Operating systems rely on authentication to verify that subjects (the users and programs) sharing the platform and OS resources are who they claim to be. Lack or weak authentication can result in untrusted parties having access to privileged operations. Authorization schemes determine the privileges a subject has on the system. To enforce the authorization constraints and to help manage the distribution, revocation and enforcement of privileges in a particular context or system, we design effective and efficient access control schemes. Modern operating systems employ a variety of such access control schemes, such as discretionary access control, mandatory access control and application permission models.
- Resolving the Predicament of Android Custom Permissions. Tuncay, Güliz Seray; Demetriou, Soteris; Karan Ganju; Gunter, Carl. 25th Network and Distributed System Security (NDSS) Symposium, February 2018
- HanGuard: SDN-driven protection of WiFi smart-home devices from malicious mobile apps. Demetriou, Soteris; Zhang, Nan; Lee, Yeonjoon; Wang, Xiaofeng; Gunter, Carl; Zhou, Xiaoyong; Grace, Michael. 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), July 2017
- Draco: A System for Uniform and Fine-grained Access Control for Web Code on Android. Tuncay, Güliz Seray; Demetriou, Soteris; Gunter, Carl. ACM Conference on Computer and Communications Security (CCS), November 2016
- What’s in Your Dongle and Bank Account? Mandatory and Discretionary Protection of Android External Resources. Demetriou, Soteris; Zhou, Xiaoyong; Naveed, Muhammad; Lee, Yeonjoon; Yuan, Kan; Wang, XiaoFeng; Gunter, Carl. 22nd Network and Distributed System Security (NDSS) Symposium, February 2015