A framework of cloud-based virtual phones for secure intelligent information management

https://doi.org/10.1016/j.ijinfomgt.2013.11.006Get rights and content

Highlights

  • A mobile-cloud computing framework with a model which is inspired by the idea of federalism and the emulation of human societies.

  • A security hardened virtualized environment for migrating sensitive information, management facilities, and intensive computation from mobile devices to the cloud.

  • An innovative Internet service and business model to provide a secure and consolidated environment for enterprise mobile information management based on the infrastructure of cloud-based virtual phones (CVP).

  • Enables the users to execute Android and web applications in the cloud and connect to other users of CVP with enhanced performance and protected privacy.

Abstract

As mobile networks and devices being rapidly innovated, many new Internet services and applications have been deployed. However, the current implementation faces security, management, and performance issues, which are critical to the use in business environments. Migrating sensitive information, management facilities, and intensive computation to security hardened virtualized environment in the cloud provides effective solutions. This paper proposes an innovative Internet service and business model to provide a secure and consolidated environment for enterprise mobile information management based on the infrastructure of cloud-based virtual phones (CVP). Our proposed solution enables the users to execute Android and web applications in the cloud and connect to other users of CVP with enhanced performance and protected privacy. The organization of CVP can be mixed with centralized control and distributed protocols, which emulates the behavior of human societies. This minimizes the need to handle sensitive data in mobile devices, eases the management of data, and reduces the overhead of mobile application deployment.

Introduction

Nowadays, mobile devices, such as smartphones and tablets, have become increasingly popular, and its shipping volume already exceeds the volume of personal computers (PC's). Mobile devices are being integrated into our personal lives, business activities, government services, and even military operations. Enterprises must carefully use such rapid-evolving mobile technologies in daily operations to meet high security and management requirements.

For information management in an enterprise environment, it is critical to evaluate the potential risks and issues as mobile technologies being integrated into its infrastructure. Valuable, sensitive and private contents can be leaked and cause great damages when a mobile device is compromised (Li & Clark, 2013). For instance, as unofficial mobile applications are downloaded, many of them may be malwares created by repackaging existing applications and injecting malicious code (Zhou & Jiang, 2012). A malware can steal the credentials of a mobile user and gain access to data and recourses of an enterprise via the user's mobile device. After analyzing more than 1.85 million mobile apps, Juniper Networks recently reported that the total amount of mobile malware increased by 614% between March 2012 and March 2013 to a total of 276,259 malicious mobile applications (Protalinski, 2013).

Facing the increased number of security threats for mobile devices, it is important to find proper solutions to strengthen today's mobile environments. In this paper, we hope to address the following issues for the information security and management in an enterprise IT infrastructure:

  • Operating environments: There are diversified operating environments for mobile devices. While Android and iOS dominate mobile market today, new technology evolves so fast that there are multiple versions of operating environments being used by vendors, which has created a fragmentation problem which makes deployment of applications and management of mobile devices difficult for enterprises (Han et al., 2012).

  • Security and isolation: While modern mobile operating environments use sandbox to isolate the execution of applications and provide a seemingly more secure execution environment, mobile devices are still subjective to many types of malware attacks (Zhou & Jiang, 2012). Unfortunately, due to resource limitations, such as CPU speed and battery time, mobile devices are not protected as well as PC's are, in terms of antivirus/anti-malware schemes, application management facilities, network traffic monitoring mechanisms, and virtualization technologies. Furthermore, a rooted Android device or a jailbroken iOS device allows applications to execute in the superuser mode and even gain the highest privilege to break the sandbox isolation protection (Li & Clark, 2013).

  • Sensory applications: Different from PC's, each mobile device usually contains a rich set of sensors. There are sensory applications which may take advantage of the sensors to identify the user's location and position with a GPS and a gyroscope, record audio with a microphone, and connect to a payment system via the near-field communication (NFC) protocol. These features may not be aware by traditional enterprise management software.

  • Consumerization of IT: It has become a trend that enterprise employees prefer to carry their own devices, use their own applications and connect to the corporate network with their own device, with or without the approval from the organizations. The term BYOD (Bring your own device) refers to such mobile workers who bring their own mobile devices into their worksplace. Embracing the consumeration of IT will not only save money but also improve employee productivity (Webopedia, 2013). However, this poses security threats to the organization as it introduces untrusted devices and unsecure network connections to the work environment.

To help enterprises solve these problems in terms of manageability and security, we propose a framework called cloud-based virtual phone (CVP) technology for mobile devices based on our previous works on virtualized execution environment for smartphones (Hung, Shih, Shieh, Lee, & Huang, 2012). The concept of CVP is inspired by the behavior of the human societies and the idea of federalism, which describes the progress of federation that divides sovereign into federal government and states (Bednar, Eskridge, & Ferejohn, 1999). The proposed framework enables critical business applications to be executed in a controlled virtualized environment on enterprise server farm, while the client-side software can be quickly deployed to almost any mobile devices to interact with the business applications. Unlike traditional Virtual Desktop Infrastructure (VDI) technology (Baratto, Potter, Su, & Nieh, 2004), our framework is designed to support local execution of non-critical mobile applications with data synchronization protocols. Overall, our framework contains an HTML5 Web-based front end (Kanaka, 2013) to provide different modes of operations, a KVM-based virtual phone system (KVM, 2013) to execute mobile applications efficiently, and a set of security/management modules to ensure the confidentiality of data and to mitigate the complexity of policy enforcement. The framework also provides a set of APIs is also provided for enterprise to develop their own applications that can be deeply integrated into this framework.

The rest of this paper is organized as the following. Section 2 further describes the weaknesses in the current solutions and the related works. Section 3 describes the models and the proposed framework. Section 4 presents the case studies and discusses experimental results. Finally, Section 5 concludes this paper and discusses future research directions.

Section snippets

Background and related works

Mobile technologies brought anytime, anywhere access to information resources and caused significant impacts to the IT organization (IBM, 2012). There are a variety of wireless mobile networks available today, such as WiFi, 3G/4G, Bluetooth, NFC, etc. for connecting a mobile device to the Internet Service Providers (ISP's) or surrounding devices. Unlike a PC which is connected to a fixed network router, it is possible for the user to send out messages via one of those wireless communication

The proposed framework

In this section, we describe our proposed framework in details. Section 3.1 gives an overview on the framework. Section 3.2 describes the information management facilities in this framework. This section focuses on the concept and organization of the CVP framework.

System architecture

In this section, we discuss the software components in the CVP framework for constructing a CVP system for an enterprise, as shown in Fig. 2. The entire CVP system architecture is divided into two major parts: front-end and back-end. The front-end includes HTML5 Display Module, Sensor Input Module and Offline Task Module. Employees can operate their own CVP via any HTML5-compatible browser of mobile devices. In the back-end, three modules, such as Virtual Phone Management Module, Security

Evaluation

In this section, the CVP framework is evaluated to reveal its performance, memory consumption and security strength. At first, Vellamo Benchmark (Qualcomm Innovation Center, 2013) is used to measure the performance of a virtual phone. Then, we measure the memory resources consumed by a single virtual phone. Finally, we evaluate the capability of the APE security testing component to detect malwares.

The specifications of the server and the virtual phone in the experiments are listed in Table 1.

Conclusion

Embracing mobile technologies and consumerization of IT can make enterprises more agile, save costs and improve employee's productivities. However, the current mobile environments come with serious secure threats and management issues which require innovative solutions. Inspired by the behavior of human societies and federalism, the proposed CVP system eliminates the fragment problem of mobile systems, simplifies the development and deployment of business applications, and constitutes a secure

Jiun-Hung Ding is currently a PhD student in the Department of Computer Science at National Tsing Hua University. His research interests include mobile virtualization, cloud computing and heterogeneous system architecture. He received his M.S. degree in the Department of Institute of Information System and Application at National Tsing Hua University in 2006 and graduated from National Chiao Tung University with a BS degree in industrial engineering and management in 2004.

References (28)

  • S.-H. Hung et al.

    Executing mobile applications on the cloud: Framework and issues

    In Computers & Mathematics with Applications

    (2012, January)
  • D. Assing et al.

    Mobile access safety: Beyond BYOD

    (2013)
  • R.A.B. Baratto et al.

    MobiDesk: Mobile virtual desktop computing

  • J. Bednar et al.

    A Political Theory of Federalism

    (1999)
  • J. Burt

    BYOD Trend Pressures Corporate Networks

    (2011)
  • S.J. Chang

    APE: A Smart Automatic Testing Environment for Android Malware

    (2013)
  • H.D. Dihn et al.

    A survey of mobile cloud computing: Architecture, applications, and approaches

    Wireless Communications and Mobile Computing

    (2013)
  • W. Enck et al.

    Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphone

  • Google

    UI/Application Exerciser Monkey

    (2013)
  • D. Han et al.

    Understanding android fragmentation with topic analysis of vendor-specific bugs

  • S.-H. Hung et al.

    Performance and power estimation for mobile-cloud applications on virtualized platforms

  • IBM

    The flexible workplace: Unlocking value in the “bring your own device” era

  • IDC

    2011 Consumerization of IT Study: Closing the Consumerization Gap

    (2011)
  • Kanaka

    VNC client using HTML5 with encryption support

    (2013)
  • Cited by (13)

    • Fifty years of information management research: A conceptual structure analysis using structural topic modeling

      2021, International Journal of Information Management
      Citation Excerpt :

      The common themes and topics across all analyses are data management, knowledge management, supply chain management, information security management, environmental management, project management, service management, mobile and web management, healthcare management, and technology management. These themes and topics are well connected to IM domain because previous studies have consistently associated different aspects of IM with these themes like supply chain (Pereira, 2009), knowledge management (Costa, Soares, & De Sousa, 2016; Karim & Hussein, 2008; Larsen & Olaisen, 2013; Mao, Liu, Zhang, & Deng, 2016; Kruger & Johnson, 2010), information security management (Bang, Lee, Bae, & Ahn, 2012; Ding et al., 2014; Ogiela & Ogiela, 2018; Silva, De Gusmão, Poleto, Silva, & Costa, 2014; Soomro, Shah, & Ahmed, 2016), mobile, cloud and web management (Li, Qian, You, & Lu, 2014; Pinho, Franco, & Mendes, 2018; Saparova, Kibaru, & Bašić, 2013; Shiau, Dwivedi, & Lai, 2018; Yang, Wang, Gan, & Lin, 2013), project management (Garwood & Poole, 2018), operation management (Albergaria & Chiappetta Jabbour, 2019), healthcare (Foshay & Kuziemsky, 2014; Gao & Sunyaev, 2019; Hossain, Quaresma, & Rahman, 2019; Karaca, Moonis, Zhang, & Gezgez, 2019; Zheng et al., 2006), environmental management (Wang, Chen, & Benitez-Amado, 2015; Yang, Li, & Kang, 2020), and service management (Ali, Warren, & Mathiassen, 2017; Gibb, Buchanan, & Shah, 2006; Iden & Eikebrokk, 2013). Fig. 25 graphically represents the intersection between topics extracted from articles and conference papers.

    • Bring Your Own Device (BYOD) as reversed IT adoption: Insights into managers’ coping strategies

      2021, International Journal of Information Management
      Citation Excerpt :

      BYOD and mobile applications involve security issues not only threatening their adoption and diffusion (Balapour, Nikkhah, & Sabherwal, 2020) but also increasing the threats to organizational data, for several reasons. First, hyperconnected BYOD tools increase the complexity of network protection because they can connect to several types of networks (cellular networks, Wi-Fi, Bluetooth and NFC), (Breitinger, Tully-Doyle, & Hassenfeldt, 2020; McLeod & Dolezel, 2018; Palanisamy et al., 2020) and to cloud computing resources, thereby increasing the risks (Ding et al., 2014; Gupta, Seetharaman, & Raj, 2013; Lian, Yen, & Wang, 2014; Morrow, 2012; Sultan, 2014). Smartphones and tablets are increasingly connected to applications, storage or other digital services, resulting in greater risks (Mustafa & Kar, 2019).

    • Bring your own device in organizations: Extending the reversed IT adoption logic to security paradoxes for CEOs and end users

      2018, International Journal of Information Management
      Citation Excerpt :

      As shown by the abovementioned examples, employees who creatively use their own IT for professional tasks may also unintentionally create new risks related to protecting the integrity, availability, and security of company data (Schmitz et al., 2016). ISS risks are thereby generally increasing (Johnston, Wech, & Jack, 2013; Ding et al., 2014; Vance & Siponen, 2012; Williams, Wynn, Madupalli, Karahanna, & Dunkan, 2014) in a context of rapid evolution and widespread use of the Internet (Gupta, Seetharaman, & Raj, 2013; Silva, de Gusmão, Poleto, e Silva, & Costa, 2014). Risks are part of the most important challenges related to BYOD implementation projects (Ansaldi, 2013), as security specialists consider BYOD to be one of the greatest threats to ISS (Timms, 2017).

    • BYOD security issues and controls framework: an outcome of a systematic literature review

      2023, International Journal of Information and Computer Security
    View all citing articles on Scopus

    Jiun-Hung Ding is currently a PhD student in the Department of Computer Science at National Tsing Hua University. His research interests include mobile virtualization, cloud computing and heterogeneous system architecture. He received his M.S. degree in the Department of Institute of Information System and Application at National Tsing Hua University in 2006 and graduated from National Chiao Tung University with a BS degree in industrial engineering and management in 2004.

    Roger Chien is currently a PhD student in the Department of Computer Science and Information Engineering at National Taiwan University. His research interests include high speed networking, mobile system security and network security. He has been worked in the network security industry for years, at Broadweb Corp. (2000–2003) and at Lionic Corp. (2003–2013). He received his M.S. degree in Computer Science and Information Engineering at National Tsing-Hwa University in 2002 and graduated from National Taiwan Normal University with a BS degree in Information and Computer Education in 1997.

    Shih-Hao Hung is currently an associate professor in the Department of Computer Science and Information Engineering at National Taiwan University. His research interests include mobile-cloud computing, parallel processing, computer system design, and information security. He worked for Sun Microsystem Inc. (2000–2005) after completing his post doctoral work (1998–2000), Ph.D. training (1994–1998) and M.S. program (1992–1994) at the University of Michigan, Ann Arbor. He graduated from National Taiwan University with a BS degree in electrical engineering in 1989.

    Yi-Lan Lin is currently a graduate student in the Department of Computer Science at National Tsing Hua University. His research interests include parallel processing, GPU computing, and heterogeneous architecture. He graduated from National Chung Cheng University with a BS degree in computer science in 2013.

    Che-Yang Kuo is currently a graduate student in the Department of Institute of Information System and Application at National Tsing Hua University. His research interests include parallel programming, android security and information security. He graduated from National Chung Cheng University with a BS degree in Information Management in 2013.

    Ching-Hsien Hsu is a professor in department of computer science and information engineering at Chung Hua University, Taiwan. His research includes high performance computing, cloud computing, parallel and distributed systems, ubiquitous/pervasive computing and intelligence. Dr. Hsu is the editor-in-chief of international journal of Grid and High Performance Computing, and international journal of Big Data Intelligence; and serving as editorial board for many international journals. He has been acting as an author/co-author or an editor/co-editor of 10 books from Springer, IGI Global, World Scientific and McGraw-Hill. He has also edited a number of special issues at top journals, such as IEEE Transactions on Services Computing, IEEE Transactions on Cloud Computing, Future Generation Computer Systems, Journal of Supercomputing, Concurrency and Computation: Practice and Experience, The Knowledge Engineering Review, Internet Research, Information System Frontiers, etc. He was awarded 5 times annual outstanding research award through 2005 to 2012 and a distinguished award in 2008 for excellence in research from Chung Hua University. He has been serving as executive committee of Taiwan Association of Cloud Computing (TACC) from 2008–2012; executive committee of the IEEE Technical Committee of Scalable Computing (2008–2012). He is IEEE senior member.

    Yeh-Ching Chung received a B.S. degree in Information Engineering from Chung Yuan Christian University in 1983, and the M.S. and Ph.D. degrees in Computer and Information Science from Syracuse University in 1988 and 1992, respectively. He joined the Department of Information Engineering at Feng Chia University as an associate professor in 1992 and became a full professor in 1999. From 1998 to 2001, he was the chairman of the department. In 2002, he joined the Department of Computer Science at National Tsing Hua University as a full professor. His research interests include parallel and distributed processing, cloud computing, and embedded systems. He is a senior member of the IEEE computer society.

    View full text