Abstract
The popularity of smart mobile devices, initiatives such as “bring your own device”, and the increasing overlap of private and business areas are changing the IT landscape and its security requirements. This poses challenges in terms of data security, the adherence to privacy laws, and the protection of business assets. To tackle the problem, we developed a data-driven usage control infrastructure that enables integration of smart mobile devices into business environments. For policy evaluation, our solution comprises the use of fine-grained context information by exploiting the full capabilities of today’s mobile devices. The combination of integrated usage control and context awareness promotes the secure application of mobile business apps. In this paper, we present our proof-of-concept implementation and its underlying concepts.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Adobe LiveCycle Rights Management ES (August 2010), http://www.adobe.com/products/livecycle/rightsmanagement/indepth.html
Ahmed, M., Ahamad, M.: Protecting health information on mobile devices. In: CODASPY 2012: Proceedings of the Second ACM Conference on Data and Application Security and Privacy (2012)
Aruba Networks Inc. Byod adoption is growing amongst emea enterprises, despite security concerns; survey shows (May 2012), http://www.arubanetworks.com/news-releases/byod-adoption-is-growing/
Bai, G., Gu, L., Feng, T., Guo, Y., Chen, X.: Context-Aware Usage Control for Android. In: Jajodia, S., Zhou, J. (eds.) SecureComm 2010. LNICST, vol. 50, pp. 326–343. Springer, Heidelberg (2010)
Beresford, A., Rice, A., Skehin, N.: Mockdroid: trading privacy for application functionality on smartphones. In: Proc. 12th Workshop on Mobile Computing Systems and Applications (2011)
Conti, M., Nguyen, V.T.N., Crispo, B.: CRePE: context-related policy enforcement for android, pp. 331–345 (October 2010)
Dam, M., Jacobs, B., Lundblad, A., Piessens, F.: Security Monitor Inlining for Multithreaded Java. In: Drossopoulou, S. (ed.) ECOOP 2009. LNCS, vol. 5653, pp. 546–569. Springer, Heidelberg (2009)
Enck, W., Gilbert, P., Chun, B., Cox, L., Jung, J., McDaniel, P., Sheth, A.: Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In: Proc. 9th USENIX Symposium on Operating Systems Design and Implementation (2010)
Erlingsson, U., Schneider, F.: SASI enforcement of security policies: A retrospective. In: Proc. New Security Paradigms Workshop, pp. 87–95 (1999)
Feth, D., Pretschner, A.: Flexible Data-Driven Security for Android. In: SERE 2012: Proceedings of the sixth International Conference on Software Security and Reliability. IEEE (to appear, 2012)
Gartner: Gartner Says Sales of Mobile Devices Grew 5.6 Percent in Third Quarter of 2011; Smartphone Sales Increased 42 Percent (November 2011), http://www.gartner.com/it/page.jsp?id=1848514
Harvan, M., Pretschner, A.: State-based Usage Control Enforcement with Data Flow Tracking using System Call Interposition. In: Proc. 3rd Intl. Conf. on Network and System Security, pp. 373–380 (2009)
Hilty, M., Pretschner, A., Basin, D., Schaefer, C., Walter, T.: A Policy Language for Distributed Usage Control. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 531–546. Springer, Heidelberg (2007)
Ion, I., Dragovic, B., Crispo, B.: Extending the Java Virtual Machine to Enforce Fine-Grained Security Policies in Mobile Devices. In: Proc. Annual Computer Security Applications Conference, pp. 233–242. IEEE Computer Society (2007)
Kumari, P., Pretschner, A., Peschla, J., Kuhn, J.-M.: Distributed data usage control for web applications: a social network implementation. In: Proceedings of the First ACM Conference on Data and Application Security and Privacy, CODASPY 2011, pp. 85–96 (2011)
Lörscher, M.: Usage control for a mail client. Master’s thesis, University of Kaiserslautern (February 2012)
Microsoft. Windows Rights Management Services (2010), http://www.microsoft.com/windowsserver2008/en/us/ad-rms-overview.aspx
MIT Media Labs. fünf Open Sensing Framework (2010)
Mitchell, M., Meyers, C., Wang, A.-I.A., Tyson, G.: Contextprovider: Context awareness for medical monitoring applications. In: Proceedings of the 33rd Annual International Conference of the IEEE Engineering in Medicine and Biology Society, EMBC (2011)
Nauman, M., Khan, S.: Design and implementation of a fine-grained resource usage model for the android platform (2010)
Ongtang, M., Butler, K., McDaniel, P.: Porscha: policy oriented secure content handling in android. In: Proceedings of the 26th Annual Computer Security Applications Conference, ACSAC 2010, pp. 221–230. ACM, New York (2010)
Ongtang, M., McLaughlin, S., Enck, W., McDaniel, P.: Semantically rich application-centric security in android. In: Annual Computer Security Applications Conference, ACSAC 2009, pp. 340–349 (December 2009)
Park, J., Sandhu, R.: The UCON ABC usage control model. ACM Trans. Inf. Syst. Secur. 7(1), 128–174 (2004)
Power, R., Cranor, L., Farb, M., Jackson, C., Goldschlag, D., Griss, M., Cristin, N., Joshi, S., Perrig, A., Tague, P., Tude, E., Mistretta, M.: Mobility and Security. Dazzling Opportunities, Profound Challenges. Technical report, McAfee (2011)
Pretschner, A., Buechler, M., Harvan, M., Schaefer, C., Walter, T.: Usage control enforcement with data flow tracking for x11. In: Proc. 5th Intl. Workshop on Security and Trust Management, pp. 124–137 (2009)
Pretschner, A., Hilty, M., Basin, D.: Distributed usage control. Commun. ACM 49(9), 39–44 (2006)
van Wissen, B., Palmer, N., Kemp, R., Kielmann, T., Bal, H.: ContextDroid: an expression-based context framework for Android. In: Proceedings of PhoneSense 2010 (November 2010)
Vollbrecht, J., Calhoun, P., Farrell, S., Gommans, L., Gross, G., de Bruijn, B., de Laat, C., Holdrege, M., Spence, D.: Aaa authorization framework (August 2000), http://tools.ietf.org/html/rfc2904
Wang, A.I., Ahmad, Q.K.: Camf context-aware machine learning framework for android. Science And Technology (2010)
Yee, B., Sehr, D., Dardyk, G., Chen, J., Muth, R., Ormandy, T., Okasaka, S., Narula, N., Fullagar, N.: Native Client: A Sandbox for Portable, Untrusted x86 Native Code. In: Proc IEEE Symposium on Security and Privacy, pp. 79–93 (2009)
Zhou, Y., Zhang, X., Jiang, X., Freeh, V.W.: Taming Information-Stealing Smartphone Applications (on Android). In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, A.-R., Sasse, A., Beres, Y. (eds.) Trust 2011. LNCS, vol. 6740, pp. 93–107. Springer, Heidelberg (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Feth, D., Jung, C. (2012). Context-Aware, Data-Driven Policy Enforcement for Smart Mobile Devices in Business Environments. In: Schmidt, A.U., Russello, G., Krontiris, I., Lian, S. (eds) Security and Privacy in Mobile Information and Communication Systems. MobiSec 2012. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 107. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33392-7_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-33392-7_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33391-0
Online ISBN: 978-3-642-33392-7
eBook Packages: Computer ScienceComputer Science (R0)