论文信息 - User controllable security and privacy for mobile mashups

User controllable security and privacy for mobile mashups

A new paradigm in the domain of mobile applications is 'mobile mashups', where Web content rendered on a mobile browser is amalgamated with data and features available on the device, such as user location, calendar information and camera. Although a number of frameworks exist that enable creation and execution of mobile mashups, they fail to address a very important issue of handling security and privacy considerations of a mobile user. In this paper, we characterize the nature of access control required for utilizing device features in a mashup setting; design a security and privacy middleware based on the well known XACML policy language; and describe how the middleware enables a user to easily control usage of device features. Implementation-wise, we realize our middleware on Android platform (but easily generalizable to other platforms), integrate it with an existing mashup framework, and demonstrate its utility through an e-commerce mobile mashup.

Vikas Agarwal | Sumit Mittal | Ponnurangam Kumaraguru | Sunil Goyal | Shruthi Adappa

[1] Byung-Gon Chun,et al. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[2] Lorrie Faith Cranor,et al. Understanding and capturing people’s privacy policies in a mobile social networking application , 2009, Personal and Ubiquitous Computing.

[3] Ramakrishnan Srikant,et al. An XPath-based preference language for P3P , 2003, WWW '03.

[4] Jorge Lobo,et al. A Survey of Privacy Policy Languages , 2007 .

[5] Lorrie Faith Cranor,et al. The platform for privacy preferences , 1999, CACM.

[6] E. Michael Maximilien,et al. Mobile Mashups: Thoughts, Directions, and Challenges , 2008, 2008 IEEE International Conference on Semantic Computing.

[7] John C. Mitchell,et al. Conflict and combination in privacy policy languages , 2004, WPES '04.

[8] Mikko Hypponen,et al. Malware goes mobile. , 2006, Scientific American.

[9] Tim Moses,et al. EXtensible Access Control Markup Language (XACML) version 1 , 2003 .

[10] Marc Langheinrich,et al. The platform for privacy preferences 1.0 (p3p1.0) specification , 2002 .

[11] Sougata Mukherjea,et al. Towards Enabling Next Generation Mobile Mashups , 2010, MobiQuitous.

[12] Ponnurangam Kumaraguru,et al. Cue: a framework for generating meaningful feedback in XACML , 2010, SafeConfig '10.