International Journal of Information Security

, Volume 14, Issue 2, pp 123–140

Formal modeling and automatic enforcement of Bring Your Own Device policies

  • Alessandro Armando
  • Gabriele Costa
  • Alessio Merlo
  • Luca Verderame
Special Issue Paper

DOI: 10.1007/s10207-014-0252-y

Cite this article as:
Armando, A., Costa, G., Merlo, A. et al. Int. J. Inf. Secur. (2015) 14: 123. doi:10.1007/s10207-014-0252-y

Abstract

The emerging Bring Your Own Device (BYOD) paradigm is pushing the adoption of employees’ personal mobile devices (e.g., smartphones and tablets) inside organizations for professional usage. However, allowing private, general purpose devices to interact with proprietary, possibly critical infrastructures enables obvious threats. Unfortunately, current mobile OSes do not seem to provide adequate security support for dealing with them. In this paper, we present a formal modeling and assessment of the security of mobile applications. In particular, we propose a security framework for verifying and enforcing BYOD security policies on Android devices. Interestingly, our approach is non-invasive and only requires minor platform modifications at application level. Finally, we provide empirical evidence of the practical feasibility of the approach by means of a prototype which we used to validate a set of real Android applications.

Keywords

Bring Your Own Device History expressions Hennessy–Milner logic Type and effect systems Partial model checking Android 

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Alessandro Armando
    • 1
    • 2
  • Gabriele Costa
    • 1
  • Alessio Merlo
    • 3
    • 4
  • Luca Verderame
    • 1
  1. 1.DIBRIS - University of GenovaGenoaItaly
  2. 2.FBK-IRSTTrentoItaly
  3. 3.E-Campus UniversityNovedrateItaly
  4. 4.University of GenovaGenoaItaly

Personalised recommendations