TY - JOUR
T1 - MORI: An Innovative Mobile Applications Data Risk Assessment Model
AU - Alotaibi, S
AU - Furnell, S
AU - Clarke, N
PY - 2016/9/1
Y1 - 2016/9/1
N2 - The daily activities of mobile device users range
from making calls and texting to accessing mobile
applications, such as mobile banking and online
social networks. Mobile phones are able to create,
store, and process different types of data, and these
data, whether personal, business, or governmental,
are related to the owner of the mobile device. More
specifically, user activities, such as posting on
Facebook, is sensitive and confidential processes
with varying degrees of social risk. The current
point-of-entry authentication mechanisms,
however, consider all applications on the mobile
device as if they had the same level of importance;
thus maintaining a single level of security for all
applications, without any further access control
rules. In this research, we argue that on a single
mobile application there are different processes
operating on the same data, with different social
risks based on the user’s actions. More specifically,
the unauthorised disclosure or modification of
mobile applications data has the potential to lead
to a number of undesirable consequences for the
user, which in turn means that the risk is changing
within the application. Thus, there is no single risk
for using a single application. Accordingly, there is
a severe lack of protection for user data stored in
mobile phones due to the lack of further
authentication or differentiated protection beyond
the point-of-entry. To remedy that failing, this
paper has introduced a new risk assessment model
for mobile applications data, called MORI (Mobile
Risk) that determines the risk level for each process
on a single application. The findings demonstrate
that this model has introduced a risk matrix which
helps to move the access control system from the
application level to the intra- process application
level, based on the risk for the user action being
performed on these processes.
AB - The daily activities of mobile device users range
from making calls and texting to accessing mobile
applications, such as mobile banking and online
social networks. Mobile phones are able to create,
store, and process different types of data, and these
data, whether personal, business, or governmental,
are related to the owner of the mobile device. More
specifically, user activities, such as posting on
Facebook, is sensitive and confidential processes
with varying degrees of social risk. The current
point-of-entry authentication mechanisms,
however, consider all applications on the mobile
device as if they had the same level of importance;
thus maintaining a single level of security for all
applications, without any further access control
rules. In this research, we argue that on a single
mobile application there are different processes
operating on the same data, with different social
risks based on the user’s actions. More specifically,
the unauthorised disclosure or modification of
mobile applications data has the potential to lead
to a number of undesirable consequences for the
user, which in turn means that the risk is changing
within the application. Thus, there is no single risk
for using a single application. Accordingly, there is
a severe lack of protection for user data stored in
mobile phones due to the lack of further
authentication or differentiated protection beyond
the point-of-entry. To remedy that failing, this
paper has introduced a new risk assessment model
for mobile applications data, called MORI (Mobile
Risk) that determines the risk level for each process
on a single application. The findings demonstrate
that this model has introduced a risk matrix which
helps to move the access control system from the
application level to the intra- process application
level, based on the risk for the user action being
performed on these processes.
UR - https://pearl.plymouth.ac.uk/context/secam-research/article/1980/viewcontent/MORI_An_Innovative_Mobile_Applications_Data_Risk_Assessment_Model.pdf
U2 - 10.20533/jitst.2046.3723.2016.0062
DO - 10.20533/jitst.2046.3723.2016.0062
M3 - Article
SN - 2046-3723
VL - 5
JO - Journal of Internet Technology and Secured Transaction
JF - Journal of Internet Technology and Secured Transaction
IS - 0
ER -