Towards security policy decisions based on context profiling

  • Authors:

  • Markus Miettinen;N. Asokan

  • Affiliations:

  • Nokia Research Center, Helsinki, Finland;Nokia Research Center, Helsinki, Finland

  • Venue:
  • Proceedings of the 3rd ACM workshop on Artificial intelligence and security
  • Year:
  • 2010

Quantified Score

Hi-index 0.00

Visualization

Abstract

With the increasing popularity of personal mobile devices like smartphones, more and more ordinary users create and consume valuable, private and sensitive data such as photos, videos, messages, documents as well as access credentials for various resources and services. Without proper access control policies, such data may be disclosed in ways that the user did not intend. Although various applications and services support the possibility of fine-grained security and privacy policies, end users are not capable of understanding or adjusting the policies to suit their needs. In this position paper we argue that context information can be used to infer likely access control policies. We motivate by briefly describing three usage scenarios where context related to the location of a device can be used to set access control policies. We argue that a simple measure like the "familiarity" of a device and/or context can be calculated and used to infer appropriate policy settings. Finally, we report on our experience in using context observations collected from the devices of two test participants over a period of time.