Android permissions: user attention, comprehension, and behavior
Proceedings of the Eighth Symposium on Usable Privacy and Security
Measuring and fingerprinting click-spam in ad networks
Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communication
Clickjacking: attacks and defenses
Security'12 Proceedings of the 21st USENIX conference on Security symposium
AdSplit: separating smartphone advertising from applications
Security'12 Proceedings of the 21st USENIX conference on Security symposium
HotSec'12 Proceedings of the 7th USENIX conference on Hot Topics in Security
HotSec'12 Proceedings of the 7th USENIX conference on Hot Topics in Security
Measuring and fingerprinting click-spam in ad networks
ACM SIGCOMM Computer Communication Review - Special october issue SIGCOMM '12
User interface toolkit mechanisms for securing interface elements
Proceedings of the 25th annual ACM symposium on User interface software and technology
I've got 99 problems, but vibration ain't one: a survey of smartphone users' concerns
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Short paper: enhancing mobile application permissions with runtime feedback and constraints
Proceedings of the second ACM workshop on Security and privacy in smartphones and mobile devices
Proceedings of the third ACM conference on Data and application security and privacy
Tap-Wave-Rub: lightweight malware prevention for smartphones using intuitive human gestures
Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks
ScreenPass: secure password entry on touchscreen devices
Proceeding of the 11th annual international conference on Mobile systems, applications, and services
Embassies: radically refactoring the web
nsdi'13 Proceedings of the 10th USENIX conference on Networked Systems Design and Implementation
Operating system support for augmented reality applications
HotOS'13 Proceedings of the 14th USENIX conference on Hot Topics in Operating Systems
Proceedings of the Ninth Symposium on Usable Privacy and Security
POSTER: TouchCtrl: fine-grained access control for collaborative environments
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Preventing accidental data disclosure in modern operating systems
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
ViceROI: catching click-spam in search ad networks
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Content-based isolation: rethinking isolation policy design on client systems
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Protecting sensitive web content from client-side vulnerabilities with CRYPTONS
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Securing embedded user interfaces: Android and beyond
SEC'13 Proceedings of the 22nd USENIX conference on Security
Enabling fine-grained permissions for augmented reality applications with recognizers
SEC'13 Proceedings of the 22nd USENIX conference on Security
Jekyll on iOS: when benign apps become evil
SEC'13 Proceedings of the 22nd USENIX conference on Security
Using ARM trustzone to build a trusted language runtime for mobile applications
Proceedings of the 19th international conference on Architectural support for programming languages and operating systems
RiskMon: continuous and automated risk assessment of mobile applications
Proceedings of the 4th ACM conference on Data and application security and privacy
Compac: enforce component-level access control in android
Proceedings of the 4th ACM conference on Data and application security and privacy
Security and privacy for augmented reality systems
Communications of the ACM
DECAF: detecting and characterizing ad fraud in mobile apps
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
Hi-index | 0.02 |
Modern client platforms, such as iOS, Android, Windows Phone, Windows 8, and web browsers, run each application in an isolated environment with limited privileges. A pressing open problem in such systems is how to allow users to grant applications access to user-owned resources, e.g., to privacy- and cost-sensitive devices like the camera or to user data residing in other applications. A key challenge is to enable such access in a way that is non-disruptive to users while still maintaining least-privilege restrictions on applications. In this paper, we take the approach of user-driven access control, whereby permission granting is built into existing user actions in the context of an application, rather than added as an afterthought via manifests or system prompts. To allow the system to precisely capture permission-granting intent in an application's context, we introduce access control gadgets (ACGs). Each user-owned resource exposes ACGs for applications to embed. The user's authentic UI interactions with an ACG grant the application permission to access the corresponding resource. Our prototyping and evaluation experience indicates that user-driven access control is a promising direction for enabling in-context, non-disruptive, and least-privilege permission granting on modern client platforms.