research-article

User controllable security and privacy for mobile mashups

Authors:

Shruthi Adappa,

Vikas Agarwal,

Sunil Goyal,

Ponnurangam Kumaraguru,

Sumit MittalAuthors Info & Claims

HotMobile '11: Proceedings of the 12th Workshop on Mobile Computing Systems and Applications

Pages 35 - 40

https://doi.org/10.1145/2184489.2184498

Published: 01 March 2011 Publication History

Get Access

Abstract

A new paradigm in the domain of mobile applications is 'mobile mashups', where Web content rendered on a mobile browser is amalgamated with data and features available on the device, such as user location, calendar information and camera. Although a number of frameworks exist that enable creation and execution of mobile mashups, they fail to address a very important issue of handling security and privacy considerations of a mobile user. In this paper, we characterize the nature of access control required for utilizing device features in a mashup setting; design a security and privacy middleware based on the well known XACML policy language; and describe how the middleware enables a user to easily control usage of device features. Implementation-wise, we realize our middleware on Android platform (but easily generalizable to other platforms), integrate it with an existing mashup framework, and demonstrate its utility through an e-commerce mobile mashup.

References

[1]

V. Agarwal, S. Goyal, S. Mittal, S. Mukherjea, J. Ponzo, and F. Shah. Towards Enabling Next Generation Mobile Mashups. In Proceedings of the 7th International ICST Conference on Mobile and Ubiquitous Systems, Dec 2010.

Google Scholar

[2]

R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. An XPath-based Preference Language for P3P. In WWW '03: Proceedings of the 12th international conference on World Wide Web, pages 629--639, New York, NY, USA, 2003.

Digital Library

Google Scholar

[3]

A. Barth and J. C. Mitchell. Conflict and Combination in Privacy Policy Languages. In Proceedings of the 2004 ACM Workshop on Privacy in the Electronic Society, 2004.

Digital Library

Google Scholar

[4]

L. Cranor, M. Langheinrich, M. Marchiori, M. Presler-Marshall, and J. Reagle. The Platform for Privacy Preferences 1.0 (P3P1.0) Specification. April 2002. http://www.w3.org/TR/P3P/.

Google Scholar

[5]

W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In Proceedings of the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI), October 2010.

Digital Library

Google Scholar

[6]

S. K. Ghai, P. Nigam, and P. Kumaraguru. Cue: A Framework for Generating Meaningful Feedback in XACML. 3rd ACM Workshop on Assurable & Usable Security Configuration (in conjunction with CCS 2010), October 2010.

Digital Library

Google Scholar

[7]

M. Hypponen. Malware Goes Mobile. Scientific American, November 2006.

Crossref

Google Scholar

[8]

P. Kumaraguru, L. Cranor, J. Lobo, and S. Calo. A survey of privacy policy languages. Workshop on Usable IT Security Management (USM '07) at Symposium On Usable Privacy and Security '07, 2007.

Google Scholar

[9]

E. M. Maximilien. Mobile Mashups: Thoughts, Directions, and Challenges. International Conference on Semantic Computing, pages 597--600, 2008.

Digital Library

Google Scholar

[10]

T. Moses. eXtensible Access Control Markup Language (XACML) Version 2.0. Technical report, Oasis, 2004. http://xml.coverpages.org/XACMLv20CD-CoreSpec.pdf.

Google Scholar

[11]

N. Sadeh, J. Hong, L. Cranor, I. Fette, P. Kelley, M. Prabaker, and J. Rao. Understanding and Capturing People's Privacy Policies in a Mobile Social Networking Application. Journal of Personal and Ubiquitous Computing, 13(6), August 2009.

Digital Library

Google Scholar

Cited By

View all

Shehab MAlJarrah AAbadi ADig DTilevich E(2014)Reducing Attack Surface on Cordova-based Hybrid Mobile AppsProceedings of the 2nd International Workshop on Mobile Development Lifecycle10.1145/2688412.2688417(1-8)Online publication date: 21-Oct-2014
https://dl.acm.org/doi/10.1145/2688412.2688417
Kodeswaran PNandakumar VKapoor SKamaraju PJoshi AMukherjea S(2012)Securing Enterprise Data on Smartphones Using Run Time Information Flow ControlProceedings of the 2012 IEEE 13th International Conference on Mobile Data Management (mdm 2012)10.1109/MDM.2012.50(300-305)Online publication date: 23-Jul-2012
https://dl.acm.org/doi/10.1109/MDM.2012.50
Agarwal VGoyal SMittal SMukherjea SPonzo JShah F(2012)Towards Enabling Next Generation Mobile MashupsMobile and Ubiquitous Systems: Computing, Networking, and Services10.1007/978-3-642-29154-8_2(13-25)Online publication date: 2012
https://doi.org/10.1007/978-3-642-29154-8_2

Recommendations

Mobile app recommendations with security and privacy awareness
KDD '14: Proceedings of the 20th ACM SIGKDD international conference on Knowledge discovery and data mining

With the rapid prevalence of smart mobile devices, the number of mobile Apps available has exploded over the past few years. To facilitate the choice of mobile Apps, existing mobile App recommender systems typically recommend popular mobile Apps to ...
Securing Mobile Mashups with SCCM
TRUSTCOM '13: Proceedings of the 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications

Today, creation of basic mobile widget mashups is a straightforward task. However, designing mobile mashups that are actually secure to use remains very challenging. In this paper, we discuss the security risks introduced by mobile mashups and then ...
A middleware for securing mobile mashups
WWW '11: Proceedings of the 20th international conference companion on World wide web

Mashups on traditional desktop devices are a well-known source of security risks. In this paper, we examine how these risks translate to mobile mashups and identify new risks caused by mobile-specific characteristics such as access to device features or ...

Comments

Information & Contributors

Information

Published In

HotMobile '11: Proceedings of the 12th Workshop on Mobile Computing Systems and Applications

March 2011

103 pages

ISBN:9781450306492

DOI:10.1145/2184489

General Chair:
Anthony Lamarca
Intel Research
,
Program Chair:
Landon Cox
Duke University

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 March 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

HotMobile '11

Sponsor:

SIGMOBILE

HotMobile '11: 12th Workshop on Mobile Computing Systems and Applications

March 1 - 2, 2011

Arizona, Phoenix

Acceptance Rates

Overall Acceptance Rate 96 of 345 submissions, 28%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
240
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 02 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Shehab MAlJarrah AAbadi ADig DTilevich E(2014)Reducing Attack Surface on Cordova-based Hybrid Mobile AppsProceedings of the 2nd International Workshop on Mobile Development Lifecycle10.1145/2688412.2688417(1-8)Online publication date: 21-Oct-2014
https://dl.acm.org/doi/10.1145/2688412.2688417
Kodeswaran PNandakumar VKapoor SKamaraju PJoshi AMukherjea S(2012)Securing Enterprise Data on Smartphones Using Run Time Information Flow ControlProceedings of the 2012 IEEE 13th International Conference on Mobile Data Management (mdm 2012)10.1109/MDM.2012.50(300-305)Online publication date: 23-Jul-2012
https://dl.acm.org/doi/10.1109/MDM.2012.50
Agarwal VGoyal SMittal SMukherjea SPonzo JShah F(2012)Towards Enabling Next Generation Mobile MashupsMobile and Ubiquitous Systems: Computing, Networking, and Services10.1007/978-3-642-29154-8_2(13-25)Online publication date: 2012
https://doi.org/10.1007/978-3-642-29154-8_2

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Recommendations

Mobile app recommendations with security and privacy awareness

Securing Mobile Mashups with SCCM

A middleware for securing mobile mashups

Comments

Information

Published In

Sponsors

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations