Capturing Policies for Fine-Grained Access Control on Mobile Devices

As of 2016, there are more mobile devices than humans on earth. Today, mobile devices are a critical part of our lives and often hold sensitive corporate and personal data. As a result, they are a lucrative target for attackers, and managing data privacy and security on mobile devices has become a vital issue. Existing access control mechanisms in most devices are restrictive and inadequate. They do not take into account the context of a device and its user when making decisions. In many cases, the access granted to a subject should change based on the context of a device. Such fine-grained, context-sensitive access control policies have to be personalized too. In this paper, we present a system i.e. Mithril that uses policies represented in Semantic Web technologies and captured using user feedback, to handle access control on mobile devices. We present an iterative feedback process to capture user specific policy. We also present a policy violation metric that allows us to decide when the capture process is complete.