使用插件框架实施企业移动应用安全策略

2018 IEEE 23rd Pacific Rim International Symposium on Dependable Computing (PRDC) Pub Date : 2018-12-01 DOI:10.1109/PRDC.2018.00048

Pang-Yang Chu, Wei-Huan Lu, Jun-Wei Lin, Yu-Sung Wu

{"title":"使用插件框架实施企业移动应用安全策略","authors":"Pang-Yang Chu, Wei-Huan Lu, Jun-Wei Lin, Yu-Sung Wu","doi":"10.1109/PRDC.2018.00048","DOIUrl":null,"url":null,"abstract":"The prevalent use of mobile applications in enterprise computing requires more stringent yet flexible enforcement of security policies on the mobile devices. Existing enforcement mechanisms such as mobile device management system focus on the management of device features and cannot cover the diverse security policies of enterprise applications precisely. We address the challenge by proposing a novel security policy enforcement system based on Plugin framework. The system provides fine-grained security policy enforcement at each library call site in an application. With root privilege (targeting company-owned devices), fine-grained enforcement can be applied to any application. Without root privilege (targeting BYOD devices), fine-grained enforcement can be applied to the applications installed via the enforcement system.","PeriodicalId":409301,"journal":{"name":"2018 IEEE 23rd Pacific Rim International Symposium on Dependable Computing (PRDC)","volume":"45 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Enforcing Enterprise Mobile Application Security Policy with Plugin Framework\",\"authors\":\"Pang-Yang Chu, Wei-Huan Lu, Jun-Wei Lin, Yu-Sung Wu\",\"doi\":\"10.1109/PRDC.2018.00048\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The prevalent use of mobile applications in enterprise computing requires more stringent yet flexible enforcement of security policies on the mobile devices. Existing enforcement mechanisms such as mobile device management system focus on the management of device features and cannot cover the diverse security policies of enterprise applications precisely. We address the challenge by proposing a novel security policy enforcement system based on Plugin framework. The system provides fine-grained security policy enforcement at each library call site in an application. With root privilege (targeting company-owned devices), fine-grained enforcement can be applied to any application. Without root privilege (targeting BYOD devices), fine-grained enforcement can be applied to the applications installed via the enforcement system.\",\"PeriodicalId\":409301,\"journal\":{\"name\":\"2018 IEEE 23rd Pacific Rim International Symposium on Dependable Computing (PRDC)\",\"volume\":\"45 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 IEEE 23rd Pacific Rim International Symposium on Dependable Computing (PRDC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/PRDC.2018.00048\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 IEEE 23rd Pacific Rim International Symposium on Dependable Computing (PRDC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/PRDC.2018.00048","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

移动应用程序在企业计算中的普遍使用要求在移动设备上实施更严格但更灵活的安全策略。现有的强制机制(如移动设备管理系统)侧重于对设备特性的管理，无法准确覆盖企业应用程序的各种安全策略。我们提出了一种新的基于插件框架的安全策略实施系统。系统在应用程序中的每个库调用站点提供细粒度的安全策略实施。使用根权限(针对公司拥有的设备)，可以对任何应用程序应用细粒度的强制执行。如果没有根权限(针对BYOD设备)，可以将细粒度的强制应用于通过强制系统安装的应用程序。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Enforcing Enterprise Mobile Application Security Policy with Plugin Framework

The prevalent use of mobile applications in enterprise computing requires more stringent yet flexible enforcement of security policies on the mobile devices. Existing enforcement mechanisms such as mobile device management system focus on the management of device features and cannot cover the diverse security policies of enterprise applications precisely. We address the challenge by proposing a novel security policy enforcement system based on Plugin framework. The system provides fine-grained security policy enforcement at each library call site in an application. With root privilege (targeting company-owned devices), fine-grained enforcement can be applied to any application. Without root privilege (targeting BYOD devices), fine-grained enforcement can be applied to the applications installed via the enforcement system.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2018 IEEE 23rd Pacific Rim International Symposium on Dependable Computing (PRDC)

自引率

0.00%

发文量