A Risk management framework for the BYOD environment

Computer networks in organisations today have different layers of connections, which are either domain connections or external connections. The hybrid network contains the standard domain connections, cloud base connections, “bring your own device” (BYOD) connections, together with the devices and network connections of the Internet of Things (IoT). All these technologies will need to be incorporated in the Oman Vision 2040 strategy, which will involve changing several cities to smart cities. To implement this strategy artificial intelligence, cloud computing, BYOD and IoT will be adopted. This research will focus on the adoption of BYOD in the Oman context. It will have advantages for organisations, such as increasing productivity and reducing costs. However, these benefits come with security risks and privacy concerns, the users being the main contributors of these risks. The aim of this research is to develop a risk management and security framework for the BYOD environment to minimise these risks. The proposed framework is designed to detect and predict the risks by the use of MDM event logs and function logs. The chosen methodology is a combination of both qualitative and quantitative approaches, known as a mixed-methods approach. The approach adopted in this research will identify the latest threats and risks experienced in BYOD environments. This research also investigates the level of user-awareness of BYOD security methods. The proposed framework will enhance the current techniques for risk management by improving risk detection and prediction of threats, as well as, enabling BYOD risk management systems to generate notifications and recommendations of possible preventive/mitigation actions to deal with them

REMOTE MOBILE SCREEN (RMS): AN APPROACH FOR SECURE BYOD ENVIRONMENTS

Bring Your Own Device (BYOD) is a policy where employees use their own personal mobile devices to perform work-related tasks. Enterprises reduce their costs since they do not have to purchase and provide support for the mobile devices. BYOD increases job satisfaction and productivity in the employees, as they can choose which device to use and do not need to carry two or more devices. However, BYOD policies create an insecure environment, as the corporate network is extended and it becomes harder to protect it from attacks. In this scenario, the corporate information can be leaked, personal and corporate spaces are not separated, it becomes difficult to enforce security policies on the devices, and employees are worried about their privacy. Consequently, a secure BYOD environment must achieve the following goals: space isolation, corporate data protection, security policy enforcement, true space isolation, non-intrusiveness, and low resource consumption. We found that none of the currently available solutions achieve all of these goals. We developed Remote Mobile Screen (RMS), a framework that meets all the goals for a secure BYOD environment. To achieve this, the enterprise provides the employee with a Virtual Machine (VM) running a mobile operating system, which is located in the enterprise network and to which the employee connects using the mobile device. We provide an implementation of RMS using commonly available software for an x86 architecture. We address RMS challenges related to compatibility, scalability and latency. For the first challenge, we show that at least 90.2% of the productivity applications from Google Play can be installed on an x86 architecture, while at least 80.4% run normally. For the second challenge, we deployed our implementation on a high-performance server and run up to 596 VMs using 256 GB of RAM. Further, we show that the number of VMs is proportional to the available RAM. For the third challenge, we used our implementation on GENI and conclude that an application latency of 150 milliseconds can be achieved. Adviser: Byrav Ramamurth

A Survey on Security for Mobile Devices

Nowadays, mobile devices are an important part of our everyday lives since they enable us to access a large variety of ubiquitous services. In recent years, the availability of these ubiquitous and mobile services has signicantly increased due to the dierent form of connectivity provided by mobile devices, such as GSM, GPRS, Bluetooth and Wi-Fi. In the same trend, the number and typologies of vulnerabilities exploiting these services and communication channels have increased as well. Therefore, smartphones may now represent an ideal target for malware writers. As the number of vulnerabilities and, hence, of attacks increase, there has been a corresponding rise of security solutions proposed by researchers. Due to the fact that this research eld is immature and still unexplored in depth, with this paper we aim to provide a structured and comprehensive overview of the research on security solutions for mobile devices. This paper surveys the state of the art on threats, vulnerabilities and security solutions over the period 2004-2011. We focus on high-level attacks, such those to user applications, through SMS/MMS, denial-of-service, overcharging and privacy. We group existing approaches aimed at protecting mobile devices against these classes of attacks into dierent categories, based upon the detection principles, architectures, collected data and operating systems, especially focusing on IDS-based models and tools. With this categorization we aim to provide an easy and concise view of the underlying model adopted by each approach

Information security concerns around enterprise bring your own device adoption in South African higher education institutions

The research carried out in this thesis is an investigation into the information security concerns around the use of personally-owned mobile devices within South African universities. This concept, which is more commonly known as Bring Your Own Device or BYOD has raised many data loss concerns for organizational IT Departments across various industries worldwide. Universities as institutions are designed to facilitate research and learning and as such, have a strong culture toward the sharing of information which complicates management of these data loss concerns even further. As such, the objectives of the research were to determine the acceptance levels of BYOD within South African universities in relation to the perceived security risks. Thereafter, an investigation into which security practices, if any, that South African universities are using to minimize the information security concerns was carried out by means of a targeted online questionnaire. An extensive literature review was first carried out to evaluate the motivation for the research and to assess advantages of using Smartphone and Tablet PC’s for work related purposes. Thereafter, to determine security concerns, other surveys and related work was consulted to determine the relevant questions needed by the online questionnaire. The quantity of comprehensive academic studies concerning the security aspects of BYOD within organizations was very limited and because of this reason, the research took on a highly exploratory design. Finally, the research deliberated on the results of the online questionnaire and concluded with a strategy for the implementation of a mobile device security strategy for using personally-owned devices in a work-related environment

A Lightweight Attribute-Based Access Control System for IoT.

The evolution of the Internet of things (IoT) has made a significant impact on our daily and professional life. Home and office automation are now even easier with the implementation of IoT. Multiple sensors are connected to monitor the production line, or to control an unmanned environment is now a reality. Sensors are now smart enough to sense an environment and also communicate over the Internet. That is why, implementing an IoT system within the production line, hospitals, office space, or at home could be beneficial as a human can interact over the Internet at any time to know the environment. 61% of International Data Corporation (IDC) surveyed organizations are actively pursuing IoT initiatives, and 6.8% of the average IT budgets is also being allocated to IoT initiatives. However, the security risks are still unknown, and 34% of respondents pointed out that data safety is their primary concern [1]. IoT sensors are being open to the users with portable/mobile devices. These mobile devices have enough computational power and make it di cult to track down who is using the data or resources. That is why this research focuses on proposing a dynamic access control system for portable devices in IoT environment. The proposed architecture evaluates user context information from mobile devices and calculates trust value by matching with de ned policies to mitigate IoT risks. The cloud application acts as a trust module or gatekeeper that provides the authorization access to READ, WRITE, and control the IoT sensor. The goal of this thesis is to offer an access control system that is dynamic, flexible, and lightweight. This proposed access control architecture can secure IoT sensors as well as protect sensor data. A prototype of the working model of the cloud, mobile application, and sensors is developed to prove the concept and evaluated against automated generated web requests to measure the response time and performance overhead. The results show that the proposed system requires less interaction time than the state-of-the-art methods