SmarPer: Context-Aware and Automatic Runtime-Permissions for Mobile Devices

Détails

Ressource 1Télécharger: Olejnik2017S&P.pdf (2364.58 [Ko])
Etat: Public
Version: de l'auteur⸱e
ID Serval
serval:BIB_244AEBF7222F
Type
Actes de conférence (partie): contribution originale à la littérature scientifique, publiée à l'occasion de conférences scientifiques, dans un ouvrage de compte-rendu (proceedings), ou dans l'édition spéciale d'un journal reconnu (conference proceedings).
Collection
Publications
Institution
Titre
SmarPer: Context-Aware and Automatic Runtime-Permissions for Mobile Devices
Titre de la conférence
Proceedings of the 38th IEEE Symposium on Security and Privacy (S&P)
Auteur⸱e⸱s
Olejnik K., Dacosta I., Soares Machado J., Huguenin K., Khan M. E., Hubaux J.-P.
Editeur
IEEE
Adresse
San Jose, Ca
Statut éditorial
Publié
Date de publication
05/2017
Peer-reviewed
Oui
Pages
1058-1076
Langue
anglais
Résumé
Permission systems are the main defense that mobile platforms, such as Android and iOS, offer to users to protect their private data from prying apps. However, due to the tension between usability and control, such systems have several limitations that often force users to overshare sensitive data. In this work, we address some of these limitations with SmarPer, an advanced permission mechanism for Android. First, to address the rigidity of current permission systems and their poor matching of users' privacy preferences, SmarPer relies on contextual information and machine learning to predict permission decisions at runtime. Using our SmarPer implementation, we collected 8,521 runtime permission decisions from 41 participants in real conditions. Note that the goal of SmarPer is to mimic the users decisions, not to make privacy-preserving decisions per se. With this unique data set, we show that tting an efcient Bayesian linear regression model results in a mean correct classication rate of 80% (3%). This represents a mean relative improvement of 50% over a user-dened static permission policy, i.e., the model used in current permission systems. Second, SmarPer also focuses on the suboptimal trade-off between privacy and utility; instead of only “allow” or “deny” decisions, SmarPer also offers an “obfuscate” option where users can still obtain utility by revealing partial information to apps. We implemented obfuscation techniques in SmarPer for different data types and evaluated them during our data collection campaign. Our results show that 73% of the participants found obfuscation useful and it accounted for almost a third of the total number of decisions. In short, we are the first to show, using a large dataset of real in situ permission decisions, that it is possible to learn users’ unique decision patterns at runtime using contextual information while supporting data obfuscation; this an important step towards automating the management of permissions in smartphones.
Web of science
Création de la notice
17/03/2017 13:38
Dernière modification de la notice
20/08/2019 13:02
Données d'usage