Please use this identifier to cite or link to this item:
http://repository.iiitd.edu.in/xmlui/handle/123456789/105| Title: | Protecting android devices following BYOD policy against data security and privacy attacks |
| Authors: | Jindal, Arun Kumar Naik, Vinayak (Advisor) |
| Keywords: | Bring Your Own Device (BYOD) Android Mobile Devices Security Malware Operating System (OS) Mobile Device Management (MDM) Network Access Control (NAC) and Rooting |
| Issue Date: | 15-Jul-2013 |
| Abstract: | Bring Your Own Device (BYOD) is an IT policy being adopted by corporate organizations worldwide. It permits the employees to bring their own devices like smartphones, tablets, etc to their place of work and use them to access the privileged corporate information while being both inside and outside their place of work. Therefore, employees use the same device for their personal and o ce work. Such a corporate policy brings in a number of advantages like increased employee productivity, improved employee satisfaction, and reduction in corporate expenses. However, one of the major concerns in implementing such a policy is data security and privacy. Permitting employees to access the privileged corporate information on their personal device can lead to pertinent corporate data being compromised. On the other hand, employees are apprehensive that the corporate organizations may spy or track their personal cyber activities. Existing solutions for BYOD can be categorized into Mobile Device Management (MDM)-based and Network Access Control (NAC)-based. MDM-based solutions are comprised of a client software, which runs on the users' mobile devices 24/7 monitoring, securing, and managing the mobile device from a corporate-based server. Such a solution could lead to breach of employees' privacy and extensive battery drainage. NAC-based solutions assumes the use of corporate network. Such a solution is not full proof because the corporate data is at a security risk, when the device is not connected to the corporate network. In this study, we formulate a generic BYOD policy from a corporate data security perspective, study the possible security breaches on that policy from Android devices' perspective, and propose ways to defend against them. We propose a solution architecture for Android-based mobile devices. Our approach, unlike the existing BYOD solutions, provides data security, preserves privacy, and consumes less energy. Our approach successfully detects (a) root status of the device and (b) malicious apps, which steal information or subvert information. Our detection is 70 % accurate when tested on real malicious applications. Finally, we present limitations of our approach. |
| URI: | https://repository.iiitd.edu.in/jspui/handle/123456789/105 |
| Appears in Collections: | Year-2013 |
Files in This Item:
| File | Description | Size | Format | |
|---|---|---|---|---|
| mtp_2011003.pdf | 6.66 MB | Adobe PDF | View/Open |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.