مجال
التميز
|
تميز
دراسي وبحثي
|
|
|
البحوث المنشورة
|
|
البحث (1):
|
|
عنوان البحث:
|
A Fine-Grained
Analysis Of User Activity On Mobile Applications: The Sensitivity Level
Perception
|
رابط إلى البحث:
|
Click
here
|
تاريخ النشر:
|
September
2015
|
موجز عن البحث:
|
Mobile devices contain different levels of data and applications
such as photos, text messages, emails and mobile banking applications. Each
process within each application has a different level of sensitivity; thus,
protection needs to be considered in this context after initial access to the
mobile device. The main aim of this research is to investigate when to
authenticate the mobile user by focusing on the sensitivity level of each
intra-process (within the application) and understanding whether a certain
user action in a process may require protection. To accomplish this, the 10
most popular mobile categories were analysed to gain a comprehensive
understanding of how to categorise the applications in terms of their
sensitivity level.
Building upon this analysis, the results show that 78% of 125
user actions are considered sensitive processes. This paper also demonstrates
that existing authentication systems lack adequate security solutions to
unauthorised access to the mobile device. Consequently, this indicates the
need for a robust and usable access control approach to establish a
transparent and a continuous authentication system.
|
|
|
البحث (2):
|
|
عنوان البحث:
|
A Novel Taxonomy For Mobile Applications Data
|
رابط إلى البحث:
|
Click
here
|
تاريخ النشر:
|
July
2016
|
موجز عن البحث:
|
Smartphones are
used to perform various types of activities, such as sending emails,
transferring money via mobile Internet banking, making calls, texting, web
browsing, and playing games. Some of these activities are considered as
sensitive and confidential, and are becoming an ever more pressing concern,
with high risks associated with scenarios such as loss of sensitive data.
Currently, after the point-of-entry authentication at the beginning of a
session, using a PIN or password, the user of the device can perform almost
all tasks without having to periodically re-authenticate or re-validate their
identity. Likewise, the current point-of-entry (PoE) authentication
mechanisms consider all applications on the mobile device as if they have the
same level of importance; thus maintaining a single level of security for all
applications, without any further access control rules. This paper presents a
novel taxonomy of mobile applications data, studying the risk for each
process within the application. To accomplish this, 10 of the most popular
mobile categories were analysed to gain a comprehensive understanding on
various risk level associated with user actions on those applications. The
analysis concludes that mobile application processes can clearly have different
level of risk. From the set considered in the analysis, the results show that
81% of user actions are considered as risky processes, and may therefore
merit additional protection beyond the PoE provision.
|
|
|
البحث (3):
|
|
عنوان البحث:
|
Mori: An Innovative Mobile Applications Data Risk
Assessment Model
|
رابط إلى البحث:
|
Click
here
|
تاريخ النشر:
|
September-December
2016
|
موجز عن البحث:
|
The daily
activities of mobile device users range from making calls and texting to
accessing mobile applications, such as mobile banking and online social
networks. Mobile phones are able to create, store, and process different
types of data, and these data, whether personal, business, or governmental,
are related to the owner of the mobile device. More specifically, user
activities, such as posting on Facebook, is sensitive and confidential
processes with varying degrees of social risk. The current point-of-entry
authentication mechanisms, however, consider all applications on the mobile
device as if they had the same level of importance; thus maintaining a single
level of security for all applications, without any further access control
rules. In this research, we argue that on a single mobile application there
are different processes operating on the same data, with different social
risks based on the user’s actions. More specifically, the unauthorised
disclosure or modification of mobile applications data has the potential to
lead to a number of undesirable consequences for the user, which in turn
means that the risk is changing within the application. Thus, there is no
single risk for using a single application. Accordingly, there is a severe
lack of protection for user data stored in mobile phones due to the lack of
further authentication or differentiated protection beyond the
point-of-entry. To remedy that failing, this paper has introduced a new risk
assessment model for mobile applications data, called MORI (Mobile Risk) that
determines the risk level for each process on a single application. The
findings demonstrate that this model has introduced a risk matrix which helps
to move the access control system from the application level to the intra-
process application level, based on the risk for the user action being
performed on these processes.
|
|
|
المؤتمرات العلمية:
|
|
|
|
المؤتمر (1):
|
|
عنوان المؤتمر:
|
The 10th
International Conference For Internet Technology And Secured Transactions
|
تاريخ الإنعقاد:
|
14 – 16/12/2015
|
مكان
الإنعقاد:
|
London,
UK
|
طبيعة المشاركة:
|
Paper
presentation
|
عنوان المشاركة:
|
Transparent Authentication Systems For Mobile Device Security: A Review
|
ملخص المشاركة:
|
Sensitive
data such as text messages, contact lists, and personal information are
stored on mobile devices. This makes authentication of paramount importance.
More security is needed on mobile devices since, after point-of-entry
authentication, the user can perform almost all tasks without having to
re-authenticate. For this reason, many authentication methods have been
suggested to improve the security of mobile devices in a transparent and
continuous manner, providing a basis for convenient and secure user
re-authentication. This paper presents a comprehensive analysis and
literature review on transparent authentication systems for mobile device
security.
This
review indicates a need to investigate when to authenticate the mobile user
by focusing on the sensitivity level of the application, and understanding
whether a certain application may require a protection or not.
|