Intuitive Security Policy Configuration in Mobile Devices Using Context Profiling

Configuring access control policies in mobile devices can be quite tedious and unintuitive for users. Software designers attempt to address this problem by setting up default policy configurations. But such global defaults may not be sensible for all users. Modern smart phones are capable of sensing a variety of information about the surrounding environment like Bluetooth devices, WiFi access points, temperature, ambient light, sound and location coordinates. We conjecture that profiling this type of contextual information can be used to infer the familiarity and safety of a context and aid in access control decisions. We propose a context profiling framework and describe device locking as an example application where the locking timeout and unlocking method are dynamically decided based on the perceived safety of current context. We report on using datasets from a large scale smart phone data collection campaign to select parameters for the context profiling framework. We also describe a prototype implementation on a smart phone platform. More generally, we hope that our example design and implementation spurs further research on the notion of using context profiling towards automating security policy decisions and identify other applications.

[1]  Mauro Conti,et al.  CRePE: Context-Related Policy Enforcement for Android , 2010, ISC.

[2]  Klara Nahrstedt,et al.  Jyotish: A novel framework for constructing predictive model of people movement from joint Wifi/Bluetooth trace , 2011, 2011 IEEE International Conference on Pervasive Computing and Communications (PerCom).

[3]  D. Gática-Pérez,et al.  Towards rich mobile phone datasets: Lausanne data collection campaign , 2010 .

[4]  Lorrie Faith Cranor,et al.  User-controllable learning of security and privacy policies , 2008, AISec '08.

[5]  Shashi Shekhar,et al.  Discovering personally meaningful places: An interactive clustering approach , 2007, TOIS.

[6]  N. Henstridge Rates of Return on Physical and Human Capital in Africa ' s Manufacturing Sector , 1997 .

[7]  Scott P. Robertson,et al.  Proceedings of the SIGCHI Conference on Human Factors in Computing Systems , 1991 .

[8]  W. Keith Edwards,et al.  Security automation considered harmful? , 2008, NSPW '07.

[9]  George Danezis Inferring privacy policies for social networking services , 2009, AISec '09.

[10]  Ali A. Ghorbani,et al.  Familiarity and Trust: Measuring Familiarity with a Web Site , 2004, PST.

[11]  Eric Paulos,et al.  The familiar stranger: anxiety, comfort, and play in public places , 2004, CHI.

[12]  Jacob Beal,et al.  Cognitive security for personal devices , 2008, AISec '08.

[13]  N. Asokan,et al.  Using context-profiling to aid access control decisions in mobile devices , 2011, 2011 IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops).

[14]  Markus Jakobsson,et al.  Implicit authentication for mobile devices , 2009 .

[15]  Sourav Bhattacharya,et al.  Identifying Meaningful Places: The Non-parametric Way , 2009, Pervasive.

[16]  Abigail Barr,et al.  Familiarity and trust: an experimental investigation , 1999 .

[17]  W. Keith Edwards,et al.  Intelligibility and Accountability: Human Considerations in Context-Aware Systems , 2001, Hum. Comput. Interact..