Security-enhanced Android for an enterprise

被引:0
作者
Rehman S.R. [1 ]
Waheed M. [1 ]
Masood A. [1 ]
机构
[1] Devices and Network Security Lab, National Center for Cyber Security, Air University, Islamabad
来源
International Journal of Security and Networks | 2022年 / 17卷 / 02期
关键词
Android custom ROMs; Android security; enterprise security requirement; iOS security; mobile OS security analysis; security enhancements in Android;
D O I
10.1504/IJSN.2022.123296
中图分类号
学科分类号
摘要
Mobile devices today play an essential role in communications, especially in accessing or storing private information of the users, making it a treasure trove for malicious intent attackers. Additionally, enterprises also encourage use of employee-owned devices resulting in convenience, lower costs and higher employee productivity. In this scenario, an employee’s mobile device compromise not only results in leakage of personal information but also enterprise secrets and protected data. Thus, requirement for strong protection of stored data and hardening of mobile devices against malicious attacks is essential. One such approach for an enterprise would be to reinforce underlying Android operating system; the most widely used system due to its open-source nature. In this work, we followed a risk assessment approach and conducted security feature comparison of Android (AOSP) with iPhone’s (iOS) to identify potential security enhancements for enterprise use, and later on also performed a comparison of Android custom ROMs to further refine the security enhancements. Copyright © 2022 Inderscience Enterprises Ltd.
引用
收藏
页码:92 / 106
页数:14
相关论文
共 36 条
[1]  
Al-Qershi F., Al-Qurishi M., Rahman S.M.M., Al-Amri A., Android vs. iOS: the security battle, 2014 World Congress on Computer Applications and Information Systems (WCCAIS), pp. 1-8, (2014)
[2]  
Android Open Source Project (AOSP)
[3]  
iOS Security: iOS 12.3, (2019)
[4]  
Campbell J., Kleeman D., Ma W., The good and not so good of enforcing password composition rules, Information Systems Security, 16, 1, pp. 2-8, (2007)
[5]  
Copperhead
[6]  
Fahl S., Harbach M., Muders T., Baumgartner L., Freisleben B., Smith M., Why Eve and Mallory love Android: an analysis of Android SSL (in) security, Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS ‘12, pp. 50-61, (2012)
[7]  
Fahl S., Harbach M., Perl H., Koetter M., Smith M., Rethinking SSL development in an appified world, Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, CCS ‘13, pp. 49-60, (2013)
[8]  
Farhan S., Ali M., Kamran M., Javaid Q., Zhang S., A survey on security for smartphone device, International Journal of Advanced Computer Science and Applications, 7, 4, (2016)
[9]  
Faruki P., Bharmal A., Laxmi V., Ganmoor V., Gaur M.S., Conti M., Rajarajan M., Android security: a survey of issues, malware penetration, and defenses, IEEE Communications Surveys Tutorials, 17, 2, pp. 998-1022, (2015)
[10]  
Georgiev M., Iyengar S., Jana S., Anubhai R., Boneh D., Shmatikov V., The most dangerous code in the world: validating SSL certificates in non-browser software, Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS ‘12, pp. 38-49, (2012)
1234