07-22-11

ROAuth: Recommendation Based Open Authorization (Paper 11)

Mohamed Shehab, University of North Carolina at Charlotte
Said Marouf, University of North Carolina at Charlotte
Christopher Hudel, University of North Carolina at Charlotte

This paper proposes a collaborative filtering model that utilizes community decisions to help users make informed decisions about third party applications that request access to their private information at installation time.

The authors developed a browser-based extension to intercept the default OAuth 2.0 request flow and to provide users with an easy and usable interface to configure their privacy settings for applications. This extension includes a multi-criteria recommendation system that uses collaborative filtering to incorporate the decisions of the community and previous decisions made by an individual user to provide users with recommendations on permissions requested by applications.

The evaluations show that the recommender system properly predicts the user’s decision with about 90% accuracy and that the recommendation value of 45% or higher indicates that the system recommends granting the requested permission, and lower than 45% is recommends denying the permission.

A user study was conducted to show the effectiveness of the proposed browser extension; one group was provided with privacy recommendations generated by the recommendation system while the other users were not shown any recommendations. The results show that users who were not presented with the recommendation were more likely to grant permissions to applications compared to those who were provided with recommendations.

Read the full paper at: http://cups.cs.cmu.edu/soups/2011/proceedings/a11_Shehab.pdf