capturing policies for fine-grained access control on mobile devices
TRANSCRIPT
![Page 1: Capturing policies for fine-grained access control on mobile devices](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5880d7051a28ab9c3a8b6361/html5/thumbnails/1.jpg)
Capturing policies for fine grained access control
on mobile devicesPRAJIT KUMAR DAS, ANUPAM JOSHI, TIM FININ
UMBC ebiquity lab
![Page 2: Capturing policies for fine-grained access control on mobile devices](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5880d7051a28ab9c3a8b6361/html5/thumbnails/2.jpg)
2
We present MITHRIL, a framework for capturing user access control policies that are fine-grained, context-sensitive and are represented using Semantic Web technologies and thereby manages access control decisions for user data on mobile devices.
Motivation
Android image source courtesy: Aha-Soft
![Page 3: Capturing policies for fine-grained access control on mobile devices](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5880d7051a28ab9c3a8b6361/html5/thumbnails/3.jpg)
3
Related Work• Policy Engineering: Requires substantial technical
knowledge, understanding of access control issues (Feltus’08)
• Most people are ‘Privacy Pragmatists’ (Kumaraguru’05)• Convergence of Enterprise usage and personal usage due
to BYOD adoption (Kodeswaran, Chakraborty et. al.’13)• Users unsure of policy (Benisch, Sadeh’11) • Privacy profiles used for user preferences (Liu et. al.’14)
![Page 4: Capturing policies for fine-grained access control on mobile devices](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5880d7051a28ab9c3a8b6361/html5/thumbnails/4.jpg)
4
Image courtesy: Android App Market
![Page 5: Capturing policies for fine-grained access control on mobile devices](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5880d7051a28ab9c3a8b6361/html5/thumbnails/5.jpg)
5
Image courtesy: Android App Market
![Page 6: Capturing policies for fine-grained access control on mobile devices](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5880d7051a28ab9c3a8b6361/html5/thumbnails/6.jpg)
6
Image courtesy: Android App Market
![Page 7: Capturing policies for fine-grained access control on mobile devices](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5880d7051a28ab9c3a8b6361/html5/thumbnails/7.jpg)
7
Contributions MITHRIL has three key contributions• Policy representation• Expressing policy rules: extensible & expressive
semantic model• RDF/OWL allows easy reuse/integration with concepts
from DBpedia, Linked Data, schema.org,etc.• User-preferred & specific policy capture• Policy enforcement
![Page 8: Capturing policies for fine-grained access control on mobile devices](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5880d7051a28ab9c3a8b6361/html5/thumbnails/8.jpg)
System overview Observer mode
8
![Page 9: Capturing policies for fine-grained access control on mobile devices](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5880d7051a28ab9c3a8b6361/html5/thumbnails/9.jpg)
System overview Enforcer mode
9
![Page 10: Capturing policies for fine-grained access control on mobile devices](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5880d7051a28ab9c3a8b6361/html5/thumbnails/10.jpg)
System overview Enforcer mode
10
![Page 11: Capturing policies for fine-grained access control on mobile devices](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5880d7051a28ab9c3a8b6361/html5/thumbnails/11.jpg)
• Semantic Web Rule Language• antecedent => consequent• Attribute-Based Access Control model• Context pieces as attributes
Rule representation
11
![Page 12: Capturing policies for fine-grained access control on mobile devices](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5880d7051a28ab9c3a8b6361/html5/thumbnails/12.jpg)
12
Rule representationA1: RequesterInfo = Facebook &A2: UserActivity = Work &A3: UserLocation = Office &A4: UserTime = Working hours on Week day &A5: ProtectedResource = Location->C1: Prohibit
When at work Professors do not share their location in FB
Image courtesy: www.phdcomics.com
![Page 13: Capturing policies for fine-grained access control on mobile devices](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5880d7051a28ab9c3a8b6361/html5/thumbnails/13.jpg)
13
Image courtesy: www.phdcomics.com
Generic Rule: Professors do not share their location on FB
During lunch Professor Smith shares locationThis is Prof. Smith. He likes to check in to FB
during lunch.
Rule learning
![Page 14: Capturing policies for fine-grained access control on mobile devices](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5880d7051a28ab9c3a8b6361/html5/thumbnails/14.jpg)
When out to lunch Professor Smith shares location with students if he has lunch scheduled with them
and he is in town
14
Rule Learning – User Feedback Capture
![Page 15: Capturing policies for fine-grained access control on mobile devices](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5880d7051a28ab9c3a8b6361/html5/thumbnails/15.jpg)
Image courtesy: www.phdcomics.com
15
This is Prof. Smith.
Good policy
The system either knows all his policies or it does not!
Violation Metric
![Page 16: Capturing policies for fine-grained access control on mobile devices](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5880d7051a28ab9c3a8b6361/html5/thumbnails/16.jpg)
Image courtesy: www.phdcomics.com
16
Bad policy
The system either knows all his policies or it does not!
Violation Metric
![Page 17: Capturing policies for fine-grained access control on mobile devices](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5880d7051a28ab9c3a8b6361/html5/thumbnails/17.jpg)
False violation: Use cases• Rule requires• Deletion• Antecedent generalization• Antecedent specialization• Delete conditions• Add conditions
17
![Page 18: Capturing policies for fine-grained access control on mobile devices](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5880d7051a28ab9c3a8b6361/html5/thumbnails/18.jpg)
ExperimentalResults
18
Consistent feedback
![Page 19: Capturing policies for fine-grained access control on mobile devices](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5880d7051a28ab9c3a8b6361/html5/thumbnails/19.jpg)
19
Emulating XPrivacy
Source: http://www.xprivacy.eu/License: GNU General Public License version 3
![Page 20: Capturing policies for fine-grained access control on mobile devices](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5880d7051a28ab9c3a8b6361/html5/thumbnails/20.jpg)
20
Future Work• More experiments validating violation metric• Finer granularity capture of policy violation• Possible predictive model for policy generation• Using machine learning to generate policies• Inducing policy using logic programming
![Page 21: Capturing policies for fine-grained access control on mobile devices](https://reader035.vdocuments.mx/reader035/viewer/2022070514/5880d7051a28ab9c3a8b6361/html5/thumbnails/21.jpg)
21
ConclusionWe presented MITHRIL• Framework for capturing ABAC access control
policies• User-preferred & specific policy capture• Fine-grained, context-sensitive• Uses Semantic Web technologies• Policy enforcement
UMBC ebiquity lab