As of 2016, there are more mobile devices than humans on earth. Today, mobile devices are a critical part of our lives and often hold sensitive corporate and personal data. As a result, they are a lucrative target for attackers, and managing data privacy and security on mobile devices has become a vital issue. Existing access control mechanisms in most devices are restrictive and inadequate. They do not take into account the context of a device and its user when making decisions. In many cases, the access granted to a subject should change based on context of a device. Such fine-grained, context-sensitive access control policies have to be personalized too. In this paper, we present the MITHRIL system, that uses policies represented in Semantic Web technologies and captured using user feedback, to handle access control on mobile devices. We present an iterative feedback process to capture user specific policy. We also present a policy violation metric that allows us to decide when the capture process is complete.
Mobile Application Development-Components and Layouts
Capturing policies for fine-grained access control on mobile devices
1. Capturing policies for fine
grained access control
on mobile devices
PRAJIT KUMAR DAS, ANUPAM JOSHI, TIM FININ
UMBC ebiquity lab
2. We present MITHRIL, a framework for
capturing user access control policies that
are fine-grained, context-sensitive and are
represented using Semantic Web
technologies and thereby manages access
control decisions for user data on mobile
devices.
Motivation
Android image source courtesy: Aha-Soft
2
3. Related Work
• Policy Engineering: Requires substantial technical knowledge,
understanding of access control issues (Feltus’08)
• Most people are ‘Privacy Pragmatists’ (Kumaraguru’05)
• Convergence of Enterprise usage and personal usage due to BYOD
adoption (Kodeswaran, Chakraborty et. al.’13)
• Users unsure of policy (Benisch, Sadeh’11)
• Privacy profiles used for user preferences (Liu et. al.’14)
3
11. • Semantic Web Rule Language
• antecedent => consequent
• Attribute-Based Access Control model
• Context pieces as attributes
Rule representation
11
12. Rule representation
A1: RequesterInfo = Facebook &
A2: UserActivity = Work &
A3: UserLocation = Office &
A4: UserTime = Working hours on Week day &
A5: ProtectedResource = Location
->
C1: Prohibit
When at work Professors do not share
their location in FB
Image courtesy: www.phdcomics.com
12
13. Image courtesy: www.phdcomics.comGeneric Rule: Professors do not share their location on FB
During lunch Professor Smith shares location
This is Prof. Smith. He likes to
check in to FB during lunch.
13
Rule learning
14. When out to lunch Professor Smith shares
location with students if he has lunch
scheduled with them and he is in town
14
Rule Learning – User Feedback Capture
20. Future Work
• More experiments validating violation metric
• Finer granularity capture of policy violation
• Possible predictive model for policy generation
• Using machine learning to generate policies
• Inducing policy using logic programming
20
21. Conclusion
We presented MITHRIL
• Framework for capturing ABAC access control policies
• User-preferred & specific policy capture
• Fine-grained, context-sensitive
• Uses Semantic Web technologies
• Policy enforcement
21
UMBC ebiquity lab
Hinweis der Redaktion
Most people are ‘Privacy Pragmatists’ who, while concerned about privacy, will sometimes trade it off for other benefits”
Since the late 1970’s Dr. Alan Westin has conducted over 30 privacy surveys. For each of his surveys, Westin has created one or more Privacy Indexes to summarize his results and to show trends in privacy concerns. One such survey conducted in 2003 concluded that people would trade off privacy when they get other benefits.
As per Westin/Harris Privacy Segmentation Model basic privacy groups are
* fundamentalist: very high privacy concern. Passionate about what they [see] as business threats to their consumer privacy, and [favor] active government regulation of business and information practices
* pragmatist: middle group with balanced privacy attitudes. Ask what benefits they get as consumers in sharing their personal information to balance against risks to their privacy interests, and they usually favor a mixture of government and private solutions.
* unconcerned: little to no concern about consumer privacy issues.
Why should we care?
Apps collect user data
Emails, Messages, Documents, Sensor data – Highly Personal Data
Can’t App permissions handle privacy and security of data?
App permissions – “Take it or leave it”
Is user okay with sharing location in public place not private place, no way to control that
Use Privacy and Security module to implement context-dependent Rules
Why should we care?
Apps collect user data
Emails, Messages, Documents, Sensor data – Highly Personal Data
Can’t App permissions handle privacy and security of data?
App permissions – “Take it or leave it”
Is user okay with sharing location in public place not private place, no way to control that
Use Privacy and Security module to implement context-dependent Rules
Why should we care?
Apps collect user data
Emails, Messages, Documents, Sensor data – Highly Personal Data
Can’t App permissions handle privacy and security of data?
App permissions – “Take it or leave it”
Is user okay with sharing location in public place not private place, no way to control that
Use Privacy and Security module to implement context-dependent Rules
A key idea is expressing policy rules in an extensible and expressive semantic model and RDF/OWL is a good standard to support this
Using RDF/OWL allows easy reuse/integration with concepts from common semantic models, including DBpedia, Linked Data, schema.org, etc.
An access-control policy representation technique using an ontology to model high-level semantic context on a mobile device.
A framework for policy capture and using our VM metric to determine transitional state for MITHRIL.
Access control decision handling and policy enforcement.
Graduate students have a policy P for lunch hour
If location not school don’t share lunch location with people from school
Dan is a graduate student at UMBC
Dan frequently has lunches with professors and students from school
He modifies the policy rule that applies to lunch hours to lunch location shareable if in presence of people from school
Thus we learn the specific policy P′ of Dan (who belongs to Graduate Student Group)
We use an ontology to provide users with contextual options for choosing the conditions of a rule
User feedback app uses feedback algorithm for rule refinement. Choices are to generalize or specialize rules.
VM = TV / (FV + TV)
Transitional marker
VM = TV / (FV + TV)
Transitional marker
VM = TV / (FV + TV)
Transitional marker
The plan is to extend XPrivacy to be able to handle rules defined by us and have an API mechanism to allow such an execution.
Mention that the solutions do not have contextual policies which you will bring in.
Extend system to incorporate rule firing API
Ensure contextual rule firing
Ensure energy-efficient rule firing
Norman Sadeh and his group from CMU have done substantial work with capturing user preferences. They captured location preferences of the user and used various learning techniques to boost their results. They observed that once some user feedback has been obtained, learning algorithms were better at predicting what the user’s rules would be. They also observed that user’s keep on switching between their preferences of sharing and not-sharing. Essentially concluding user’s were bad at predicting their own rules. We intend to use an ontology driven approach at capturing user feedback. We want to show that the when presented with fine-grained context-dependent rules and observed rule violations, users will be able to better predict their preferences.
Other learning techniques have also been adopted in predicting the user’s intended choices which include decision trees to assist in predicting meeting timings in a calendar application, inductive logic programming to predict user behavior and carry our probabilistic rule learning. Inductive logic programming was used by corapi in an attempt to learn user behavior and later for rule learning in a planning scenario. He shows how one might be able to induce rules for user behavior. In the planning work he uses probabilities for rules and a knowledge base to minimize the error between target probability and entailed probability. Although his work started with a claim of learning privacy rules he did not complete his implementation for the domain due to the complexity and scalability issues of his method. In another work done by Tom Mitchell, decision trees were used in creating a smart assistant who predicts the meeting preferences of the user but required significant user input at times. In a third work Joseph Halpern used First order logic to reason about policies. However, he acknowledged that when using first-order logic we reach a point where the problem becomes intractable as because we have to prove validity of a first-order formula which is an undecidable problem. They also do not discuss any kind of performance or accuracy measure.