Please enable JavaScript.
Coggle requires JavaScript to display documents.
Evaulation (6.1 Expression, 6.2 Why LeastPrivilege), Design (Goal (No user…
Evaulation
6.1 Expression
6.2 Why LeastPrivilege
Design
Goal
No user burden
one time decision OK
systematic
Reducing the privacy violation
fine-grained definition of user's the privacy expectation and wanted situation
private -> public / not enough
privacy preference based on context
rule maker != user's view, export = user's view
WWW17, # of violation case?
reduced when biased to usability
Guarantee the usability
reduced when security restricted solution
Labeling
Conservatibly
Init labeling by static checker
Dynamic Labeling by Context Manager
Requrement
What user have to decision
Context
purpose
handle privacy violation
why? the user want to execute this rule
let the user know the impact
conditional execution
e.g. when the user in the home
e.g. when the user in 'dont disturb mode'
cases
multiple chains
what is problem?
privilege escalation is problem
when the privilege escalation happens?
if user want to execution the chain,
privilege escalation only happened
1 more item...
execution the unintended chains
we have intended chain set
decision is user's burden
[Assumption]
there are given rule chains that user want to execute
[Target] for the conditional execution or violated rule
the decision about that rule is simple
how about the impacted chains?
1 more item...
single rule
ok
the scope is in just one rule
context format
specified condition
from the specific rules
e.g. from rule 1
Set Service's Initial statement
for wrapping init labeling for personalized
one time decision
selected the rules they want
side effects happen
chains
How to control chains?
let the user know the chains by static checker
get valid chains set
complexity? one time
2 cases
with privacy violation
let user know the impact
1 more item...
handled by context
without privacy violation
ok
privacy violation
handled by contect
no side effect :ok_hand:
User stat
No Security Background
let the user know about security risk
can not select the labels
Able to set for usability
user can make the decision about the chains based on user's preference
Framework
feature of the Existing framework
event driven execution
AWS lambda
serverless
polling
handle OAuth tokens per each service
handlers
Trigger/Action Platform Feature
Event Driven
Polling Events
Contribution?
A minimum of changes @ implement