TY - GEN
T1 - A risk-driven model to minimize the effects of human factors on smart devices
AU - Gupta, Sandeep
AU - Buriro, Attaullah
AU - Crispo, Bruno
PY - 2020/1/25
Y1 - 2020/1/25
N2 - Human errors exploitation could entail unfavorable consequences to smart device users. Typically, smart devices provide multiple configurable features, e.g., user authentication settings, network selection, application installation, communication interfaces, etc., which users can configure according to their need and convenience. However, untrustworthy features configuration could mount severe risks towards the protection and integrity of data and assets residing on smart devices or to perform security-sensitive activities on smart devices. Conventional security mechanisms mainly focus on preventing and monitoring malware, but they do not perform the runtime vulnerabilities assessment while users use their smart devices. In this paper, we propose a risk-driven model that determines features reliability at runtime by monitoring users’ features usage patterns. The resource access permissions (e.g., ACCESS_INTERNET and ACCESS_NETWORK_STATE) given to an application requiring higher security are revoked in case users configure less reliable features (e.g., open WIFI or HOTSPOT) on their smart devices. Thus, our model dynamically fulfills the security criteria of the security-sensitive applications and revokes resources access permission given to them, until features reliability is set to a secure level. Consequently, smart devices are secured against any runtime vulnerabilities that may surface due to human factors.
AB - Human errors exploitation could entail unfavorable consequences to smart device users. Typically, smart devices provide multiple configurable features, e.g., user authentication settings, network selection, application installation, communication interfaces, etc., which users can configure according to their need and convenience. However, untrustworthy features configuration could mount severe risks towards the protection and integrity of data and assets residing on smart devices or to perform security-sensitive activities on smart devices. Conventional security mechanisms mainly focus on preventing and monitoring malware, but they do not perform the runtime vulnerabilities assessment while users use their smart devices. In this paper, we propose a risk-driven model that determines features reliability at runtime by monitoring users’ features usage patterns. The resource access permissions (e.g., ACCESS_INTERNET and ACCESS_NETWORK_STATE) given to an application requiring higher security are revoked in case users configure less reliable features (e.g., open WIFI or HOTSPOT) on their smart devices. Thus, our model dynamically fulfills the security criteria of the security-sensitive applications and revokes resources access permission given to them, until features reliability is set to a secure level. Consequently, smart devices are secured against any runtime vulnerabilities that may surface due to human factors.
U2 - 10.1007/978-3-030-39749-4_10
DO - 10.1007/978-3-030-39749-4_10
M3 - Conference contribution
T3 - Lecture Notes in Computer Science
SP - 156
EP - 170
BT - Emerging technologies for authorization and authentication: second international workshop, September 2019: proceedings
ER -