SmarPer: Context-Aware and Automatic Runtime-Permissions for Mobile Devices
Details
Download: Olejnik2017S&P.pdf (2364.58 [Ko])
State: Public
Version: author
State: Public
Version: author
Serval ID
serval:BIB_244AEBF7222F
Type
Inproceedings: an article in a conference proceedings.
Collection
Publications
Institution
Title
SmarPer: Context-Aware and Automatic Runtime-Permissions for Mobile Devices
Title of the conference
Proceedings of the 38th IEEE Symposium on Security and Privacy (S&P)
Publisher
IEEE
Address
San Jose, Ca
Publication state
Published
Issued date
05/2017
Peer-reviewed
Oui
Pages
1058-1076
Language
english
Abstract
Permission systems are the main defense that mobile platforms, such as Android and iOS, offer to users to protect their private data from prying apps. However, due to the tension between usability and control, such systems have several limitations that often force users to overshare sensitive data. In this work, we address some of these limitations with SmarPer, an advanced permission mechanism for Android. First, to address the rigidity of current permission systems and their poor matching of users' privacy preferences, SmarPer relies on contextual information and machine learning to predict permission decisions at runtime. Using our SmarPer implementation, we collected 8,521 runtime permission decisions from 41 participants in real conditions. Note that the goal of SmarPer is to mimic the users decisions, not to make privacy-preserving decisions per se. With this unique data set, we show that tting an efcient Bayesian linear regression model results in a mean correct classication rate of 80% (3%). This represents a mean relative improvement of 50% over a user-dened static permission policy, i.e., the model used in current permission systems. Second, SmarPer also focuses on the suboptimal trade-off between privacy and utility; instead of only “allow” or “deny” decisions, SmarPer also offers an “obfuscate” option where users can still obtain utility by revealing partial information to apps. We implemented obfuscation techniques in SmarPer for different data types and evaluated them during our data collection campaign. Our results show that 73% of the participants found obfuscation useful and it accounted for almost a third of the total number of decisions. In short, we are the first to show, using a large dataset of real in situ permission decisions, that it is possible to learn users’ unique decision patterns at runtime using contextual information while supporting data obfuscation; this an important step towards automating the management of permissions in smartphones.
Web of science
Create date
17/03/2017 13:38
Last modification date
20/08/2019 13:02