An Ontology for Enforcing Security and Privacy Policies on Mobile Devices

Brian Krupp, Nigamanth Sridhar, Wenbing Zhao

Abstract

Mobile devices have experienced explosive growth and rapid adoption. These devices have also become troves of security and privacy data of the consumers that utilize them. What makes mobile devices unique from traditional computing platforms is the additional sensing components they contain and their ease of access which allow consumers to make these devices a part of their lives. Additionally these devices are fragmented in operating systems, sensing capabilities, and device manufacturers. In this paper we define an ontology that can be utilized as a foundation for enforcing security and privacy policies across all mobile devices, and use the ontology to define policies and to model knowledge elements for mobile devices. We also identify areas where the policies can be applied, including whether to enforce policies on the device or in the cloud.

References

  1. Ball, J. (2014). Angry birds and 'leaky' phone apps targeted by nsa and gchq for user data. http:// www.theguardian.com/world/2014/jan/27/nsa-gchqsmartphone-app-angry-birds-personal-data.
  2. Beji, S. and El Kadhi, N. (2009a). A knowledge based process proposal for mobile security. In Developments in eSystems Engineering (DESE), 2009 Second International Conference on, pages 166-172.
  3. Beji, S. and El Kadhi, N. (2009b). Security ontology proposal for mobile applications. In Mobile Data Management: Systems, Services and Middleware, 2009. MDM 7809. Tenth International Conference on, pages 580-587.
  4. Foursquare (2014). About foursquare. foursquare.com/about.
  5. https:// Ju An WangGuo, Michael M.Camargo, J. (2010). An ontological approach to computer system security. Information Security Journal: A Global Perspective, 19(2):61 - 73.
  6. Krupp, B., Sridhar, N., and Zhao, W. (2013). A framework for enhancing security and privacy on unmodified mobile mobile operating systems. In The First International Workshop on Mobile Cloud and Social Computing.
  7. Krupp, B., Zhao, W., and Sridhar, N. (2014). Tell me the truth! what is your intent with my mobile data? Technical Report TR-CSU-ECE-1411, Electrical and Computer Engineering, Cleveland State University.
  8. Panagiotopoulos, I., Seremeti, L., Kameas, A., and Zorkadis, V. (2010). Proact: An ontology-based model of privacy policies in ambient intelligence environments. In Informatics (PCI), 2010 14th Panhellenic Conference on, pages 124-129.
  9. Tsoumas, B. and Gritzalis, D. (2006). Towards an ontologybased security management. In Advanced Information Networking and Applications, 2006. AINA 2006. 20th International Conference on, volume 1, pages 985- 992.
  10. Twitter (2014). New tweets per second record, and how! https://blog.twitter.com/2013/new-tweets-persecond-record-and-how.
  11. Uszok, A., Bradshaw, J., Jeffers, R., Suri, N., Hayes, P., Breedy, M., Bunch, L., Johnson, M., Kulkarni, S., and Lott, J. (2003). Kaos policy and domain services: toward a description-logic approach to policy representation, deconfliction, and enforcement. In Policies for Distributed Systems and Networks, 2003. Proceedings. POLICY 2003. IEEE 4th International Workshop on, pages 93-96.
  12. Woo, S., On, J., and Lee, M. (2013). Behavior ontology: A framework to detect attack patterns for security. In Advanced Information Networking and Applications Workshops (WAINA), 2013 27th International Conference on, pages 738-743.
Download


Paper Citation


in Harvard Style

Krupp B., Sridhar N. and Zhao W. (2014). An Ontology for Enforcing Security and Privacy Policies on Mobile Devices . In Proceedings of the International Conference on Knowledge Engineering and Ontology Development - Volume 1: KEOD, (IC3K 2014) ISBN 978-989-758-049-9, pages 288-295. DOI: 10.5220/0005081502880295


in Bibtex Style

@conference{keod14,
author={Brian Krupp and Nigamanth Sridhar and Wenbing Zhao},
title={An Ontology for Enforcing Security and Privacy Policies on Mobile Devices},
booktitle={Proceedings of the International Conference on Knowledge Engineering and Ontology Development - Volume 1: KEOD, (IC3K 2014)},
year={2014},
pages={288-295},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005081502880295},
isbn={978-989-758-049-9},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Knowledge Engineering and Ontology Development - Volume 1: KEOD, (IC3K 2014)
TI - An Ontology for Enforcing Security and Privacy Policies on Mobile Devices
SN - 978-989-758-049-9
AU - Krupp B.
AU - Sridhar N.
AU - Zhao W.
PY - 2014
SP - 288
EP - 295
DO - 10.5220/0005081502880295