Security: for ubiquitous computing
Security: for ubiquitous computing
Zero-interaction authentication
Proceedings of the 8th annual international conference on Mobile computing and networking
The Ponder Policy Specification Language
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
Information voyeurism: social impact of physically large displays on information privacy
CHI '03 Extended Abstracts on Human Factors in Computing Systems
PERCOMW '04 Proceedings of the Second IEEE Annual Conference on Pervasive Computing and Communications Workshops
Finite State Transducers for Policy Evaluation and Conflict Resolution
POLICY '04 Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks
Protecting applications with transient authentication
Proceedings of the 1st international conference on Mobile systems, applications and services
SSYM'00 Proceedings of the 9th conference on USENIX Security Symposium - Volume 9
Hi-index | 0.00 |
The ubiquitous computing vision brings about a number of information security and privacy challenges, some of which we already face in the mobile computing arena. This work focuses on a context-specific class of information leakage threats not involving a malicious custodian. Information exposure threats arise as a side effect of a particular choice of data management procedures employed during legitimate information use or possession in a specific context. They affect, in different forms, information throughout its lifetime in a ubiquitous computing environment. To maximize information availability, and thus its value to user, under unpredictably varying threat models, we depart form static and inflexible approaches to secure data management to provide for continuous and adaptive information exposure protection. We outline a means of structured reasoning about information exposure and introduce a metric for its quantification. An approach to threat mitigating information management operations discrimination based on information utility change is also presented. To unify the introduced concepts into a coherent big picture we form a Levels of Exposure model. On the implementation side, we overview a type aware, sub-file granularity data repository system that meets the requirements implied in the paper.