Home > Refereed Conference Papers > Neither Access nor Control: A Longitudinal Investigation of the Efficacy of User Access-Control Solutions on Smartphones > MARC 
000000351 001__ 351
000000351 005__ 20220704163126.0
000000351 037__ $$aLERSSE-RefConfPaper-2022-004
000000351 100__ $$aMasoud Mehrabi Koushki
000000351 245__ $$aNeither Access nor Control: A Longitudinal Investigation of the Efficacy of User Access-Control Solutions on Smartphones
000000351 260__ $$c2022-09-10-2022-09-10-2022-09-10
000000351 300__ $$amult. p
000000351 520__ $$aThe incumbent all-or-nothing model of access control on smartphones has been known to dissatisfy users, due to high overhead (both cognitive and physical) and lack of device-sharing support. Several alternative models have been proposed. However, their efficacy has not been evaluated and compared empirically, due to a lack of detailed quantitative data on users' authorization needs. This paper bridges this gap with a 30-day diary study. We probed a near representative sample (N = 55) of US smartphone users to gather a comprehensive list of tasks they perform on their phones and their authorization needs for each task. Using this data, we quantify, for the first time, the efficacy of the all-or-nothing model, demonstrating frequent unnecessary or missed interventions (false positive rate (FPR) = 90%, false negative rate (FNR) = 21%). In comparison, we show that app- or task-level models can improve the FPR up to 88% and the FNR up to 20%, albeit with a modest (up to 15%) increase in required upfront configuration. We also demonstrate that the context in which phone sharing happens is consistent up to 75% of the time, showing promise for context-based solutions.
000000351 6531_ $$aSmartphone security
000000351 6531_ $$aAccess control
000000351 6531_ $$aUser experience
000000351 6531_ $$aLongitudinal study
000000351 700__ $$aYue Huang
000000351 700__ $$aJulia Rubin
000000351 700__ $$aKonstantin Beznosov
000000351 8560_ $$flersse-it@ece.ubc.ca
000000351 8564_ $$uhttp://lersse-dl.ece.ubc.ca/record/351/files/sec22fall_koushki.pdf
000000351 909C4 $$pMasoud Mehrabi Koushki, Yue Huang, Julia Rubin, and Konstantin Beznosov. Neither Access nor Control: A Longitudinal Investigation of The Efficacy of User Access Control Solutions on Smartphones. In Proceedings of the 31st USENIX Security Symposium, 2022.
000000351 980__ $$aRefConfPaper
LERSSE Digital Library :: Search :: Submit :: Personalize :: Help
Powered by Invenio v1.1.1
Maintained by info@invenio-software.org