Context-centric security
作者: Krste Asanović , Mohit Tiwari , Dawn Song , Elaine Shi , Prashanth Mohan
DOI:
关键词:
摘要: Users today are unable to use the rich collection of third-party untrusted applications without risking significant privacy leaks. In this paper, we argue that current and proposed data-centric security policies do not map well users' expectations privacy. eyes a user, peripheral devices exist merely provide functionality should have no place in controlling Moreover, most users cannot handle intricate dealing with system concepts such as labeling data, application permissions virtual machines. Not only impenetrable users, they also lead problems privilege-escalation attacks implicit information leaks. Our key insight is naturally associate data real-world events, want control access at level human contacts. We introduce Bubbles, context-centric explicitly captures user's desires by allowing contact lists clustered events. Bubbles infers information-flow rules from these simple access-control enable secure on data. We new programming model for allows them be functional while still upholding policies. evaluate model's usability porting an existing medical writing calendar app scratch. Finally, show design our prototype running Android uses bubbles automatically infer all dangerous any user intervention. prevents Android-style permission escalation requiring specify complex flow rules.
berkeley.edu参考文章(18)
Dan Boneh, Solon Barocas, Helen Nissenbaum, Arvind Narayanan, Vincent Toubiana, Adnostic: Privacy Preserving Targeted Advertising. network and distributed system security symposium. ,(2010)
Martin C. Brown, Cherie Plumlee, Beos Porting UNIX Applications ,(1998)
Adrienne Porter Felt, Kate Greenwood, David Wagner, The effectiveness of application permissions usenix conference on web application development. pp. 7- 7 ,(2011)
Matthew Johnson, Frank Stajano, Implementing a multi-hat PDA international workshop on security. pp. 295- 307 ,(2005) , 10.1007/978-3-540-77156-2_37
Julian Seifert, Alexander De Luca, Bettina Conradi, Heinrich Hussmann, TreasurePhone: Context-Sensitive User Data Protection on Mobile Phones Lecture Notes in Computer Science. pp. 130- 137 ,(2010) , 10.1007/978-3-642-12654-3_8
Dave King, Boniface Hicks, Michael Hicks, Trent Jaeger, Implicit Flows: Can't Live with `Em, Can't Live without `Em international conference on information systems security. pp. 56- 70 ,(2008) , 10.1007/978-3-540-89862-7_4
Helen Nissenbaum, Privacy in Context American Behavioral Scientist. ,vol. 58, ,(2009) , 10.1515/9780804772891
William Enck, Patrick McDaniel, Jaeyeon Jung, Byung-Gon Chun, Peter Gilbert, Anmol N. Sheth, Landon P. Cox, TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones operating systems design and implementation. pp. 393- 407 ,(2010) , 10.5555/1924943.1924971
Youngki Lee, S. S. Iyengar, Chulhong Min, Younghyun Ju, Seungwoo Kang, Taiwoo Park, Jinwon Lee, Yunseok Rhee, Junehwa Song, MobiCon Communications of the ACM. ,vol. 55, pp. 54- 65 ,(2012) , 10.1145/2093548.2093567
Erving Goffman, The Presentation of Self in Everyday Life ,(1959)