A framework of cloud-based virtual phones for secure intelligent information management
Introduction
Nowadays, mobile devices, such as smartphones and tablets, have become increasingly popular, and its shipping volume already exceeds the volume of personal computers (PC's). Mobile devices are being integrated into our personal lives, business activities, government services, and even military operations. Enterprises must carefully use such rapid-evolving mobile technologies in daily operations to meet high security and management requirements.
For information management in an enterprise environment, it is critical to evaluate the potential risks and issues as mobile technologies being integrated into its infrastructure. Valuable, sensitive and private contents can be leaked and cause great damages when a mobile device is compromised (Li & Clark, 2013). For instance, as unofficial mobile applications are downloaded, many of them may be malwares created by repackaging existing applications and injecting malicious code (Zhou & Jiang, 2012). A malware can steal the credentials of a mobile user and gain access to data and recourses of an enterprise via the user's mobile device. After analyzing more than 1.85 million mobile apps, Juniper Networks recently reported that the total amount of mobile malware increased by 614% between March 2012 and March 2013 to a total of 276,259 malicious mobile applications (Protalinski, 2013).
Facing the increased number of security threats for mobile devices, it is important to find proper solutions to strengthen today's mobile environments. In this paper, we hope to address the following issues for the information security and management in an enterprise IT infrastructure:
- •
Operating environments: There are diversified operating environments for mobile devices. While Android and iOS dominate mobile market today, new technology evolves so fast that there are multiple versions of operating environments being used by vendors, which has created a fragmentation problem which makes deployment of applications and management of mobile devices difficult for enterprises (Han et al., 2012).
- •
Security and isolation: While modern mobile operating environments use sandbox to isolate the execution of applications and provide a seemingly more secure execution environment, mobile devices are still subjective to many types of malware attacks (Zhou & Jiang, 2012). Unfortunately, due to resource limitations, such as CPU speed and battery time, mobile devices are not protected as well as PC's are, in terms of antivirus/anti-malware schemes, application management facilities, network traffic monitoring mechanisms, and virtualization technologies. Furthermore, a rooted Android device or a jailbroken iOS device allows applications to execute in the superuser mode and even gain the highest privilege to break the sandbox isolation protection (Li & Clark, 2013).
- •
Sensory applications: Different from PC's, each mobile device usually contains a rich set of sensors. There are sensory applications which may take advantage of the sensors to identify the user's location and position with a GPS and a gyroscope, record audio with a microphone, and connect to a payment system via the near-field communication (NFC) protocol. These features may not be aware by traditional enterprise management software.
- •
Consumerization of IT: It has become a trend that enterprise employees prefer to carry their own devices, use their own applications and connect to the corporate network with their own device, with or without the approval from the organizations. The term BYOD (Bring your own device) refers to such mobile workers who bring their own mobile devices into their worksplace. Embracing the consumeration of IT will not only save money but also improve employee productivity (Webopedia, 2013). However, this poses security threats to the organization as it introduces untrusted devices and unsecure network connections to the work environment.
To help enterprises solve these problems in terms of manageability and security, we propose a framework called cloud-based virtual phone (CVP) technology for mobile devices based on our previous works on virtualized execution environment for smartphones (Hung, Shih, Shieh, Lee, & Huang, 2012). The concept of CVP is inspired by the behavior of the human societies and the idea of federalism, which describes the progress of federation that divides sovereign into federal government and states (Bednar, Eskridge, & Ferejohn, 1999). The proposed framework enables critical business applications to be executed in a controlled virtualized environment on enterprise server farm, while the client-side software can be quickly deployed to almost any mobile devices to interact with the business applications. Unlike traditional Virtual Desktop Infrastructure (VDI) technology (Baratto, Potter, Su, & Nieh, 2004), our framework is designed to support local execution of non-critical mobile applications with data synchronization protocols. Overall, our framework contains an HTML5 Web-based front end (Kanaka, 2013) to provide different modes of operations, a KVM-based virtual phone system (KVM, 2013) to execute mobile applications efficiently, and a set of security/management modules to ensure the confidentiality of data and to mitigate the complexity of policy enforcement. The framework also provides a set of APIs is also provided for enterprise to develop their own applications that can be deeply integrated into this framework.
The rest of this paper is organized as the following. Section 2 further describes the weaknesses in the current solutions and the related works. Section 3 describes the models and the proposed framework. Section 4 presents the case studies and discusses experimental results. Finally, Section 5 concludes this paper and discusses future research directions.
Section snippets
Background and related works
Mobile technologies brought anytime, anywhere access to information resources and caused significant impacts to the IT organization (IBM, 2012). There are a variety of wireless mobile networks available today, such as WiFi, 3G/4G, Bluetooth, NFC, etc. for connecting a mobile device to the Internet Service Providers (ISP's) or surrounding devices. Unlike a PC which is connected to a fixed network router, it is possible for the user to send out messages via one of those wireless communication
The proposed framework
In this section, we describe our proposed framework in details. Section 3.1 gives an overview on the framework. Section 3.2 describes the information management facilities in this framework. This section focuses on the concept and organization of the CVP framework.
System architecture
In this section, we discuss the software components in the CVP framework for constructing a CVP system for an enterprise, as shown in Fig. 2. The entire CVP system architecture is divided into two major parts: front-end and back-end. The front-end includes HTML5 Display Module, Sensor Input Module and Offline Task Module. Employees can operate their own CVP via any HTML5-compatible browser of mobile devices. In the back-end, three modules, such as Virtual Phone Management Module, Security
Evaluation
In this section, the CVP framework is evaluated to reveal its performance, memory consumption and security strength. At first, Vellamo Benchmark (Qualcomm Innovation Center, 2013) is used to measure the performance of a virtual phone. Then, we measure the memory resources consumed by a single virtual phone. Finally, we evaluate the capability of the APE security testing component to detect malwares.
The specifications of the server and the virtual phone in the experiments are listed in Table 1.
Conclusion
Embracing mobile technologies and consumerization of IT can make enterprises more agile, save costs and improve employee's productivities. However, the current mobile environments come with serious secure threats and management issues which require innovative solutions. Inspired by the behavior of human societies and federalism, the proposed CVP system eliminates the fragment problem of mobile systems, simplifies the development and deployment of business applications, and constitutes a secure
Jiun-Hung Ding is currently a PhD student in the Department of Computer Science at National Tsing Hua University. His research interests include mobile virtualization, cloud computing and heterogeneous system architecture. He received his M.S. degree in the Department of Institute of Information System and Application at National Tsing Hua University in 2006 and graduated from National Chiao Tung University with a BS degree in industrial engineering and management in 2004.
References (28)
- et al.
Executing mobile applications on the cloud: Framework and issues
In Computers & Mathematics with Applications
(2012, January) - et al.
Mobile access safety: Beyond BYOD
(2013) - et al.
MobiDesk: Mobile virtual desktop computing
- et al.
A Political Theory of Federalism
(1999) BYOD Trend Pressures Corporate Networks
(2011)APE: A Smart Automatic Testing Environment for Android Malware
(2013)- et al.
A survey of mobile cloud computing: Architecture, applications, and approaches
Wireless Communications and Mobile Computing
(2013) - et al.
Taintdroid: An information-flow tracking system for realtime privacy monitoring on smartphone
UI/Application Exerciser Monkey
(2013)- et al.
Understanding android fragmentation with topic analysis of vendor-specific bugs
Performance and power estimation for mobile-cloud applications on virtualized platforms
The flexible workplace: Unlocking value in the “bring your own device” era
2011 Consumerization of IT Study: Closing the Consumerization Gap
VNC client using HTML5 with encryption support
Cited by (13)
Fifty years of information management research: A conceptual structure analysis using structural topic modeling
2021, International Journal of Information ManagementCitation Excerpt :The common themes and topics across all analyses are data management, knowledge management, supply chain management, information security management, environmental management, project management, service management, mobile and web management, healthcare management, and technology management. These themes and topics are well connected to IM domain because previous studies have consistently associated different aspects of IM with these themes like supply chain (Pereira, 2009), knowledge management (Costa, Soares, & De Sousa, 2016; Karim & Hussein, 2008; Larsen & Olaisen, 2013; Mao, Liu, Zhang, & Deng, 2016; Kruger & Johnson, 2010), information security management (Bang, Lee, Bae, & Ahn, 2012; Ding et al., 2014; Ogiela & Ogiela, 2018; Silva, De Gusmão, Poleto, Silva, & Costa, 2014; Soomro, Shah, & Ahmed, 2016), mobile, cloud and web management (Li, Qian, You, & Lu, 2014; Pinho, Franco, & Mendes, 2018; Saparova, Kibaru, & Bašić, 2013; Shiau, Dwivedi, & Lai, 2018; Yang, Wang, Gan, & Lin, 2013), project management (Garwood & Poole, 2018), operation management (Albergaria & Chiappetta Jabbour, 2019), healthcare (Foshay & Kuziemsky, 2014; Gao & Sunyaev, 2019; Hossain, Quaresma, & Rahman, 2019; Karaca, Moonis, Zhang, & Gezgez, 2019; Zheng et al., 2006), environmental management (Wang, Chen, & Benitez-Amado, 2015; Yang, Li, & Kang, 2020), and service management (Ali, Warren, & Mathiassen, 2017; Gibb, Buchanan, & Shah, 2006; Iden & Eikebrokk, 2013). Fig. 25 graphically represents the intersection between topics extracted from articles and conference papers.
Bring Your Own Device (BYOD) as reversed IT adoption: Insights into managers’ coping strategies
2021, International Journal of Information ManagementCitation Excerpt :BYOD and mobile applications involve security issues not only threatening their adoption and diffusion (Balapour, Nikkhah, & Sabherwal, 2020) but also increasing the threats to organizational data, for several reasons. First, hyperconnected BYOD tools increase the complexity of network protection because they can connect to several types of networks (cellular networks, Wi-Fi, Bluetooth and NFC), (Breitinger, Tully-Doyle, & Hassenfeldt, 2020; McLeod & Dolezel, 2018; Palanisamy et al., 2020) and to cloud computing resources, thereby increasing the risks (Ding et al., 2014; Gupta, Seetharaman, & Raj, 2013; Lian, Yen, & Wang, 2014; Morrow, 2012; Sultan, 2014). Smartphones and tablets are increasingly connected to applications, storage or other digital services, resulting in greater risks (Mustafa & Kar, 2019).
Bring your own device in organizations: Extending the reversed IT adoption logic to security paradoxes for CEOs and end users
2018, International Journal of Information ManagementCitation Excerpt :As shown by the abovementioned examples, employees who creatively use their own IT for professional tasks may also unintentionally create new risks related to protecting the integrity, availability, and security of company data (Schmitz et al., 2016). ISS risks are thereby generally increasing (Johnston, Wech, & Jack, 2013; Ding et al., 2014; Vance & Siponen, 2012; Williams, Wynn, Madupalli, Karahanna, & Dunkan, 2014) in a context of rapid evolution and widespread use of the Internet (Gupta, Seetharaman, & Raj, 2013; Silva, de Gusmão, Poleto, e Silva, & Costa, 2014). Risks are part of the most important challenges related to BYOD implementation projects (Ansaldi, 2013), as security specialists consider BYOD to be one of the greatest threats to ISS (Timms, 2017).
Research on Marine Economic Development Information Management System Based on Supply Chain Technology
2022, Journal of Interconnection NetworksHuman-Robot Interactive Communication and Cognitive Psychology Intelligent Decision System Based on Artificial Intelligence - Case Study
2023, International Journal of Humanoid RoboticsBYOD security issues and controls framework: an outcome of a systematic literature review
2023, International Journal of Information and Computer Security
Jiun-Hung Ding is currently a PhD student in the Department of Computer Science at National Tsing Hua University. His research interests include mobile virtualization, cloud computing and heterogeneous system architecture. He received his M.S. degree in the Department of Institute of Information System and Application at National Tsing Hua University in 2006 and graduated from National Chiao Tung University with a BS degree in industrial engineering and management in 2004.
Roger Chien is currently a PhD student in the Department of Computer Science and Information Engineering at National Taiwan University. His research interests include high speed networking, mobile system security and network security. He has been worked in the network security industry for years, at Broadweb Corp. (2000–2003) and at Lionic Corp. (2003–2013). He received his M.S. degree in Computer Science and Information Engineering at National Tsing-Hwa University in 2002 and graduated from National Taiwan Normal University with a BS degree in Information and Computer Education in 1997.
Shih-Hao Hung is currently an associate professor in the Department of Computer Science and Information Engineering at National Taiwan University. His research interests include mobile-cloud computing, parallel processing, computer system design, and information security. He worked for Sun Microsystem Inc. (2000–2005) after completing his post doctoral work (1998–2000), Ph.D. training (1994–1998) and M.S. program (1992–1994) at the University of Michigan, Ann Arbor. He graduated from National Taiwan University with a BS degree in electrical engineering in 1989.
Yi-Lan Lin is currently a graduate student in the Department of Computer Science at National Tsing Hua University. His research interests include parallel processing, GPU computing, and heterogeneous architecture. He graduated from National Chung Cheng University with a BS degree in computer science in 2013.
Che-Yang Kuo is currently a graduate student in the Department of Institute of Information System and Application at National Tsing Hua University. His research interests include parallel programming, android security and information security. He graduated from National Chung Cheng University with a BS degree in Information Management in 2013.
Ching-Hsien Hsu is a professor in department of computer science and information engineering at Chung Hua University, Taiwan. His research includes high performance computing, cloud computing, parallel and distributed systems, ubiquitous/pervasive computing and intelligence. Dr. Hsu is the editor-in-chief of international journal of Grid and High Performance Computing, and international journal of Big Data Intelligence; and serving as editorial board for many international journals. He has been acting as an author/co-author or an editor/co-editor of 10 books from Springer, IGI Global, World Scientific and McGraw-Hill. He has also edited a number of special issues at top journals, such as IEEE Transactions on Services Computing, IEEE Transactions on Cloud Computing, Future Generation Computer Systems, Journal of Supercomputing, Concurrency and Computation: Practice and Experience, The Knowledge Engineering Review, Internet Research, Information System Frontiers, etc. He was awarded 5 times annual outstanding research award through 2005 to 2012 and a distinguished award in 2008 for excellence in research from Chung Hua University. He has been serving as executive committee of Taiwan Association of Cloud Computing (TACC) from 2008–2012; executive committee of the IEEE Technical Committee of Scalable Computing (2008–2012). He is IEEE senior member.
Yeh-Ching Chung received a B.S. degree in Information Engineering from Chung Yuan Christian University in 1983, and the M.S. and Ph.D. degrees in Computer and Information Science from Syracuse University in 1988 and 1992, respectively. He joined the Department of Information Engineering at Feng Chia University as an associate professor in 1992 and became a full professor in 1999. From 1998 to 2001, he was the chairman of the department. In 2002, he joined the Department of Computer Science at National Tsing Hua University as a full professor. His research interests include parallel and distributed processing, cloud computing, and embedded systems. He is a senior member of the IEEE computer society.