SmarPer: Context-Aware and Automatic Runtime-Permissions for Mobile Devices

Katarzyna Olejnik, Italo Dacosta, Joana Soares Machado, Kévin Huguenin, M. E. Khan, J. Hubaux
{"title":"SmarPer: Context-Aware and Automatic Runtime-Permissions for Mobile Devices","authors":"Katarzyna Olejnik, Italo Dacosta, Joana Soares Machado, Kévin Huguenin, M. E. Khan, J. Hubaux","doi":"10.1109/SP.2017.25","DOIUrl":null,"url":null,"abstract":"Permission systems are the main defense that mobile platforms, such as Android and iOS, offer to users to protect their private data from prying apps. However, due to the tension between usability and control, such systems have several limitations that often force users to overshare sensitive data. We address some of these limitations with SmarPer, an advanced permission mechanism for Android. To address the rigidity of current permission systems and their poor matching of users' privacy preferences, SmarPer relies on contextual information and machine learning methods to predict permission decisions at runtime. Note that the goal of SmarPer is to mimic the users' decisions, not to make privacy-preserving decisions per se. Using our SmarPer implementation, we collected 8,521 runtime permission decisions from 41 participants in real conditions. With this unique data set, we show that using an efficient Bayesian linear regression model results in a mean correct classification rate of 80% (±3%). This represents a mean relative reduction of approximately 50% in the number of incorrect decisions when compared with a user-defined static permission policy, i.e., the model used in current permission systems. SmarPer also focuses on the suboptimal trade-off between privacy and utility, instead of only \"allow\" or \"deny\" type of decisions, SmarPer also offers an \"obfuscate\" option where users can still obtain utility by revealing partial information to apps. We implemented obfuscation techniques in SmarPer for different data types and evaluated them during our data collection campaign. Our results show that 73% of the participants found obfuscation useful and it accounted for almost a third of the total number of decisions. In short, we are the first to show, using a large dataset of real in situ permission decisions, that it is possible to learn users' unique decision patterns at runtime using contextual information while supporting data obfuscation, this is an important step towards automating the management of permissions in smartphones.","PeriodicalId":6502,"journal":{"name":"2017 IEEE Symposium on Security and Privacy (SP)","volume":"8 1","pages":"1058-1076"},"PeriodicalIF":0.0000,"publicationDate":"2017-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"91","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE Symposium on Security and Privacy (SP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SP.2017.25","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 91

Abstract

Permission systems are the main defense that mobile platforms, such as Android and iOS, offer to users to protect their private data from prying apps. However, due to the tension between usability and control, such systems have several limitations that often force users to overshare sensitive data. We address some of these limitations with SmarPer, an advanced permission mechanism for Android. To address the rigidity of current permission systems and their poor matching of users' privacy preferences, SmarPer relies on contextual information and machine learning methods to predict permission decisions at runtime. Note that the goal of SmarPer is to mimic the users' decisions, not to make privacy-preserving decisions per se. Using our SmarPer implementation, we collected 8,521 runtime permission decisions from 41 participants in real conditions. With this unique data set, we show that using an efficient Bayesian linear regression model results in a mean correct classification rate of 80% (±3%). This represents a mean relative reduction of approximately 50% in the number of incorrect decisions when compared with a user-defined static permission policy, i.e., the model used in current permission systems. SmarPer also focuses on the suboptimal trade-off between privacy and utility, instead of only "allow" or "deny" type of decisions, SmarPer also offers an "obfuscate" option where users can still obtain utility by revealing partial information to apps. We implemented obfuscation techniques in SmarPer for different data types and evaluated them during our data collection campaign. Our results show that 73% of the participants found obfuscation useful and it accounted for almost a third of the total number of decisions. In short, we are the first to show, using a large dataset of real in situ permission decisions, that it is possible to learn users' unique decision patterns at runtime using contextual information while supporting data obfuscation, this is an important step towards automating the management of permissions in smartphones.
SmarPer:移动设备的上下文感知和自动运行时权限
许可系统是Android和iOS等移动平台为用户提供的主要防御措施,目的是保护他们的私人数据不受窥探应用的侵害。然而,由于可用性和控制之间的紧张关系,这样的系统有一些限制,经常迫使用户过度共享敏感数据。我们用SmarPer解决了其中的一些限制,这是Android的一种高级权限机制。为了解决当前权限系统的僵化和用户隐私偏好的不匹配问题,SmarPer依靠上下文信息和机器学习方法来预测运行时的权限决策。请注意,SmarPer的目标是模仿用户的决策,而不是做出保护隐私的决策。使用我们的SmarPer实现,我们从41个参与者那里收集了真实条件下的8,521个运行时权限决策。有了这个独特的数据集,我们表明使用有效的贝叶斯线性回归模型的平均正确分类率为80%(±3%)。这表示与用户定义的静态权限策略(即当前权限系统中使用的模型)相比,错误决策的数量平均相对减少了大约50%。SmarPer还专注于隐私和实用性之间的次优权衡,而不仅仅是“允许”或“拒绝”类型的决策,SmarPer还提供了一个“模糊”选项,用户仍然可以通过向应用程序透露部分信息来获得实用性。我们在SmarPer中实现了不同数据类型的混淆技术,并在数据收集活动中对其进行了评估。我们的结果表明,73%的参与者认为混淆是有用的,它几乎占决策总数的三分之一。简而言之,我们是第一个使用真实的现场权限决策的大型数据集来展示的人,在支持数据混淆的同时,使用上下文信息在运行时学习用户独特的决策模式是可能的,这是朝着智能手机权限管理自动化迈出的重要一步。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信