research-article

ConXsense: automated context classification for context-aware access control

Authors:

Markus Miettinen,

Stephan Heuser,

Ahmad-Reza Sadeghi,

N. AsokanAuthors Info & Claims

ASIA CCS '14: Proceedings of the 9th ACM symposium on Information, computer and communications security

Pages 293 - 304

https://doi.org/10.1145/2590296.2590337

Published: 04 June 2014 Publication History

Abstract

We present ConXsense, the first framework for context-aware access control on mobile devices based on context classification. Previous context-aware access control systems often require users to laboriously specify detailed policies or they rely on pre-defined policies not adequately reflecting the true preferences of users. We present the design and implementation of a context-aware framework that uses a probabilistic approach to overcome these deficiencies. The framework utilizes context sensing and machine learning to automatically classify contexts according to their security and privacy-related properties. We apply the framework to two important smartphone-related use cases: protection against device misuse using a dynamic device lock and protection against sensory malware. We ground our analysis on a sociological survey examining the perceptions and concerns of users related to contextual smartphone security and analyze the effectiveness of our approach with real-world context data. We also demonstrate the integration of our framework with the FlaskDroid architecture for fine-grained access control enforcement on the Android platform.

References

[1]

B. Alan and E. Bell. Business Research Methods. Oxford University Press, Incorporated, 2007.

[2]

G. Bai, L. Gu, T. Feng, Y. Guo, and X. Chen. Context-aware usage control for android. In Security and Privacy in Communication Networks, pages 326--343. Springer, 2010.

[3]

L. Bauer, C. Bravo-Lillo, E. Fragkaki, and W. Melicher. A comparison of users' perceptions of and willingness to use google, facebook, and google+ single sign-on functionality. In Workshop on digital identity management (DIM) in conjunction with the 20th AMC Conference on Computer and Communications Security (ACM CCS 2013), Berlin, Germany, Nov. 2013.

Digital Library

[4]

U. Beck. Risk Society: Towards a New Modernity. Association with Theory, Culture & Society. SAGE Publications, 1992.

[5]

M. Bell and V. Lovich. Apparatus and methods for enforcement of policies upon a wireless device. US. Patent 8254902, Aug. 2012.

[6]

S. Bugiel, L. Davi, A. Dmitrienko, S. Heuser, A.-R. Sadeghi, and B. Shastry. Practical and lightweight domain isolation on android. In 1st ACM workshop on Security and privacy in smartphones and mobile devices, SPSM '11, pages 51--62, New York, NY, USA, 2011. ACM.

Digital Library

[7]

S. Bugiel, S. Heuser, and A.-R. Sadeghi. Flexible and fine-grained mandatory access control on Android for diverse security and privacy policies. In 22nd USENIX Security Symposium (USENIX Security '13). USENIX, 2013.

Digital Library

[8]

L. Cai and H. Chen. Touchlogger: Inferring keystrokes on touch screen from smartphone motion. In 6th USENIX Conference on Hot Topics in Security, HotSec'11, pages 9--9, Berkeley, CA, USA, 2011. USENIX Association.

Digital Library

[9]

C. Camp. The BYOD security challenge: How scary is the iPad, tablet, smartphone surge? WeLiveSecurity Blog post, February 2012.

[10]

S. Cohen and L. Taylor. Escape Attempts: The Theory and Practice of Resistance in Everyday Life. Taylor & Francis, 1992.

[11]

M. Conti, B. Crispo, E. Fernandes, and Y. Zhauniarovich. CR^ePE: A system for enforcing fine-grained context-related policies on android. Information Forensics and Security, IEEE Transactions on, 7(5):1426--1438, 2012.

Digital Library

[12]

M. Covington, P. Fogla, Z. Zhan, and M. Ahamad. A context-aware security architecture for emerging applications. In 18th Annual Computer Security Applications Conference, pages 249 -- 258, 2002.

Digital Library

[13]

M. L. Damiani, E. Bertino, B. Catania, and P. Perlasca. GEO-RBAC: A spatially aware RBAC. ACM Trans. Inf. Syst. Secur., 10(1), Feb. 2007.

Digital Library

[14]

O. Dousse, J. Eberle, and M. Mertens. Place Learning via Direct WiFi Fingerprint Clustering. In IEEE 13th International Conference on Mobile Data Management (MDM), pages 282--287, 2012.

Digital Library

[15]

N. Eagle and A. Pentland. Social serendipity: mobilizing social software. Pervasive Computing, IEEE, 4(2):28--34, 2005.

Digital Library

[16]

W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: an information- ow tracking system for realtime privacy monitoring on smartphones. In 9th USENIX conference on Operating systems design and implementation, OSDI'10, pages 1--6, Berkeley, CA, USA, 2010. USENIX Association.

Digital Library

[17]

A. Gupta, M. Miettinen, N. Asokan, and M. Nagy. Intuitive security policy configuration in mobile devices using context profiling. In International Conference on Privacy, Security, Risk and Trust (PASSAT), and 2012 International Confernece on Social Computing (SocialCom), pages 471--480. IEEE, Sept. 2012.

Digital Library

[18]

M. Hall, E. Frank, G. Holmes, B. Pfahringer, P. Reutemann, and I. H. Witten. The weka data mining software: an update. SIGKDD Explor. Newsl., 11(1):10--18, Nov. 2009.

Digital Library

[19]

E. Hayashi, S. Das, S. Amini, J. Hong, and I. Oakley. CASA: context-aware scalable authentication. In Ninth Symposium on Usable Privacy and Security, SOUPS '13, pages 3:1--3:10, New York, NY, USA, 2013. ACM.

Digital Library

[20]

J. Hoich and M. Hartmann. Mobile Communication in Everyday Life: Ethnographic Views, Observations and Re ections. Frank & Timme, 2006.

[21]

R. Hull, B. Kumar, D. Lieuwen, P. Patel-Schneider, A. Sahuguet, S. Varadarajan, and A. Vyas. Enabling context-aware and privacy-conscious user data sharing. In 2004 IEEE International Conference on Mobile Data Management, pages 187 -- 198, 2004.

[22]

J. H. Kang, W. Welbourne, B. Stewart, and G. Borriello. Extracting places from traces of locations. SIGMOBILE Mob. Comput. Commun. Rev., 9(3):58--68, July 2005.

Digital Library

[23]

P. G. Kelley, P. H. Drielsma, N. M. Sadeh, and L. F. Cranor. User-controllable learning of security and privacy policies. In 1st ACM Workshop on Workshop on AISec, AISec '08, pages 11--18, New York, NY, USA, 2008. ACM.

Digital Library

[24]

A. Madan, M. Cebrian, D. Lazer, and A. Pentland. Social sensing for epidemiological behavior change. In 12th ACM International Conference on Ubiquitous Computing, Ubicomp '10, pages 291--300, New York, NY, USA, 2010. ACM.

Digital Library

[25]

P. Marquardt, A. Verma, H. Carter, and P. Traynor. (sp)iphone: Decoding vibrations from nearby keyboards using mobile phone accelerometers. In 18th ACM Conference on Computer and Communications Security, CCS '11, pages 551--562, New York, NY, USA, 2011. ACM.

Digital Library

[26]

R. Montoliu, J. Blom, and D. Gatica-Perez. Discovering places of interest in everyday life from smartphone data. Multimedia Tools Appl., 62(1):179--207, 2013.

[27]

F. Naini, O. Dousse, P. Thiran, and M. Vetterli. Population size estimation using a few individuals as agents. In 2011 IEEE International Symposium on Information Theory Proceedings (ISIT), pages 2499 -- 2503, July 2011.

[28]

M. Nauman, S. Khan, and X. Zhang. Apex: extending android permission model and enforcement with user-defined runtime constraints. In ACM Symposium on Information, Computer and Communications Security, ASIACCS '10, pages 328--332, New York, NY, USA, 2010. ACM.

Digital Library

[29]

M. Ongtang, S. Mclaughlin, W. Enck, and P. Mcdaniel. Semantically rich application-centric security in android. In 2009 Annual Computer Security Applications Conference, ACSAC '09, 2009.

Digital Library

[30]

E. Owusu, J. Han, S. Das, A. Perrig, and J. Zhang. Accessory: Password inference using accelerometers on smartphones. In Twelfth Workshop on Mobile Computing Systems & Applications, HotMobile '12, pages 9:1--9:6, New York, NY, USA, 2012. ACM.

Digital Library

[31]

O. Riva, C. Qin, K. Strauss, and D. Lymberopoulos. Progressive authentication: deciding when to authenticate on mobile phones. In 21st USENIX Security Symposium, 2012.

Digital Library

[32]

G. Russello, M. Conti, B. Crispo, and E. Fernandes. Moses: supporting operation modes on smartphones. In 17th ACM symposium on Access Control Models and Technologies, SACMAT '12, pages 3--12, New York, NY, USA, 2012. ACM.

Digital Library

[33]

N. Sadeh, J. Hong, L. Cranor, I. Fette, P. Kelley, M. Prabaker, and J. Rao. Understanding and capturing people's privacy policies in a mobile social networking application. Personal and Ubiquitous Computing, 13:401--412, 2009.

Digital Library

[34]

M. Sahami, S. Dumais, D. Heckerman, and E. Horvitz. A bayesian approach to filtering junk e-mail. In Learning for Text Categorization: Papers from the 1998 workshop, volume 62, pages 98--105, 1998.

[35]

R. Sandhu and J. Park. Usage control: A vision for next generation access control. In V. Gorodetsky, L. Popyack, and V. Skormin, editors, Computer Network Security, volume 2776 of Lecture Notes in Computer Science, pages 17--31. Springer Berlin Heidelberg, 2003.

[36]

R. Schlegel, K. Zhang, X. Zhou, M. Intwala, A. Kapadia, and X. Wang. Soundcomber: A stealthy and context-aware sound trojan for smartphones. In Network & Distributed System Security Symposium (NDSS'11), pages 17--33, 2011.

[37]

R. Sennett. The Uses of Disorder: Personal Identity and City Life. Sociology: History. W. W. Norton, Incorporated, 1992.

[38]

R. Siciliano. More than 30% of people don't password protect their mobile devices. McAfee Blog Central, February 2013.

[39]

S. Smalley and R. Craig. Security Enhanced (SE) Android: Bringing Flexible MAC to Android. In Network & Distributed System Security Symposium (NDSS'13). The Internet Society, 2013.

[40]

A. Tashakkori and C. Teddlie. Handbook of Mixed Methods in Social & Behavioral Research. SAGE Publications, 2003.

[41]

C. Teddlie and A. Tashakkori. The Quantitative Tradition: Basic Terminology and two Prototypes, chapter 1, pages 5--6. SAGE Publications, 2009.

[42]

R. Templeman, Z. Rahman, D. Crandall, and A. Kapadia. PlaceRaider: Virtual theft in physical spaces with smartphones. In Network & Distributed System Security Symposium (NDSS'13), Feb. 2013.

[43]

H. Verkasalo. Contextual patterns in mobile service usage. Personal and Ubiquitous Computing, 13(5):331--342, Mar. 2008.

Digital Library

[44]

N. Xu, F. Zhang, Y. Luo, W. Jia, D. Xuan, and J. Teng. Stealthy video capturer: A new video-based spyware in 3G smartphones. In Second ACM Conference on Wireless Network Security, WiSec '09, pages 69--78, New York, NY, USA, 2009. ACM.

Digital Library

[45]

Z. Xu, K. Bai, and S. Zhu. Taplogger: Inferring user inputs on smartphone touchscreens using on-board motion sensors. In 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WISEC '12, pages 113--124, New York, NY, USA, 2012. ACM.

Digital Library

[46]

V. W. Zheng, Y. Zheng, X. Xie, and Q. Yang. Collaborative location and activity recommendations with GPS history data. In M. Rappa, P. Jones, J. Freire, and S. Chakrabarti, editors, 19th International Conference on World Wide Web, pages 1029--1038, New York, NY, USA, 2010. ACM.

Digital Library

Cited By

Chen JHengartner UKhan H(2024)MRAAC: A Multi-stage Risk-aware Adaptive Authentication and Access Control Framework for AndroidACM Transactions on Privacy and Security10.1145/364837227:2(1-30)Online publication date: 15-Feb-2024
https://dl.acm.org/doi/10.1145/3648372
Chen JHengartner UKhan H(2024)SHRIMPS: A framework for evaluating multi-user, multi-modal implicit authentication systemsComputers & Security10.1016/j.cose.2023.103594137(103594)Online publication date: Feb-2024
https://doi.org/10.1016/j.cose.2023.103594
Li FLi HNiu BLi FLi HNiu B(2024)Advances in Privacy Preservation TechnologiesPrivacy Computing10.1007/978-981-99-4943-4_2(17-42)Online publication date: 13-Feb-2024
https://doi.org/10.1007/978-981-99-4943-4_2
Show More Cited By

Index Terms

ConXsense: automated context classification for context-aware access control
1. Security and privacy

Recommendations

Meta-context: putting context-awareness into context
KES'11: Proceedings of the 15th international conference on Knowledge-based and intelligent information and engineering systems - Volume Part II

Context-awareness advances have evidenced novel challenges related to context management and context-awareness usability. Most of these problems can be supported through general context attributes, i.e. properties that describe issues of the context ...
iConAwa - An intelligent context-aware system

Highlights iConAwa is a context-aware and multiagent system. Context-aware systems are suitable for agent-based development. Context and points of interest are modelled in an extensible way by the developed ontology models. Context reasoning provides ...
E-P3P privacy policies and privacy authorization
WPES '02: Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society

Enterprises collect large amounts of personal data from their customers. To ease privacy concerns, enterprises publish privacy statements that outline how data is used and shared. The Platform for Enterprise Privacy Practices (E-P3P) defines a fine-...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIA CCS '14: Proceedings of the 9th ACM symposium on Information, computer and communications security

June 2014

556 pages

ISBN:9781450328005

DOI:10.1145/2590296

General Chair:
Shiho Moriai
NICT, Japan
,
Program Chairs:
Trent Jaeger
Penn State University, USA
,
Kouichi Sakurai
Kyushu University, Japan

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 June 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ASIA CCS '14

Sponsor:

SIGSAC

ASIA CCS '14: 9th ACM Symposium on Information, Computer and Communications Security

June 4 - 6, 2014

Kyoto, Japan

Acceptance Rates

ASIA CCS '14 Paper Acceptance Rate 50 of 255 submissions, 20%;

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

51
Total Citations
View Citations
769
Total Downloads

Downloads (Last 12 months)42
Downloads (Last 6 weeks)4

Reflects downloads up to 12 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Chen JHengartner UKhan H(2024)MRAAC: A Multi-stage Risk-aware Adaptive Authentication and Access Control Framework for AndroidACM Transactions on Privacy and Security10.1145/364837227:2(1-30)Online publication date: 15-Feb-2024
https://dl.acm.org/doi/10.1145/3648372
Chen JHengartner UKhan H(2024)SHRIMPS: A framework for evaluating multi-user, multi-modal implicit authentication systemsComputers & Security10.1016/j.cose.2023.103594137(103594)Online publication date: Feb-2024
https://doi.org/10.1016/j.cose.2023.103594
Li FLi HNiu BLi FLi HNiu B(2024)Advances in Privacy Preservation TechnologiesPrivacy Computing10.1007/978-981-99-4943-4_2(17-42)Online publication date: 13-Feb-2024
https://doi.org/10.1007/978-981-99-4943-4_2
Shi CLi HWang ZLi FYu MGuo Y(2023)Overview of Cross-Domain Access Control2023 IEEE Smart World Congress (SWC)10.1109/SWC57546.2023.10448810(1-8)Online publication date: 28-Aug-2023
https://doi.org/10.1109/SWC57546.2023.10448810
Xiao YVarvello MBianchi GMei A(2022)FIATProceedings of the 18th International Conference on emerging Networking EXperiments and Technologies10.1145/3555050.3569126(156-170)Online publication date: 30-Nov-2022
https://dl.acm.org/doi/10.1145/3555050.3569126
Syed NShah SShaghaghi AAnwar ABaig ZDoss R(2022)Zero Trust Architecture (ZTA): A Comprehensive SurveyIEEE Access10.1109/ACCESS.2022.317467910(57143-57179)Online publication date: 2022
https://doi.org/10.1109/ACCESS.2022.3174679
Yousefnezhad NMalhi AFrämling K(2021)Automated IoT Device Identification Based on Full Packet Information Using Real-Time Network TrafficSensors10.3390/s2108266021:8(2660)Online publication date: 10-Apr-2021
https://doi.org/10.3390/s21082660
Colombo PFerrari ETumer E(2021)Access Control Enforcement in IoT: state of the art and open challenges in the Zero Trust era2021 Third IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA)10.1109/TPSISA52974.2021.00018(159-166)Online publication date: Dec-2021
https://doi.org/10.1109/TPSISA52974.2021.00018
Rafuse MHengartner U(2021)PUPy: A Generalized, Optimistic Context Detection Framework for Implicit Authentication2021 18th International Conference on Privacy, Security and Trust (PST)10.1109/PST52912.2021.9647739(1-10)Online publication date: 13-Dec-2021
https://doi.org/10.1109/PST52912.2021.9647739
Giyosov U(2020)The Concept of Production Capacity and the Basic Types of Resources Used in ProductionBulletin of Science and Practice10.33619/2414-2948/52/336:3(279-288)Online publication date: 15-Mar-2020
https://doi.org/10.33619/2414-2948/52/33
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents