Human errors exploitation could entail unfavorable consequences to smart device users. Typically, smart devices provide multiple configurable features, e.g., user authentication settings, network selection, application installation, communication interfaces, etc., which users can configure according to their need and convenience. However, untrustworthy features configuration could mount severe risks towards the protection and integrity of data and assets residing on smart devices or to perform security-sensitive activities on smart devices. Conventional security mechanisms mainly focus on preventing and monitoring malware, but they do not perform the runtime vulnerabilities assessment while users use their smart devices. In this paper, we propose a risk-driven model that determines features reliability at runtime by monitoring users’ features usage patterns. The resource access permissions (e.g., ACCESS_INTERNET and ACCESS_NETWORK_STATE) given to an application requiring higher security are revoked in case users configure less reliable features (e.g., open WIFI or HOTSPOT) on their smart devices. Thus, our model dynamically fulfills the security criteria of the security-sensitive applications and revokes resources access permission given to them, until features reliability is set to a secure level. Consequently, smart devices are secured against any runtime vulnerabilities that may surface due to human factors.

A Risk-Driven Model to Minimize the Effects of Human Factors on Smart Devices / Gupta, S.; Buriro, A.; Crispo, B.. - 11967:(2020), pp. 156-170. ((Intervento presentato al convegno 2nd International Workshop on Emerging Technologies for Authorization and Authentication, ETAA 2019 tenutosi a lux nel 2019 [10.1007/978-3-030-39749-4_10].

A Risk-Driven Model to Minimize the Effects of Human Factors on Smart Devices

Gupta S.;Crispo B.
2020

Abstract

Human errors exploitation could entail unfavorable consequences to smart device users. Typically, smart devices provide multiple configurable features, e.g., user authentication settings, network selection, application installation, communication interfaces, etc., which users can configure according to their need and convenience. However, untrustworthy features configuration could mount severe risks towards the protection and integrity of data and assets residing on smart devices or to perform security-sensitive activities on smart devices. Conventional security mechanisms mainly focus on preventing and monitoring malware, but they do not perform the runtime vulnerabilities assessment while users use their smart devices. In this paper, we propose a risk-driven model that determines features reliability at runtime by monitoring users’ features usage patterns. The resource access permissions (e.g., ACCESS_INTERNET and ACCESS_NETWORK_STATE) given to an application requiring higher security are revoked in case users configure less reliable features (e.g., open WIFI or HOTSPOT) on their smart devices. Thus, our model dynamically fulfills the security criteria of the security-sensitive applications and revokes resources access permission given to them, until features reliability is set to a secure level. Consequently, smart devices are secured against any runtime vulnerabilities that may surface due to human factors.
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Germany
Springer
978-3-030-39748-7
978-3-030-39749-4
Gupta, S.; Buriro, A.; Crispo, B.
A Risk-Driven Model to Minimize the Effects of Human Factors on Smart Devices / Gupta, S.; Buriro, A.; Crispo, B.. - 11967:(2020), pp. 156-170. ((Intervento presentato al convegno 2nd International Workshop on Emerging Technologies for Authorization and Authentication, ETAA 2019 tenutosi a lux nel 2019 [10.1007/978-3-030-39749-4_10].
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: http://hdl.handle.net/11572/288971
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 3
  • ???jsp.display-item.citation.isi??? 0
social impact