Bootstrapping Security Policies for Wearable Apps Using Attributed Structural Graphs
نویسندگان
چکیده
We address the problem of bootstrapping security and privacy policies for newly-deployed apps in wireless body area networks (WBAN) composed of smartphones, sensors and other wearable devices. We introduce a framework to model such a WBAN as an undirected graph whose vertices correspond to devices, apps and app resources, while edges model structural relationships among them. This graph is then augmented with attributes capturing the features of each entity together with user-defined tags. We then adapt available graph-based similarity metrics to find the closest app to a new one to be deployed, with the aim of reusing, and possibly adapting, its security policy. We illustrate our approach through a detailed smartphone ecosystem case study. Our results suggest that the scheme can provide users with a reasonably good policy that is consistent with the user's security preferences implicitly captured by policies already in place.
منابع مشابه
Systematic Structuring of the Business Domain of Local Mobile Apps Stores Using Soft Systems Methodology (SSM)
Due to the global competitive environment in the mobile app market, traditional problem-solving methods in examining the problem of accepting stores offering these digital products have ignored the important role of human factors and therefore this weakness necessitates research on relevant policies by governing bodies from another perspective based on a soft systems thinking approach. This pro...
متن کاملSecurity challenges for wearable computing a case study
This paper discusses ITand information security challenges for wearable computing encountered during the WearIT@work project. The following novel ideas are introduced in this paper: authorization by proximity using dynamic context information to enable transfer of authorization from one party to another, a wearable pairing mechanism to use devices on other wearables, and a more intelligent mana...
متن کاملAutomated Dynamic Enforcement of Synthesized Security Policies in Android
As the dominant mobile computing platform, Android has become a prime target for cyber-security attacks. Many of these attacks are manifested at the application level, and through the exploitation of vulnerabilities in apps downloaded from the popular app stores. Increasingly, sophisticated attacks exploit the vulnerabilities in multiple installed apps, making it extremely difficult to foresee ...
متن کاملریسک سنج: ابزاری برای سنجش دقیق میزان ریسک امنیتی برنامهها در دستگاههای همراه
Nowadays smartphones and tablets are widely used due to their various capabilities and features for end users. In these devices, accessing a wide range of services and sensitive information including private personal data, contact list, geolocation, sending and receiving messages, accessing social networks and etc. are provided via numerous application programs. These types of accessibilities, ...
متن کاملChecking Interaction-Based Declassification Policies for Android Using Symbolic Execution
Mobile apps can access a wide variety of secure information, such as contacts and location. However, current mobile platforms include only coarse access control mechanisms to protect such data. In this paper, we introduce interaction-based declassification policies, in which the user’s interactions with the app constrain the release of sensitive information. Our policies are defined extensional...
متن کامل