A context-aware system to secure enterprise content: Incorporating reliability specifiers

Oyindamola Oluwatimi, Maria Luisa Damiani, Elisa Bertino
2018 Computers & security  
The sensors of a context-aware system extract contextual information from the environment and relay that information to higher-level processes of the system so to influence the system's control decisions. However, an adversary can maliciously influence such controls indirectly by manipulating the environment in which the sensors are monitoring, thereby granting privileges the adversary would otherwise not normally have. To address such context monitoring issues, we extend CASSEC by
more » ... sentiencelike constructs, which enable the emulation of "confidence", into our proximity-based access control model to grant the system the ability to make more inferable decisions based on the degree of reliability of extracted contextual information. In CASSEC 2.0, we evaluate our confidence constructs by implementing two new authentication mechanisms. Coproximity authentication employs our time-based challengeresponse protocol, which leverages Bluetooth Low Energy beacons as its underlying occupancy detection technology. Biometric authentication relies on the accelerometer and fingerprint sensors to measure behavioral and physiological user features to prevent unauthorized users from using an authorized user's device. We provide a feasibility study demonstrating how confidence constructs can improve the decision engine of context-aware access control systems.
doi:10.1016/j.cose.2018.04.001 fatcat:nw3u3vh5affodia4sfwfgbybtu