MOSES: Supporting and enforcing security profiles on smartphones

Yury Zhauniarovich, Giovanni Russello, Mauro Conti, Bruno Crispo, Earlence Fernandes

Research output: Contribution to journalArticle

33 Citations (Scopus)

Abstract

Smartphones are very effective tools for increasing the productivity of business users. With their increasing computational power and storage capacity, smartphones allow end users to perform several tasks and be always updated while on the move. Companies are willing to support employee-owned smartphones because of the increase in productivity of their employees. However, security concerns about data sharing, leakage and loss have hindered the adoption of smartphones for corporate use. In this paper we present MOSES, a policy-based framework for enforcing software isolation of applications and data on the Android platform. In MOSES, it is possible to define distinct Security Profiles within a single smartphone. Each security profile is associated with a set of policies that control the access to applications and data. Profiles are not predefined or hardcoded, they can be specified and applied at any time. One of the main characteristics of MOSES is the dynamic switching from one security profile to another. We run a thorough set of experiments using our full implementation of MOSES. The results of the experiments confirm the feasibility of our proposal.

Original languageEnglish
Article number2300482
Pages (from-to)211-223
Number of pages13
JournalIEEE Transactions on Dependable and Secure Computing
Volume11
Issue number3
DOIs
Publication statusPublished - 1 Jan 2014
Externally publishedYes

Fingerprint

Smartphones
Productivity
Personnel
Industry
Experiments

Keywords

  • Access control
  • Android
  • BYOD
  • Context
  • Virtualization

ASJC Scopus subject areas

  • Electrical and Electronic Engineering

Cite this

MOSES : Supporting and enforcing security profiles on smartphones. / Zhauniarovich, Yury; Russello, Giovanni; Conti, Mauro; Crispo, Bruno; Fernandes, Earlence.

In: IEEE Transactions on Dependable and Secure Computing, Vol. 11, No. 3, 2300482, 01.01.2014, p. 211-223.

Research output: Contribution to journalArticle

Zhauniarovich, Yury ; Russello, Giovanni ; Conti, Mauro ; Crispo, Bruno ; Fernandes, Earlence. / MOSES : Supporting and enforcing security profiles on smartphones. In: IEEE Transactions on Dependable and Secure Computing. 2014 ; Vol. 11, No. 3. pp. 211-223.
@article{5192656962ce4ee1b9b254a224d2a77a,
title = "MOSES: Supporting and enforcing security profiles on smartphones",
abstract = "Smartphones are very effective tools for increasing the productivity of business users. With their increasing computational power and storage capacity, smartphones allow end users to perform several tasks and be always updated while on the move. Companies are willing to support employee-owned smartphones because of the increase in productivity of their employees. However, security concerns about data sharing, leakage and loss have hindered the adoption of smartphones for corporate use. In this paper we present MOSES, a policy-based framework for enforcing software isolation of applications and data on the Android platform. In MOSES, it is possible to define distinct Security Profiles within a single smartphone. Each security profile is associated with a set of policies that control the access to applications and data. Profiles are not predefined or hardcoded, they can be specified and applied at any time. One of the main characteristics of MOSES is the dynamic switching from one security profile to another. We run a thorough set of experiments using our full implementation of MOSES. The results of the experiments confirm the feasibility of our proposal.",
keywords = "Access control, Android, BYOD, Context, Virtualization",
author = "Yury Zhauniarovich and Giovanni Russello and Mauro Conti and Bruno Crispo and Earlence Fernandes",
year = "2014",
month = "1",
day = "1",
doi = "10.1109/TDSC.2014.2300482",
language = "English",
volume = "11",
pages = "211--223",
journal = "IEEE Transactions on Dependable and Secure Computing",
issn = "1545-5971",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
number = "3",

}

TY - JOUR

T1 - MOSES

T2 - Supporting and enforcing security profiles on smartphones

AU - Zhauniarovich, Yury

AU - Russello, Giovanni

AU - Conti, Mauro

AU - Crispo, Bruno

AU - Fernandes, Earlence

PY - 2014/1/1

Y1 - 2014/1/1

N2 - Smartphones are very effective tools for increasing the productivity of business users. With their increasing computational power and storage capacity, smartphones allow end users to perform several tasks and be always updated while on the move. Companies are willing to support employee-owned smartphones because of the increase in productivity of their employees. However, security concerns about data sharing, leakage and loss have hindered the adoption of smartphones for corporate use. In this paper we present MOSES, a policy-based framework for enforcing software isolation of applications and data on the Android platform. In MOSES, it is possible to define distinct Security Profiles within a single smartphone. Each security profile is associated with a set of policies that control the access to applications and data. Profiles are not predefined or hardcoded, they can be specified and applied at any time. One of the main characteristics of MOSES is the dynamic switching from one security profile to another. We run a thorough set of experiments using our full implementation of MOSES. The results of the experiments confirm the feasibility of our proposal.

AB - Smartphones are very effective tools for increasing the productivity of business users. With their increasing computational power and storage capacity, smartphones allow end users to perform several tasks and be always updated while on the move. Companies are willing to support employee-owned smartphones because of the increase in productivity of their employees. However, security concerns about data sharing, leakage and loss have hindered the adoption of smartphones for corporate use. In this paper we present MOSES, a policy-based framework for enforcing software isolation of applications and data on the Android platform. In MOSES, it is possible to define distinct Security Profiles within a single smartphone. Each security profile is associated with a set of policies that control the access to applications and data. Profiles are not predefined or hardcoded, they can be specified and applied at any time. One of the main characteristics of MOSES is the dynamic switching from one security profile to another. We run a thorough set of experiments using our full implementation of MOSES. The results of the experiments confirm the feasibility of our proposal.

KW - Access control

KW - Android

KW - BYOD

KW - Context

KW - Virtualization

UR - http://www.scopus.com/inward/record.url?scp=84903980304&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84903980304&partnerID=8YFLogxK

U2 - 10.1109/TDSC.2014.2300482

DO - 10.1109/TDSC.2014.2300482

M3 - Article

AN - SCOPUS:84903980304

VL - 11

SP - 211

EP - 223

JO - IEEE Transactions on Dependable and Secure Computing

JF - IEEE Transactions on Dependable and Secure Computing

SN - 1545-5971

IS - 3

M1 - 2300482

ER -