Abstract
In this paper, we study the security of Enterprise Business data on Android Smartphone. The contribution of the paper is threefold: (1) identifying the main business case scenarios of using Smart phones for business activities and the associated security issues, (2) evaluating the risks associated with the identified scenarios under the current Android security architecture, and (3) in- vestigating academic and industrial efforts proposed to secure business solu- tions on Android Smart phones. The third contribution has been given special attention to identify the possible alternatives and discuss their viability.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Amiya, K.: Empirical study of the robustness of inters process communication in android, Purdue university
Osterman, A.: Research White Paper Published October 2012, “The Need for IT to Get in Front of the BYOD Problem”
Unhelkar, B., Murugesan, S.: The Enterprise Mobile Applications Development Framework. IT Professional 12(3), 33–39 (2010)
Bravo, P., Garcia, D.F.: Proactive Detection of Kernel-Mode Rootkits. In: 2011 Sixth International Conference on Availability, Reliability and Security (ARES), August 22-26, pp. 515–520 (2011)
Lee, C., Kim, J., Cho, S.-J., Choi, J., Park, Y.: Unified security enhancement framework for the Android operating system. Springer Science+Business Media, New York (2013)
You, D.-H., Noh, B.-N.: System Security Research Center, Chonnam National University. Android platform based linux kernel rootkit.
Bae, H., Kim, S.-W., Yoo, C.: Graduate School of Convergence IT, Korea University, Seoul, Republic of Korea. Building the Android platform security mechanism using Trust Zone.
http://developer.android.com/guide/components/intents-filters.html
http://developer.android.com/guide/components/processes-and-threads.html
http://developer.android.com/training/articles/security-tips.html
http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=554488
http://old.nabble.com/L4Android-performance-issue-td34125968.html
http://source.android.com/tech/security/#the-application-sandbox
http://www.arm.com/products/processors/technologies/trustzone/index.php
http://www.businesswire.com/news/home/20130214005415/en/Android-iOS-Combinid
http://www.ok-labs.com/geektv/watch/mobile-virtualization-security-delivered
http://www.trendmicro.com/us/enterprise/product-security/mobile-security/
https://code.google.com/p/seek-for-android/wiki/AndroidContainer
https://www.oasis-pen.org/committees/tc_home.php?wg_abbrev=xacml
CRêPE: A System for Enforcing Fine-Grained Context-Related Policies on Android. IEEE Transactions on Information Forensics and Security 7(5) (October 2012)
Park, J., Sandhu, R.: The UCONABC usage control model. ACM Trans. Inf. Syst. Secur. 7, 128–174 (2004)
Boutet, J.: SANS Institute InfoSec Reading Room, Malicious Android Applications: Risks and Exploitation
Kumar, U., Kodeswaran, P., Nandakumar, V., Kapoor, S.: Polite: A policy framework for building managed mobile apps. In: Military Communications Conference, MILCOM 2012, October 29, November 1, pp. 1–6 (2012)
Davi, L., Dmitrienko, A., Sadeghi, A.-R., Winandy, M.: System Security Lab,Ruhr-University Bochum, Germany “Privacy Esclation Attack on An- droid”
Lange, M., Liebergeld, S., Lackorzynski, A., Warg, A., Danisevskis, J., Nordholz, J.C.: Security in Telecommunications, TU Berlin, Germany “Hotmobile, Demo: L4Android Security Framework on the Samsung Galaxy S2” (2012)
Lange, M.: Steffen Liebergeld Universität Berlin and Deutsche Telekom Laboratories L4Android: A Generic Operating System Framework for Secure Smart phones
Zhao, M., Ge, F., Zhang, T., Yuan, Z.: Institute of Command and Automation, PLA University of Science and technology, Nanjing, China “AntiMalDroid: An Efficient SVM-Based Malware Detection Framework for Android”
Kodeswaran, P., Nandakumar, V., Kapoor, S.: Securing Enterprise data on smart phone using run time information flow control. In: 2012 IEEE 13th international Conference on Mobile Data Management (2012)
Fehrenbach, P.: Android Vulnerability Analysis with Mercury Framework, http://it-securityguard.com/Pentest_09_2012.pdf
Dornbusch, P., Ller, M.M., Buttermann, A.: It- Security in Global Corporate Networks (February 4 2003)
Samarati, P., de Vimercati, S.C.: Access Control: Policies, Models, and Mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 137–196. Springer, Heidelberg (2001)
Hay, R.: IBM Rational Application Security Research Group, “Opera Mobile Cache Poisoning XAS” (September 2011)
Wessel, S., Stumpf, F., Herdt, I., Eckert, C.: Fraunhofer Research Institution AISEC, Munich, Germany “Improving Mobile Device Security with Operating System-Level Virtualization”
Zhong, S., Li, L., Liu, Y.G., Yang, Y.R.: Computer Science Department Yale University, Department of Computer Sciences The University of Texas Austin, “Privacy-Preserving Location-based Services for Mobile Users in Wireless Net- works”
Smalley, S., Craig, R.: Trusted Systems Research National Security Agency “Security Enhanced (SE) Android: Bringing Flexible MAC to Android”
Sven Bugiel technische university Darmstadt Practical lightweight domain isolation on Android,
Hayes, T.: Mitigating Signaling Based Attacks on Smart phones Collin Mulliner, Steffen Liebergeld, Matthias Lange, and Jean-Pierre Seifert Technische Universität Berlin and Deutsche Telekom Laboratories
TE-ENWEll, ALBERT B. JENGl, Department of Computer Science and Information Engineering, National Taiwan University “Android privacy”
Kumar, U.: A policy framework for building managed mobile App. In: Kodeswaran, P., Vikrant, S. (eds.) IBM Research India, University of Florida,
Jun-Jang, W.: Sik-Whan, Hyung-Woo, Hong-ill, Jeomg-Nyeo: Hanshin University & knowledge base information security & software research Lab “Rooting Attack Detection Method on the Android based Smart Phone”
Zhang, X., Seifert, J.-P., Acıiçmez, O.: SEIP: Simple and efficient integrity protection for open mobile platforms. In: Soriano, M., Qing, S., López, J. (eds.) ICICS 2010. LNCS, vol. 6476, pp. 107–125. Springer, Heidelberg (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
El-Serngawy, M.A., Talhi, C. (2014). Securing Business Data on Android Smartphones. In: Awan, I., Younas, M., Franch, X., Quer, C. (eds) Mobile Web Information Systems. MobiWIS 2014. Lecture Notes in Computer Science, vol 8640. Springer, Cham. https://doi.org/10.1007/978-3-319-10359-4_18
Download citation
DOI: https://doi.org/10.1007/978-3-319-10359-4_18
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-10358-7
Online ISBN: 978-3-319-10359-4
eBook Packages: Computer ScienceComputer Science (R0)