Personalizing Context-Aware Access Control on Mobile Platforms

• Published in: 2017 IEEE 3rd International Conference on Collaboration and Internet Computing (CIC) pp. 107 - 116
• Main Authors: Das, Prajit Kumar, Joshi, Anupam, Finin, Tim
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.10.2017
• Subjects: Access control; Context modeling; Middleware; mobile access control; Mobile communication; Mobile handsets; OWL; personalized access control; user security and privacy
• DOI: 10.1109/CIC.2017.00025

Context-sensitive access control has been a research topic within mobile computing for more than a decade. Much of the work has focused on modeling context and representing policies. Choosing an appropriate policy for a user, however, remains a challenging goal. Creating usable mobile access control solutions have been researched from a users permission control perspective. We present a study carried out with subjects using their personal mobile devices that captures individualized policies through an iterative user feedback process. Policy precision, also referred to as "Violation Metric" (VM), was used to decide when all necessary policies had been captured. The feedback process used a hierarchical context ontology to represent user-context and gathered contextual-situations in which a policy would be applicable. The study also investigated the feasibility of using the VM measure to determine completion of the capture process for the users personalized access control policies, that handles their mobile privacy and security needs. Using an appropriate predefined policy is shown to have lesser user impact when trying to personalize access control policies for users.