MRAAC: A Multi-Stage Risk-Aware Adaptive Authentication and Access Control Framework for Android

IF 3 4区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS
Jiayi Chen, Urs Hengartner, Hassan Khan
{"title":"MRAAC: A Multi-Stage Risk-Aware Adaptive Authentication and Access Control Framework for Android","authors":"Jiayi Chen, Urs Hengartner, Hassan Khan","doi":"10.1145/3648372","DOIUrl":null,"url":null,"abstract":"<p>Adaptive authentication enables smartphones and enterprise apps to decide when and how to authenticate users based on contextual and behavioral factors. In practice, a system may employ multiple policies to adapt its authentication mechanisms and access controls to various scenarios. However, existing approaches suffer from contradictory or insecure adaptations, which may enable attackers to bypass the authentication system. Besides, most existing approaches are inflexible and do not provide desirable access controls. We design and build a multi-stage risk-aware adaptive authentication and access control framework (MRAAC), which provides the following novel contributions: <b>Multi-stage:</b>\nMRAAC organizes adaptation policies in multiple stages to handle different risk types and progressively adapts authentication mechanisms based on context, resource sensitivity, and user authenticity. <b>Appropriate access control:</b>\nMRAAC provides libraries to enable sensitive apps to manage the availability of their in-app resources based on MRAAC’s risk awareness. <b>Extensible:</b>\nWhile existing proposals are tailored to cater to a single use case, MRAAC supports a variety of use cases with custom risk models. We exemplify these advantages of MRAAC by deploying it for three use cases: an enhanced version of Android Smart Lock, guest-aware continuous authentication, and corporate app for BYOD. We conduct experiments to quantify the CPU, memory, latency, and battery performance of MRAAC. Our evaluation shows that MRAAC enables various stakeholders (device manufacturers, enterprise and secure app developers) to provide complex adaptive authentication workflows on COTS Android with low processing and battery overhead.</p>","PeriodicalId":56050,"journal":{"name":"ACM Transactions on Privacy and Security","volume":"93 1","pages":""},"PeriodicalIF":3.0000,"publicationDate":"2024-02-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Privacy and Security","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1145/3648372","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

Adaptive authentication enables smartphones and enterprise apps to decide when and how to authenticate users based on contextual and behavioral factors. In practice, a system may employ multiple policies to adapt its authentication mechanisms and access controls to various scenarios. However, existing approaches suffer from contradictory or insecure adaptations, which may enable attackers to bypass the authentication system. Besides, most existing approaches are inflexible and do not provide desirable access controls. We design and build a multi-stage risk-aware adaptive authentication and access control framework (MRAAC), which provides the following novel contributions: Multi-stage: MRAAC organizes adaptation policies in multiple stages to handle different risk types and progressively adapts authentication mechanisms based on context, resource sensitivity, and user authenticity. Appropriate access control: MRAAC provides libraries to enable sensitive apps to manage the availability of their in-app resources based on MRAAC’s risk awareness. Extensible: While existing proposals are tailored to cater to a single use case, MRAAC supports a variety of use cases with custom risk models. We exemplify these advantages of MRAAC by deploying it for three use cases: an enhanced version of Android Smart Lock, guest-aware continuous authentication, and corporate app for BYOD. We conduct experiments to quantify the CPU, memory, latency, and battery performance of MRAAC. Our evaluation shows that MRAAC enables various stakeholders (device manufacturers, enterprise and secure app developers) to provide complex adaptive authentication workflows on COTS Android with low processing and battery overhead.

MRAAC:面向安卓的多阶段风险感知自适应身份验证和访问控制框架
自适应身份验证使智能手机和企业应用程序能够根据上下文和行为因素决定何时以及如何对用户进行身份验证。在实践中,系统可能会采用多种策略,使其身份验证机制和访问控制适应各种场景。然而,现有方法存在自相矛盾或不安全的适应性问题,这可能会使攻击者绕过身份验证系统。此外,大多数现有方法缺乏灵活性,无法提供理想的访问控制。我们设计并建立了一个多阶段风险感知自适应身份验证和访问控制框架(MRAAC),它具有以下新贡献:多阶段:MRAAC在多个阶段组织适应策略,以处理不同的风险类型,并根据上下文、资源敏感性和用户真实性逐步调整认证机制。适当的访问控制:MRAAC提供库,使敏感应用程序能够根据MRAAC的风险意识管理其应用程序内资源的可用性。可扩展性:现有的建议都是针对单一用例量身定制的,而MRAAC支持各种用例,并可自定义风险模型。我们通过在三种用例中部署MRAAC来体现MRAAC的这些优势:增强版安卓智能锁、访客感知持续身份验证和用于BYOD的企业应用。我们通过实验来量化 MRAAC 的 CPU、内存、延迟和电池性能。我们的评估结果表明,MRAAC 能让各利益相关方(设备制造商、企业和安全应用开发商)在 COTS Android 上提供复杂的自适应身份验证工作流,同时降低处理和电池开销。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
ACM Transactions on Privacy and Security
ACM Transactions on Privacy and Security Computer Science-General Computer Science
CiteScore
5.20
自引率
0.00%
发文量
52
期刊介绍: ACM Transactions on Privacy and Security (TOPS) (formerly known as TISSEC) publishes high-quality research results in the fields of information and system security and privacy. Studies addressing all aspects of these fields are welcomed, ranging from technologies, to systems and applications, to the crafting of policies.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信