SACM - United States of America

Permanent URI for this collectionhttps://drepo.sdl.edu.sa/handle/20.500.14154/9668

Browse

Filters

2024 - 20252

Settings

Start date: 2024Subject: search.filters.subject.Privacy Policy

Search Results

Now showing 1 - 2 of 2
  • No Thumbnail Available
    ItemRestricted
    Exploring the Security Landscape of AR/VR Applications: A Multi-Dimensional Perspective
    (University of Central Florida, 2025) Alghamdi, Abdulaziz; Mohaisen, David
    The rapid evolution of Augmented Reality (AR) and Virtual Reality (VR) technologies on mobile platforms has significantly impacted the digital landscape, raising concerns about security and privacy. As these technologies integrate into everyday life, understanding their security infrastructure and privacy policies is crucial to protect user data. To address this, our first study analyzes AR/VR applications from a security and performance perspective. Recognizing the lack of benchmark datasets for security research, we compiled a dataset of 408 AR/VR applications from the Google Play Store. The dataset includes control flow graphs, strings, functions, permissions, API calls, hexdump, and metadata, providing a valuable resource for improving application security. In the second study, we use BERT to analyze the privacy policies of AR/VR applications. A comparative analysis reveals that while AR/VR apps offer more comprehensive privacy policies than free content websites, they still lag behind premium websites. Additionally, we assess 20 U.S. state privacy regulations using the Coverage Quality Metric (CQM), identifying strengths, gaps, and enforcement measures. This study highlights the importance of critical privacy practices and key terms to enhance policy effectiveness and align industry standards with evolving regulations. Finally, our third study introduces a scalable approach to malware detection using machine learning models, specifically Random Forest (RF) and Graph Neural Networks (GNN). Utilizing two datasets—one with Android apps, including AR/VR, and Executable and Linkable Format (ELF) files—this research incorporates features such as API call groups and Android-specific features. The GNN model outperforms RF, demonstrating its ability to capture complex feature relationships and significantly improve malware detection accuracy. This work contributes to enhancing AR/VR application security, improving privacy practices, and advancing malware detection techniques.
    27 0
  • Thumbnail Image
    ItemRestricted
    Towards Automated Security and Privacy Policies Specification and Analysis
    (Colorado State University, 2024-07-03) Alqurashi, Saja; Ray, Indrakshi
    Security and privacy policies, vital for information systems, are typically expressed in natural language documents. Security policy is represented by Access Control Policies (ACPs) within security requirements, initially drafted in natural language and subsequently translated into enforceable policy. The unstructured and ambiguous nature of the natural language documents makes the manual translation process tedious, expensive, labor-intensive, and prone to errors. On the other hand, Privacy policy, with its length and complexity, presents unique challenges. The dense lan- guage and extensive content of the privacy policies can be overwhelming, hindering both novice users and experts from fully understanding the practices related to data collection and sharing. The disclosure of these data practices to users, as mandated by privacy regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), is of utmost importance. To address these challenges, we have turned to Natural Language Processing (NLP) to automate extracting critical information from natural language documents and analyze those security and privacy policies. Thus, this dissertation aims to address two primary research questions: Question 1: How can we automate the translation of Access Control Policies (ACPs) from natural language expressions to the formal model of Next Generation Access Control (NGAC) and subsequently analyze the generated model? Question 2: How can we automate the extraction and analysis of data practices from privacy policies to ensure alignment with privacy regulations (GDPR and CCPA)? Addressing these research questions necessitates the development of a comprehensive framework comprising two key components. The first component, SR2ACM, focuses on translating natural language ACPs into the NGAC model. This component introduces a series of innovative contributions to the analysis of security policies. At the core of our contributions is an automated approach to constructing ACPs within the NGAC specification directly from natural language documents. Our approach integrates machine learning with software testing, a novel methodology to ensure the quality of the extracted access control model. The second component, Privacy2Practice, is designed to automate the extraction and analysis of the data practices from privacy policies written in natural language. We have developed an automated method to extract data practices mandated by privacy regulations and to analyze the disclosure of these data practices within the privacy policies. The novelty of this research lies in creating a comprehensive framework that identifies the critical elements within security and privacy policies. Thus, this innovative framework enables automated extraction and analysis of both types of policies directly from natural language documents.
    29 0

Copyright owned by the Saudi Digital Library (SDL) © 2025