000000326 001__ 326
000000326 005__ 20180823095858.0
000000326 037__ $$aLERSSE-THESIS-2018-002
000000326 100__ $$aPrimal Wijesekera
000000326 245__ $$aContextual Permission Models for Better Privacy Protection
000000326 260__ $$c2018-06-01
000000326 300__ $$amult. p
000000326 520__ $$aDespite corporate cyber intrusions attracting all the attention, privacy breaches that we, as ordinary users, should be worried about occur every day without any scrutiny. Smartphones, a household item, have inadvertently become a major enabler of privacy breaches. Smartphone platforms use permission systems to regulate access to sensitive resources. These permission systems, however, lack the ability to understand users’ privacy expectations leaving a significant gap between how permission models behave and how users would want the platform to protect their sensitive data. This dissertation provides an in-depth analysis of how users make privacy decisions in the context of Smartphones and how platforms can accommodate user’s privacy requirements systematically. We first performed a 36-person field study to quantify how often applications access protected resources when users are not expecting it. We found that when the application requesting the permission is running invisibly to the user, they are more likely to deny applications access to protected resources. At least 80% of our participants would have preferred to prevent at least one permission request. To explore the feasibility of predicting user’s privacy decisions based on their past decisions, we performed a longitudinal 131-person field study. Based on the data, we built a classifier to make privacy decisions on the user’s behalf by detecting when the context has changed and inferring privacy preferences based on the user’s past decisions. We showed that our approach can accurately predict users’ privacy decisions 96.8% of the time, which is an 80% reduction in error rate compared to current systems. Based on these findings, we developed a custom Android version with a contextually aware permission model. The new model guards resources based on user’s past decisions under similar contextual circumstances. We performed a 38-person field study to measure the efficiency and usability of the new permission model. Based on exit interviews and 5M data points, we found that the new system is effective in reducing the potential violations by 75%. Despite being significantly more restrictive over the default permission systems, participants did not find the new model to cause any usability issues in terms of application functionality.
000000326 6531_ $$aPrivacy
000000326 6531_ $$aMobile Permissions
000000326 6531_ $$aAccess Control
000000326 6531_ $$aUser Study
000000326 6531_ $$aPermission Models
000000326 6531_ $$aUsable Security
000000326 6531_ $$aMachine Learning
000000326 6531_ $$aSecurity
000000326 8560_ $$flersse-it@ece.ubc.ca
000000326 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/326/files/primal_dissertation.pdf
000000326 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/326/files/primal_dissertation.pdf?subformat=pdfa$$xpdfa
000000326 909C4 $$pPrimal Wijesekera, "Contextual Permission Models for Better Privacy Protection", PhD Dissertation, Department of Electrical and Computer Engineering, THE UNIVERSITY OF BRITISH COLUMBIA, June, 2018
000000326 980__ $$aTHESIS