Title:
|
EXPLAINED SECURITY POLICIES FOR MANAGING PER-PROGRAM ACCESS CONTROL ON MOBILE DEVICES |
Author(s):
|
Peter Trommler |
ISBN:
|
978-972-8939-19-9 |
Editors:
|
Hans Weghorn, Jörg Roth and Pedro Isaías |
Year:
|
2010 |
Edition:
|
Single |
Keywords:
|
Access control, security policy, explained security policy |
Type:
|
Reflection Paper |
First Page:
|
235 |
Last Page:
|
238 |
Language:
|
English |
Cover:
|
|
Full Contents:
|
click to dowload
|
Paper Abstract:
|
Distributing software to mobile devices over the Internet has become an efficient way to deliver applications to the end-user. Several security mechanisms are currently deployed that assume either code is not trusted at all and thus must be confined to a sandbox or it is completely trusted and hence is granted full access. In this paper we propose a security model that offers a middle ground based on the principle of least privilege. An application will be granted access to resources needed for its purpose but no more. The increased flexibility of access control leads to increased complexity to configure access control policies. Explained security policies securely associate security policies with one or more explanations and enable end-users to select an appropriate level of access. |
|
|
|
|