Unauthorized Access to Smartphones

• 
• 
• 
• 
• 

Unlike unlock authentication, which is an active defense against physical intrusion, passive defenses aim to primarily provide awareness, traceability, and recovery from intrusions; and to only secondarily engage counter-measures like blocking access. In sensitive computer systems, passive security is embodied in Intrusion Detection and Response (IDR) systems. To end-users, however, parallel capabilities remain unavailable, or lack security and usability validation, despite the severe privacy implications of intrusions. We thus envision a mobile IDR which is usable by individuals with no technical training; which can detect suspicious activity based on semantics of intrusion behavior; and which can respond to threats per their importance.

Publications

• Usable Logging as a Security Response to Physical Attacks on Mobile Devices
  José Franco, Ana C. Pires, Luís Carriço Tiago Guerreiro
  Annual Computer Security Applications Conference

• Vulnerability & Blame: Making Sense of Unauthorized Access to Smartphones
  Diogo Marques, Tiago Guerreiro, Luís Carriço, Ivan Beschastnikh, Konstantin Beznosov
  ACM Conference on Human Factors in Computing Systems, Glasgow, Scotland, May, 2019

• Characterizing Social Insider Attacks on Facebook
  Wali Usmani, Diogo Marques, Ivan Beschastnikh, Konstantin Beznosov, Tiago Guerreiro, Luís Carriço
  In the ACM Conference on Human Factors in Computing Systems, Denver, Colorado, USA, May

• Snooping on Mobile Phones: Prevalence and Trends
  Diogo Marques, Ildar Muslukhov, Tiago Guerreiro, Konstantin Beznosov, Luís Carriço
  In the Twelfth Symposium on Usable Privacy and Security, USA, June, 2016