Skip to main content
SpringerLink
Log in

Securing Business Data on Android Smartphones

  • Conference paper
Book cover Mobile Web Information Systems (MobiWIS 2014)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 8640))

Included in the following conference series:

Abstract

In this paper, we study the security of Enterprise Business data on Android Smartphone. The contribution of the paper is threefold: (1) identifying the main business case scenarios of using Smart phones for business activities and the associated security issues, (2) evaluating the risks associated with the identified scenarios under the current Android security architecture, and (3) in- vestigating academic and industrial efforts proposed to secure business solu- tions on Android Smart phones. The third contribution has been given special attention to identify the possible alternatives and discuss their viability.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Amiya, K.: Empirical study of the robustness of inters process communication in android, Purdue university

    Google Scholar 

  2. Osterman, A.: Research White Paper Published October 2012, “The Need for IT to Get in Front of the BYOD Problem”

    Google Scholar 

  3. Unhelkar, B., Murugesan, S.: The Enterprise Mobile Applications Development Framework. IT Professional 12(3), 33–39 (2010)

    Article  Google Scholar 

  4. Bravo, P., Garcia, D.F.: Proactive Detection of Kernel-Mode Rootkits. In: 2011 Sixth International Conference on Availability, Reliability and Security (ARES), August 22-26, pp. 515–520 (2011)

    Google Scholar 

  5. Lee, C., Kim, J., Cho, S.-J., Choi, J., Park, Y.: Unified security enhancement framework for the Android operating system. Springer Science+Business Media, New York (2013)

    Google Scholar 

  6. You, D.-H., Noh, B.-N.: System Security Research Center, Chonnam National University. Android platform based linux kernel rootkit.

    Google Scholar 

  7. Bae, H., Kim, S.-W., Yoo, C.: Graduate School of Convergence IT, Korea University, Seoul, Republic of Korea. Building the Android platform security mechanism using Trust Zone.

    Google Scholar 

  8. http://archive09.linux.com/feature/113941

  9. http://c-skills.blogspot.ca/2011/02/zimperlich-sources.html

  10. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1149

  11. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1717

  12. http://dev.b-labs.com/

  13. http://developer.android.com/guide/components/index.html

  14. http://developer.android.com/guide/components/intents-filters.html

  15. http://developer.android.com/guide/components/processes-and-threads.html

  16. http://developer.android.com/training/articles/security-tips.html

  17. http://en.wikipedia.org/wiki/Google_Play

  18. http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=554488

  19. http://l4android.org/

  20. http://l4linux.org/

  21. http://linuxcontainers.org/

  22. http://old.nabble.com/L4Android-performance-issue-td34125968.html

  23. http://reviews.cnet.com/8301-19736_7-57578709-251/hack-your-android-like-a-pro-rooting-and-roms-explained/

  24. http://selinuxproject.org/page/Main_Page

  25. http://selinuxproject.org/page/SEAndroid

  26. http://source.android.com/tech/security/#the-application-sandbox

  27. http://tomoyo.sourceforge.jp/

  28. http://www.adtpulse.com/home/how-pulse-works/mobile

  29. http://www.arm.com/products/processors/technologies/trustzone/index.php

  30. http://www.businesswire.com/news/home/20130214005415/en/Android-iOS-Combinid

  31. http://www.csc.ncsu.edu/faculty/jiang/GingerMaster/

  32. http://www.linux-kvm.org/page/Main_Page

  33. http://www.ok-labs.com/geektv/watch/mobile-virtualization-security-delivered

  34. http://www.ok-labs.com/products/ok-android

  35. http://www.samsung.com/ca/business-images/resource/case-study/2012/11/EBT_1208_EBTsource_MobileSecurity_Whitepaper_WP-0-1.pdf

  36. http://www.tldp.org/LDP/tlk/ipc/ipc.html

  37. http://www.trendmicro.com/us/enterprise/product-security/mobile-security/

  38. http://www.vmware.com/mobile-secure-desktop/

  39. http://www.xen.org/products/xenhyp.html

  40. https://code.google.com/p/seek-for-android/wiki/AndroidContainer

  41. https://labs.mwrinfosecurity.com/tools/drozer/

  42. https://play.google.com/store

  43. https://www.oasis-pen.org/committees/tc_home.php?wg_abbrev=xacml

  44. https://www.samsungknox.com/overview/enterprise-it

  45. CRêPE: A System for Enforcing Fine-Grained Context-Related Policies on Android. IEEE Transactions on Information Forensics and Security 7(5) (October 2012)

    Google Scholar 

  46. Park, J., Sandhu, R.: The UCONABC usage control model. ACM Trans. Inf. Syst. Secur. 7, 128–174 (2004)

    Article  Google Scholar 

  47. Boutet, J.: SANS Institute InfoSec Reading Room, Malicious Android Applications: Risks and Exploitation

    Google Scholar 

  48. Kumar, U., Kodeswaran, P., Nandakumar, V., Kapoor, S.: Polite: A policy framework for building managed mobile apps. In: Military Communications Conference, MILCOM 2012, October 29, November 1, pp. 1–6 (2012)

    Google Scholar 

  49. Davi, L., Dmitrienko, A., Sadeghi, A.-R., Winandy, M.: System Security Lab,Ruhr-University Bochum, Germany “Privacy Esclation Attack on An- droid”

    Google Scholar 

  50. Lange, M., Liebergeld, S., Lackorzynski, A., Warg, A., Danisevskis, J., Nordholz, J.C.: Security in Telecommunications, TU Berlin, Germany “Hotmobile, Demo: L4Android Security Framework on the Samsung Galaxy S2” (2012)

    Google Scholar 

  51. Lange, M.: Steffen Liebergeld Universität Berlin and Deutsche Telekom Laboratories L4Android: A Generic Operating System Framework for Secure Smart phones

    Google Scholar 

  52. Zhao, M., Ge, F., Zhang, T., Yuan, Z.: Institute of Command and Automation, PLA University of Science and technology, Nanjing, China “AntiMalDroid: An Efficient SVM-Based Malware Detection Framework for Android”

    Google Scholar 

  53. Kodeswaran, P., Nandakumar, V., Kapoor, S.: Securing Enterprise data on smart phone using run time information flow control. In: 2012 IEEE 13th international Conference on Mobile Data Management (2012)

    Google Scholar 

  54. Fehrenbach, P.: Android Vulnerability Analysis with Mercury Framework, http://it-securityguard.com/Pentest_09_2012.pdf

  55. Dornbusch, P., Ller, M.M., Buttermann, A.: It- Security in Global Corporate Networks (February 4 2003)

    Google Scholar 

  56. Samarati, P., de Vimercati, S.C.: Access Control: Policies, Models, and Mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 137–196. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  57. Hay, R.: IBM Rational Application Security Research Group, “Opera Mobile Cache Poisoning XAS” (September 2011)

    Google Scholar 

  58. Wessel, S., Stumpf, F., Herdt, I., Eckert, C.: Fraunhofer Research Institution AISEC, Munich, Germany “Improving Mobile Device Security with Operating System-Level Virtualization”

    Google Scholar 

  59. Zhong, S., Li, L., Liu, Y.G., Yang, Y.R.: Computer Science Department Yale University, Department of Computer Sciences The University of Texas Austin, “Privacy-Preserving Location-based Services for Mobile Users in Wireless Net- works”

    Google Scholar 

  60. Smalley, S., Craig, R.: Trusted Systems Research National Security Agency “Security Enhanced (SE) Android: Bringing Flexible MAC to Android”

    Google Scholar 

  61. Sven Bugiel technische university Darmstadt Practical lightweight domain isolation on Android,

    Google Scholar 

  62. Hayes, T.: Mitigating Signaling Based Attacks on Smart phones Collin Mulliner, Steffen Liebergeld, Matthias Lange, and Jean-Pierre Seifert Technische Universität Berlin and Deutsche Telekom Laboratories

    Google Scholar 

  63. TE-ENWEll, ALBERT B. JENGl, Department of Computer Science and Information Engineering, National Taiwan University “Android privacy”

    Google Scholar 

  64. Kumar, U.: A policy framework for building managed mobile App. In: Kodeswaran, P., Vikrant, S. (eds.) IBM Research India, University of Florida,

    Google Scholar 

  65. Jun-Jang, W.: Sik-Whan, Hyung-Woo, Hong-ill, Jeomg-Nyeo: Hanshin University & knowledge base information security & software research Lab “Rooting Attack Detection Method on the Android based Smart Phone”

    Google Scholar 

  66. Zhang, X., Seifert, J.-P., Acıiçmez, O.: SEIP: Simple and efficient integrity protection for open mobile platforms. In: Soriano, M., Qing, S., López, J. (eds.) ICICS 2010. LNCS, vol. 6476, pp. 107–125. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  67. http://resources.idgenterprise.com/original/AST-0038025_Aujas_White_paper__Mitigating_Security_Risk_in_USSD_Apr11_.pdf

Download references

Author information

Authors and Affiliations

  1. Dept. Software Engineering and IT, École de technologie supérieure, Montréal, Canada

    Mohamed Ali El-Serngawy & Chamseddine Talhi

Authors
  1. Mohamed Ali El-Serngawy
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Chamseddine Talhi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computing, University of Bradford, BD7 1DP, Bradford, UK

    Irfan Awan

  2. Department of Computing and Communication Technologies, Oxford Brookes University, OX33 1HX, Oxford, UK

    Muhammad Younas

  3. Department of Sercice and Information System Engineering, Universitat Politècnica de Catalunya, 08034, Barcelona, Spain

    Xavier Franch

  4. Department of Service and Information System Engineering, Universitat Politècnica de Catalunya, 08034, Barcelona, Spain

    Carme Quer

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

El-Serngawy, M.A., Talhi, C. (2014). Securing Business Data on Android Smartphones. In: Awan, I., Younas, M., Franch, X., Quer, C. (eds) Mobile Web Information Systems. MobiWIS 2014. Lecture Notes in Computer Science, vol 8640. Springer, Cham. https://doi.org/10.1007/978-3-319-10359-4_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-10359-4_18

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-10358-7

  • Online ISBN: 978-3-319-10359-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation