in mobile devices2011 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops)10.1109/PERCOMW.2011.5766891(310-312)Online publication date: Mar-2011
https://doi.org/10.1109/PERCOMW.2011.5766891

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

On Security Policy Migrations

A Category-Based Model for ABAC

Intuitive Security Policy Configuration in Mobile Devices Using Context Profiling

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations