By Topic

Securing Enterprise Data on Smartphones Using Run Time Information Flow Control

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

6 Author(s)
Kodeswaran, P. ; IBM Res. India, Bangalore, India ; Nandakumar, V. ; Kapoor, S. ; Kamaraju, P.
more authors

There is an increasing penetration of smart phones within enterprises. Most smart phone users now run both enterprise as well as personal applications simultaneously on their phones. However, most of the personal apps that are downloaded from public market places are hardly tested for enterprise grade security, and there have been instances of malware appearing in public markets that steal sensitive user information. Smart phone platforms such as Android require users to explicitly provide permissions to applications at install time, yet lack run time monitoring of permission usage by applications. In this paper, we present a framework for the run time enforcement of privacy policies on smart phones, in particular, protecting the privacy of enterprise data on smart phones. Our privacy policies are defined in terms of permissible information flows on the phone during different contexts. This arms users with finer grained control over information access by different applications. In our policy framework, an information flow is defined based on the entities involved in the corresponding inter-process communication(IPC) viz, the caller, callee and the associated IPC data. The information flow policy specifies the conditions under which an IPC flow may be permitted (or denied). Our system tracks information flows at run time and enforces that only flows satisfying all the current policies are permitted on the phone. We describe the design and implementation of our policy based framework in Android, and present performance evaluation results measuring the overhead imposed by our framework.

Published in:

Mobile Data Management (MDM), 2012 IEEE 13th International Conference on

Date of Conference:

23-26 July 2012