{"title":"Context-Specific Access Control: Conforming Permissions With User Expectations","authors":"Amir Rahmati, H. Madhyastha","doi":"10.1145/2808117.2808121","DOIUrl":null,"url":null,"abstract":"Current mobile platforms take an all-or-nothing approach to assigning permissions to applications. Once a user grants an application permission to access a particular resource, the application can use that permission whenever it executes thereafter. This enables an application to access privacy sensitive resources even when they are not needed for it to perform its expected functions. In this paper, we introduce \"Context-Specific Access Control\" (CSAC) as a design approach towards enforcing the principle of least privilege. CSAC's goal is to enable a user to ensure that, at any point in time, an application has access to those resources which she expects are needed by the application component with which she is currently interacting. We study 100 popular applications from Google Play store and find that existing applications are amenable to CSAC as most applications' use of privacy sensitive resources is limited to a small number of contexts. Furthermore, via dynamic analysis of the 100 applications and a small-scale user study, we find that CSAC does not prohibitively increase the number of access control decisions that users need to make.","PeriodicalId":311973,"journal":{"name":"Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices","volume":"58 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-10-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2808117.2808121","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 13
Abstract
Current mobile platforms take an all-or-nothing approach to assigning permissions to applications. Once a user grants an application permission to access a particular resource, the application can use that permission whenever it executes thereafter. This enables an application to access privacy sensitive resources even when they are not needed for it to perform its expected functions. In this paper, we introduce "Context-Specific Access Control" (CSAC) as a design approach towards enforcing the principle of least privilege. CSAC's goal is to enable a user to ensure that, at any point in time, an application has access to those resources which she expects are needed by the application component with which she is currently interacting. We study 100 popular applications from Google Play store and find that existing applications are amenable to CSAC as most applications' use of privacy sensitive resources is limited to a small number of contexts. Furthermore, via dynamic analysis of the 100 applications and a small-scale user study, we find that CSAC does not prohibitively increase the number of access control decisions that users need to make.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
