Plascua: Programming language support for continuous user authentication  [Plan A]


Traditional one-time user authentication (e.g., passwords) is becoming insufficient for modern software applications. Studies have shownthat traditional user authentication mechanisms are cumbersome, often forgotten, and disabled by users [1]. Continuous and behaviour-based user authentication has recently attracted alot of interest as an alternative to the traditional authentication mechanisms.Unlike traditional user authentication mechanisms that are static and explicit, behaviour-based authentication  relies on user behaviour to continuously verify the aunthenticity of the user. Consider for instance a user who is using his/her mobile device. The moment the user hands over the device to another user, the device can be enhanced with capability to automatically limit access to critical confidential parts of the application such as SMS and address book/contacts.All this happens without requiring the user to explicitly provide  password for the SMS or address book.

While some research has been conducted on models and techniques for behaviour-based authentication, very little effort has been put on providing reusable programming langauge abstractions to make it easy for developers to enhance their applications with behaviour and continuous authentication.

Goal & Research Activities

This masters research aims at providing programming language support for behaviour and continuous authentication. The research will involve investigation of language abstractions necessary for expressing continuous behaviour-based authentication.The student will study exisiting behaviour-based authentication models and propose appropriate reusable language abstractions such as means to express user behaviour at the language level. A language extension is expected as an output of this masters research. Further, a case study application will be developed using the language extension. The choice of the implementation language/platform will be informed by the language/platform's reflective capabilities and support for instrumenting the runtime (meta-programming). For instance, Javascript's Proxy API can be a justification for choosing Javascript.

This research will be carried out under the research team of Mobile, Cloud and Internet of Things (MCI). The student will be required to participate in the team's research activities and present progress at the team's research presentations.


This project requires the student to have (or develop) good programming skills. Interest in programming language design and implementation.


  1. Data Driven Authentication: On the Effectiveness of User Behaviour Modelling with Mobile Device

  2. DARPA: Dump passwords for always-on biometrics 
  3. A new non-intrusive authentication method based on the orientation sensor for smartphone users
  4. User Authentication via Behavior Based Passwords 
  5. Behavior-based Authentication Systems


Engineer Bainomugisha < baino at cis dot mak dot ac dot ug >