Capturing policies for fine-grained access control on mobile devices

Thumbnail Image

Files

828.pd.pdf (1.5 MB)

Links to Files

https://ieeexplore.ieee.org/document/7809692

Permanent Link

10.1109/CIC.2016.021
 http://hdl.handle.net/11603/11580

Collections

UMBC Computer Science and Electrical Engineering Department
UMBC Faculty Collection
UMBC Student Collection

Author/Creator

Author/Creator ORCID

Date

2016-11-01

Type of Work

conference paper pre-print
Text

Department

Program

Citation of Original Publication

Prajit Kumar Das, Anupam Joshi, Tim Finin, Capturing policies for fine-grained access control on mobile devices, 01 Nov 2016, DOI: 10.1109/CIC.2016.021

Rights

This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
© 2016 IEEE

Subjects

Context
Androids
Context modeling
Access control
Measurement
mobile computing
semantic Web
data privacy
MITHRIL
policy violation metric
UMBC Ebiquity Research Group

Abstract

As of 2016, there are more mobile devices than humans on earth. Today, mobile devices are a critical part of our lives and often hold sensitive corporate and personal data. As a result, they are a lucrative target for attackers, and managing data privacy and security on mobile devices has become a vital issue. Existing access control mechanisms in most devices are restrictive and inadequate. They do not take into account the context of a device and its user when making decisions. In many cases, the access granted to a subject should change based on the context of a device. Such fine-grained, context-sensitive access control policies have to be personalized too. In this paper, we present a system i.e. Mithril that uses policies represented in Semantic Web technologies and captured using user feedback, to handle access control on mobile devices. We present an iterative feedback process to capture user specific policy. We also present a policy violation metric that allows us to decide when the capture process is complete.