A Context-aware Adaptive Security Framework for Mobile Applications

Mobile devices currently offer many value-added applications and services such as messaging, navigation, social networking, finance, and entertainment. As these mobile applications have access to users' personal information and are capable of gathering and transmitting trust sensitive information, posing security and privacy risks. In this paper, we propose a context-aware adaptive security framework for eliciting users' context information and adapting this information with mobile applications' network access control mechanism. The framework enforces the execution of mobile applications inside security incubators to control the communication between mobile applications and mobile device resources. Applications' access requests are analyzed based on user's context information collected from the mobile device sensors and the application security configuration.

[1]  Ashok K. Agrawala,et al.  A Framework for Shrink-Wrapping Security Services , 2010, 2010 IEEE International Conference on Services Computing.

[2]  Anand R. Tripathi,et al.  Context-aware role-based access control in pervasive computing systems , 2008, SACMAT '08.

[3]  Lorrie Faith Cranor,et al.  "Little brothers watching you": raising awareness of data leaks on smartphones , 2013, SOUPS.

[4]  Ian Oakley,et al.  CASA: context-aware scalable authentication , 2013, SOUPS.

[5]  Lorrie Faith Cranor,et al.  Privacy as part of the app decision-making process , 2013, CHI.

[6]  Thomas L. Saaty,et al.  Decision Making for Leaders: The Analytical Hierarchy Process for Decisions in a Complex World , 1982 .

[7]  Ralph E. Steuer,et al.  Multiple Criteria Decision Making, Multiattribute Utility Theory: The Next Ten Years , 1992 .

[8]  N. Asokan,et al.  Intuitive Security Policy Configuration in Mobile Devices Using Context Profiling , 2012, 2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Confernece on Social Computing.

[9]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[10]  张吟,et al.  Contact and Friction of One- and Two-Dimensional Nanostructures , 2013 .

[11]  Giuseppe F. Italiano,et al.  SecureMyDroid: enforcing security in the mobile devices lifecycle , 2010, CSIIRW '10.

[12]  Paul Jen-Hwa Hu,et al.  A Web-based personalized recommendation system for mobile phone selection: Design, implementation, and evaluation , 2010, Expert Syst. Appl..

[13]  George D. Magoulas,et al.  Context-Dependent Personalised Feedback Prioritisation in Exploratory Learning for Mathematical Generalisation , 2009, UMAP.

[14]  Neeli R. Prasad,et al.  Adaptive Security Architecture based on EC-MQV Algorithm in Personal Network (PN) , 2007, 2007 Fourth Annual International Conference on Mobile and Ubiquitous Systems: Networking & Services (MobiQuitous).

[15]  E. Rosenbloom A probabilistic interpretation of the final rankings in AHP , 1997 .

[16]  Mauro Conti,et al.  CRePE: Context-Related Policy Enforcement for Android , 2010, ISC.

[17]  Liang Gu,et al.  Context-Aware Usage Control for Android , 2010, SecureComm.

[18]  Yu Cheng,et al.  A Context-Aware Semantic-Based Access Control Model for Mobile Web Services , 2011, CSIE 2011.

[19]  Seungyeop Han,et al.  These aren't the droids you're looking for: retrofitting android to protect data from imperious applications , 2011, CCS '11.

[20]  Hidetoshi Nonaka,et al.  A Proposal of Context-Aware Service Composition Method Based on Analytic Hierarchy Process , 2009 .

[21]  Per Persson,et al.  Nokia sensor: from research to product , 2005, DUX '05.