Preserving User Privacy and Security in Context-Aware Mobile Platforms

Preserving User Privacy and Security in Context-Aware Mobile Platforms

Prajit Kumar Das (University of Maryland – Baltimore County, USA), Dibyajyoti Ghosh (University of Maryland – Baltimore County, USA), Pramod Jagtap (University of Maryland – Baltimore County, USA), Anupam Joshi (University of Maryland – Baltimore County, USA) and Tim Finin (University of Maryland – Baltimore County, USA)
DOI: 10.4018/978-1-5225-7113-1.ch058
OnDemand PDF Download:
No Current Special Offers


Contemporary smartphones are capable of generating and transmitting large amounts of data about their users. Recent advances in collaborative context modeling combined with a lack of adequate permission model for handling dynamic context sharing on mobile platforms have led to the emergence of a new class of mobile applications that can access and share embedded sensor and context data. Most of the time such data is used for providing tailored services to the user but it can lead to serious breaches of privacy. We use Semantic Web technologies to create a rich notion of context. We also discuss challenges for context aware mobile platforms and present approaches to manage data flow on these devices using semantically rich fine-grained context-based policies that allow users to define their privacy and security need using tools we provide.
Chapter Preview


Access control generally refers to the process of determining what actions are allowed by a given subject upon objects and resources (Sandhu & Samarati, 1996). The security domain has seen the emergence of various access control models over the years. The most popular models include Discretionary Access Control (DAC), Mandatory Access Control (MAC), Role Based Access Control (RBAC) and Attribute Based Access Control (ABAC). DAC refers to access control mechanisms where it is at the “discretion” of the owner of an object. On the other hand, MAC “mandates” control based on security labels assigned to an object. RBAC is a model that uses “roles” to determine access control and in this model permissions are associated with roles, and users are made members of appropriate roles. RBAC suffers from issues of setting up initial role structure and inflexibility in dynamic domains (Kuhn, D. R., Coyne, E. J., & Weil, T. R., 2010). A pure RBAC solution will not consider dynamic attributes like time of day, which could be critical for determining user permissions. Essentially, it does not take into consideration the context aspect that we so often see, especially in the mobile domain. ABAC models are better equipped in handling access control for such dynamic systems. When it comes to using ABAC models one of the standard system implementations created by (Godik, S., Anderson, A., Parducci, B., Humenn, P., & Vajjhala, S., 2002) is XACML. The XACML standard defines a declarative access control policy language implemented in XML and provides a processing model on how to evaluate access requests. The access control mechanisms that we will discuss are modeled on ABAC.

Complete Chapter List

Search this Book: