Benats, Guillaume; Bandara, Arosha; Yu, Yijun; Colin, Jean-Noel and Nuseibeh, Bashar
In: IEEE International Symposium on Policies for Distributed Systems and Networks, 6-8 June 2011, Pisa, Italy.
Full text available as:
The rapid growth of mobile applications has imposed new threats to privacy: users often find it challenging to ensure that their privacy policies are consistent with the requirements of a diverse range of of mobile applications that access personal information under different contexts. This problem exacerbates when applications depend on each other and therefore share permissions to access resources in ways that are opaque to an end-user. To meet the needs of representing privacy requirements and of resolving dependencies issues in privacy policies, we propose an extension to the P-RBAC model for reasoning about plausible scenarios that can exploit such weaknesses of mobile systems. This work has been evaluated using the case studies on several Android mobile applications.
Actions (login may be required)