The User Is Not the Enemy: Fighting Malware by Tracking User Intentions
Current access control policies provide no mechanisms for incorporating user behavior in access control decisions, even though the way a user interacts with a program often indicates what the user expects that program to do. The paper develops a new approach to access control, focusing on single-user systems, in which the complete history of user and program actions can be used to improve the precision and expressiveness of access control policies. The paper describes mechanisms for securely capturing user actions, mapping those actions onto likely user intents, and a language for defining access control policies that incorporate user intentions. The paper implemented a prototype for capturing user intentions, and present results from experiments on malware mitigation using the prototype.