A Recommender-Based System for Assisting Non-technical Users in Managing Android Permissions
作者: Arnaud Oglaza , Romain Laborde , Abdelmalek Benzekri , Francois Barrere
DOI: 10.1109/ARES.2016.54
关键词: Management system 、 Access control 、 World Wide Web 、 XACML 、 Recommender system 、 Computer science 、 Android (operating system) 、 Permission 、 Scalability 、 Computer security 、 Mobile device
摘要: Today, permissions management solutions on mobile devices employ Identity Based Access Control (IBAC) models. If this approach was suitable when people had only a few games (like Snake or Tetris) installed their phones, the current situation is different. A survey from Google in 2013 showed that, average, US users have 33 applications Android smartphones. As result, these must manage hundreds of to protect privacy. Scalability IBAC well-known issue and many more advanced access control models introduced abstractions cope with problem. However, such are complex handle by non-technical users. Thus, we present permission system for that 1) learns users' privacy preferences, 2) proposes them abstract authorization rules, 3) provides features high-level rules. We prove efficient than comparing it Privacy Guard Manager.
archives-ouvertes.fr
sci-hub.se 参考文章(16)
Nations Unies, Déclaration universelle des droits de l'homme ,(1948)
Bahman Rashidi, Carol Fung, Tam Vu, Dude, ask the experts!: Android resource access permission recommendation with RecDroid integrated network management. pp. 296- 304 ,(2015) , 10.1109/INM.2015.7140304
Yury Zhauniarovich, Giovanni Russello, Mauro Conti, Bruno Crispo, Earlence Fernandes, MOSES: Supporting and Enforcing Security Profiles on Smartphones IEEE Transactions on Dependable and Secure Computing. ,vol. 11, pp. 211- 223 ,(2014) , 10.1109/TDSC.2014.2300482
Qun Ni, Elisa Bertino, Jorge Lobo, Carolyn Brodie, Clare-Marie Karat, John Karat, Alberto Trombeta, Privacy-aware role-based access control ACM Transactions on Information and System Security. ,vol. 13, pp. 1- 31 ,(2010) , 10.1145/1805974.1805980
Bernard Stepien, Amy Felty, Stan Matwin, A non-technical XACML target editor for dynamic access control systems collaboration technologies and systems. pp. 150- 157 ,(2014) , 10.1109/CTS.2014.6867558
Valerio Arena, Vincenzo Catania, Giuseppe La Torre, Salvatore Monteleone, Fabio Ricciato, SecureDroid: An Android security framework extension for context-aware policy enforcement 2013 International Conference on Privacy and Security in Mobile Systems (PRISMS). pp. 1- 8 ,(2013) , 10.1109/PRISMS.2013.6927185
M. Conti, B. Crispo, E. Fernandes, Y. Zhauniarovich, CRêPE: A System for Enforcing Fine-Grained Context-Related Policies on Android IEEE Transactions on Information Forensics and Security. ,vol. 7, pp. 1426- 1438 ,(2012) , 10.1109/TIFS.2012.2204249
Arnaud Oglaza, Pascale Zarate, Romain Laborde, KAPUER: A Decision Support System for Privacy Policies Specification Annals of Data Science. ,vol. 1, pp. 369- 391 ,(2014) , 10.1007/S40745-014-0027-3
Arnaud Oglaza, Romain Laborde, Pascale Zarate, Authorization Policies: Using Decision Support System for Context-Aware Protection of User's Private Data 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications. pp. 1639- 1644 ,(2013) , 10.1109/TRUSTCOM.2013.202
Ravi Sandhu, David Ferraiolo, Richard Kuhn, The NIST model for role-based access control: towards a unified standard Proceedings of the fifth ACM workshop on Role-based access control. pp. 47- 63 ,(2000) , 10.1145/344287.344301