Docstoc

mhamed+zineddine

Document Sample
mhamed+zineddine Powered By Docstoc
					   International Conference on Internet Computing , Informatics in E-Business and applied Computing ( ICIEACS 2012 )
                                         Venue : Hotel RAMADA , Bur Dubai, UAE
                                                Date : 27 – 28 July, 2012




                              Smart Phones: another IT Security scuffle
                                                 Mhamed Zineddine
                                                     Huda Kindi
                                                  MIS Department
                                      ALHOSN University, Abu Dhabi, UAE

Abstract :

         Smart Phones have been pervasively and ubiquitously penetrating and integrating into an
organization’s Information and Communication Technology (ICT) environment at a speedy rate. However,
sensitive data such as instant message conversations, emails, credit card numbers, passwords and corporate
private data made its ways into these devices. Smart Phones thus have become attractive targets to hackers,
crackers, scammers and others. This paper is a part of a comprehensive study of Smart Phones and IT security
dilemma from the employees’ and their organizations’ perspective. The paper employs a survey method to
investigate if employees who are using their smart phone devices in the organization’s IT environment are
aware of security threats emerging from the use of mobile devices and the mobile security policies in place.
Results revealed that nearly 42% of the sample (171 participants) studied confirm that their organizations allow
personal mobile devices to be used inside the organization and more than 60% of respondents report that they
have not used any mobile ant-virus and anti-theft products or software on their mobile devices, although the
majority is aware of the security threats. Meanwhile, 18% of the respondents report little or nil awareness
about the Smart Phones security. The findings of this study reveal that mobile devices are not only invading an
organizations’ ICT environment, but their complex and heterogeneous nature is making the environment they
operate in susceptible to breaches.

Key Words: ICT security, Smart Phones, Mobile Devices.

I. INTRODUCTION

         Years ago, work environment encompassed a network of portable or fixed workstations that supported
employees’ daily tasks at the company premises or at home [1]. Early mobile phones were limited to basic
activities such as voice calls and SMS messages. The fast evolving Smartphones such as the Apple iPhone [10],
Blackberry smartphones [11], and the Google Android phone [9] to mention a few, with their increasing
connectivity and computing power, extended this environment. In addition to physical Smartphones, virtual
Smartphones over IP system in the form of images in the mobile cloud [12] enabled users to customize each
image as they saw fit. Globalization, extensive use of Information Communication Technology, and
telecommuting led to extensive use of mobile devices [12]. The majority of institutions built their systems
around blackberry platforms running RIM's Blackberry Operating Systems (OS), [2,3]. Nowadays, mobile
devices, especially smart phones are widely used by employees [12] Apple’s iOS, Google’s Android OS,
Microsoft’s Windows Mobile and Windows Phone, Nokia’s Symbian, Palm’s OS, Linux based
   International Conference on Internet Computing , Informatics in E-Business and applied Computing ( ICIEACS 2012 )
                                         Venue : Hotel RAMADA , Bur Dubai, UAE
                                                Date : 27 – 28 July, 2012




         OSs Maemo and MeeGo are flooding corporate environment, which make it vulnerable to ICT security
attacks. Securing mobile access to firms’ ICT assets is a core problem in the mobile enabled ICT environment
[3]. The Increased numbers of vendors penetrating the Smart Phones market add to the complexity of securing
these assets. Comprehensive security solutions do exist, however, the cost factor made them less accessible to
small businesses [3]. Furthermore, sufficient knowledge and understanding of security mechanisms and the
application used on Smart Phone is to be strengthened [12]. The remainder of the paper is structured as follows.
Section 2 reviews recent studies relating to Smartphone security issues and Section 3 pertains to the problem
and the research questions addressed in the study. Section 4 states the research design and methodology adopted
in the study. Section 5 presents the analysis while section 6 presents the discussion. Section 7 and 8 concludes
the study with limitations, recommendations and scope for further research.

II. BACKGROUND OF THE STUDY

Smart Phones integration

         In recent years, Smart Phones have been pervasively and ubiquitously penetrating into organization’s
ICT environment in a higher rate than ever. Mobile phone based Supervisory Control and Data Acquisition
(SCADA) integration using the general packet radio service (GPRS) or wireless application protocol (WAP)
enabled the operator to display and change the plant configuration parameters using his mobile phone. Adopting
this remote option reduces maintenance costs and improves productivity [6]. The conventional SCADA is made
of a master station, Programmable logic controllers (PLC)/remote terminal units (RTU), fieldbus, and sensors.
Internet SCADA replaces or extends the fieldbus to the Internet [6a]. Other examples include healthcare [7, 7a,
7b, 39], sensor networks [8] etc.

Market shares of Smart Phone’s operating systems Google’s Android and MS windows mobile are gaining
ground in the Smart Phones market according to Gartner's analysis of global Q2 2011 Smart Phone sales and
2012 predictions as shown in Figure 1 and Figure2. However, the Symbian system is being phased-out.




Figure1: Source: Gartner (August 2011)                        Figure 2: Source: Gartner (April 2011)

         New smart phones are equipped with a rich combination of hardware and software that enable the user
to interact with the cyberspace and the phone network. However, the increasing complexity, the heterogeneous
nature of these devices has also increased their vulnerabilities to attacks and the number of security threats.

Security threats on Smart Phones
    International Conference on Internet Computing , Informatics in E-Business and applied Computing ( ICIEACS 2012 )
                                               Venue : Hotel RAMADA , Bur Dubai, UAE
                                                       Date : 27 – 28 July, 2012




          Smart phones have been evolving to encompass more computers “like” capabilities. Multiple software
applications have been developed to handle several tasks. Sensitive data, however, made its way to these devices
such as instant message conversations, emails, credit card numbers, passwords, corporate private data etc. Smart
Phones have thus become attractive targets to hackers, crackers, scammers etc. [13]. Hackers may move the
battlefield to smartphones due to the embedded profit factor [8a]. Stolen Smart Phones might lead to
unauthorized disclosure, deception, disruption, usurpation, or other malicious and/or unlawful activities. Stolen
mobile phone owners are more concerned about the misuse of services and information than the monetary value
of the device itself [14]. The security track of traditional ICT infrastructure (PCs, servers, routers etc.) reflects
the darker side of ICT security. Information security issues were brought into the spotlight after the popular
Kevin Mitnick incident. Furthermore, an estimated loss of 50 million worth of intellectual property and source
code stolen were reported from Nokia, NEC, Sun Microsystems, Novell, Fujitsu, and Motorola [15]. In addition,
viruses, Trojans, botnets, worms, adware, and spyware are other negative issues which follow the scandals [16].
At present, Smart Phones are moving towards the same capabilities of traditional computer devices. They offer a
rich environment for software applications developer including “multi-protocol networking stack, UI toolkits,
and file systems” [17] which make them as vulnerable as their bulky desktop cousins. Also, thousands of
applications have been developed for multiple smart phones platforms ([18], [19], and [20]).

          Today’s Smart Phone are able to perform logic processing, therefore, malicious software based on
malicious logic will be executed on these platforms. Some other challenges facing the evil doers are the
understanding of the software structure, design of operating systems running of drivers, hardware, processors
and the architecture used in Smart Phones (ARM1, Intel ATOM2 etc…). However, it is only a question of time.
Viruses, Spyware, Malware etc. have been already detected in Mobile based Smart phones ([21], [22], [23],
[24], [25] and [38]). Unfortunately, Smart Phone manufactures are still following old simple system designs,
starting with an open system and letting the users lock it down later. This strategy makes life easier.
Applications on Smart Phones enjoy broad security privileges to make network connections, access data and
communicate with other applications (app) on the device. A vetting process is used by Apple’s iPhone/app store
to protect users from malicious apps (They may remotely delete an offending application) [40]. Apps used on
the Smart Phones are still susceptible to other vulnerabilities such as buffer overflow attacks etc. Jail breaking is
widely used to run other unauthorized apps on iPhone, which makes Apple’s vetting process ineffective. In
contrast, Google’s Android follows a design similar to SubOS [41]. Apps on Google’s Android run with
different UNIX user ids, to mitigate the impact of an application being compromised. However, Confused
Deputy attacks still hold [26]. Furthermore, Google’s Android platforms can be susceptible to rooting to attain
privileged control or commonly termed as root access.



1 ARM is a 32-bit reduced instruction set computer (RISC) instruction set architecture (ISA) developed by ARM Holdings

2 Intel Atom is the brand name for a line of ultra-low-voltage x86 and x86-64 CPUs (or microprocessors) from Intel, designed in 45 nm
CMOS and used mainly in netbooks , nettops, embedded application ranging from health care to advanced robotics and Mobile Internet
devices (MIDs).

Counter measures
    International Conference on Internet Computing , Informatics in E-Business and applied Computing ( ICIEACS 2012 )
                                          Venue : Hotel RAMADA , Bur Dubai, UAE
                                                 Date : 27 – 28 July, 2012




         To deal with mobile-based threats, new security companies in traditional computer protection, in
addition to new mobile focused companies have been marketing mobile specific versions of security software
[27, 28, 29, 30, 31, 32, 33, 34, 35 and 36]. The level of complexity and threats increase to Smart Phone
platforms, although they may belong to Apple’s iOS, Google’s Android OS, Microsoft’s Windows Mobile and
Windows Phone, Nokia’s Symbian, Palm’s OS, Linux based OSs Maemo and MeeGo etc... Mobile antivirus,
detection/prevention system to scan and monitor Smart Phone activities, Firewalls to control IP-based access
and other security solutions are more likely to follow the same track as their desktop counterparts. Lack of
resources on mobile devices is an impediment for implementing sophisticated functionalities to detect intricate
malware. Resources required to run security software may lead users to be less enthusiastic to adopt more
sophisticated security applications at present. [37].

Mobile devices threats and remedies

Mobile device based threats and attacks can be divided into four classes [42] namely hardware-centric, device
independent, software-centric and user layer attacks [43]:

•   Hardware-centric attacks which requires physical access to the device makes them not easily exploitable.
•   Device-independent attacks which involves eavesdropping on the wireless connection or leaking mirrored
    private data from the back end systems.
•   Software-centric attacks center around web based applications attacks center around web based applications
    which reveal a great deal of exploitable vulnerabilities.
•   User layer attacks which are not of technical nature, but are designed to trick the user to help override
    existing technical security mechanisms. Spyware and malware programs are typical examples that use such
    type of attacks.

         In order to defend the device against each category of attacks, a different type of mechanism is required
[43]. The first category (Hardware-centric attacks) can be mitigated by adding sound encryption mechanisms to
protect communication between hardware components and protect stored data. For instance, the communication
between the mobile device and the Smartcard should be encrypted. Furthermore, Mobile devices are susceptible
to loss and theft. To deal with the type of issues remote wipeout and self-destroy mechanisms should be in
place. The second category (Device-independent attacks) can be mitigated by using sound encryption
mechanisms and protocols. For instance, adopting new systems such as UMTS (Universal Mobile
Telecommunications System), as it is designed to be less vulnerable to flaws known in GSM [45]. Mobile
devices are easy targets when connected through unsecured and ragged “Wi-Fi” network access points. Thus,
they should be configured to connect only to trusted wireless networks with strong encryption mechanisms in
place. Also, mobile devices are treated as personal property, thus not subjected to the normal security practices
imposed by organizations such as backup and securing data stored in mobile devices[44].

III. THE PROBLEM/RESEARCH QUESTIONS

         There is no doubt, that mobility is becoming a critical part of today’s ICT infrastructure, be it
traditional computing devices such as laptops, Tablet PCs or the recently introduced Smart Phones. The latter
   International Conference on Internet Computing , Informatics in E-Business and applied Computing ( ICIEACS 2012 )
                                         Venue : Hotel RAMADA , Bur Dubai, UAE
                                                Date : 27 – 28 July, 2012




has been pervasively and ubiquitously penetrating, integrating into the corporate and organization’s ICT
environment. The problem is that they are usually personally owned, managed, and may pose an ICT security
threat to the environment they are operating in. This paper is aimed at finding out if employees are using their
smart phone devices in the organization’s IT environment and are aware of security threats emerging from the
use of mobile devices and the mobile security policies in their organizations.




IV. RESEARCH DESIGN

         This research consists of two phases. The first phase is concerning employees and their use of Smart
Phones. It is quantitative, non-experimental research study utilizing primary data collected using a
questionnaire. SPSS version 19 is used to generate statistical information.

4.1 Population and Sampling

         The population targeted in this study consist of employees from different industries. Questionnaires
were distributed to 850 employees from different organizations from which 171 responses were collected.

4.2 Pilot test of the instrument

         The instrument used in this study has been through a face validity process, which ensures that the
instrument is at least superficially capturing what is intended to be measured. Content validity was used to
minimize the subjectivity factor that may hinder the face validity process. The feedback from a panel of experts
was used to achieve content validity. Enhancements and changes suggested were made to the survey. Reliability
on the other hand is about the consistency of results and whether it is free of random or unstable errors. The
researcher, made every effort in minimizing errors in the process of entering the data collected using a
standardized data collection instrument, implementing the appropriate sample designs and sampling procedures,
adequate survey administration procedures, data verification and correction procedures. All the scales were
designed to be on a positive direction. Cronbach's alpha (Cronbach, 1951) is a measure of reliability and internal
consistency. The value of Cronbach’s Alpha in this study is 0.759 which suggests that the instrument is reliable.

         The second phase is concerning organizations’ management of these devices and policy enforcement.
IT directors, CIO’s, SIT security officers will be approached for data gathering

V. DATA ANALYSIS

Demographic data analysis

The data collected revealed that fifty one per cent of respondents were employed in the government sector.

Smart Phone use in the UAE business environment
   International Conference on Internet Computing , Informatics in E-Business and applied Computing ( ICIEACS 2012 )
                                         Venue : Hotel RAMADA , Bur Dubai, UAE
                                                Date : 27 – 28 July, 2012




         Thirty three per cent (33%) of respondents reported that the number of employees in their company
ranged between 1,000 and 10,000. Regarding mobile platforms used within the organization, a mixed response
was received. Nearly 40% of the organizations used blackberry and 22% used the Apple iPhone. However, one
of the striking findings was that only 3.8% used Windows phone. The data collected also indicated that 26%
adopted tablet computers that run mobile platforms. This signals that highly capable smartphones and tablets are
being used in organizations as a means of providing employees with mobile access to corporate resources and
these devices may replace everyday PCs’ in the near future. Most of the respondents (86%) confirmed that their
organizations used a documented security policy. Furthermore, 46% of the sample used security policies for
mobile phones, smartphones and tablet computers. This will reduce the number of future incidents in which
sensitive data gets lost or compromised and viruses being spread. Nearly 42% of respondents confirmed that
their organizations allowed personal mobile devices to be used inside the organization. Also, 42% percent of
respondents were allowed to connect mobile devices including tablets to their organizations local network. This
can increase security risks in terms of exposing customer or corporate information. Regarding storage of
company data on company-owned mobile devices, 40% reported that they store company owned mobile devices
while 47% claim that they do not. Results also revealed that 21% of the respondents do store company data on
their own mobile devices.

Personal use of Smart phones

         The data collected concerning the respondents’ personal use of smart phones indicated that 53% used
blackberry while 33% used Apple iPhone. With reference to mobile device security, 66% of respondents
reported that they have not used any mobile ant-virus and 60% have not used any anti-theft products or software
on their mobile devices. Sixty percent of respondents have not encrypted sensitive data on their mobile devices.
This also puts the organizations information at high risk of getting disclosed or stolen. Nearly 44% have
adequate knowledge of MSecurity and would like to learn more about such issues. However, nearly 18% of the
respondents have little or no awareness at all about the Smart Phones security.



VI. DISCUSSION

         Business environment nowadays has become pervasively penetrated by mobile devices including Smart
Phones. Industries across the world are embracing mobile devices as a part of their ICT environment. These
devices were used in some cases to connect to highly sensitive systems, such as SCADA’s and healthcare
systems, which made these networks vulnerable to security breaches. Furthermore, being able to remotely
control or monitor a system poses serious risks, such as changing the behavior of these systems, disabling them,
or used them for illegal purposes.

         As the data suggested, employees were allowed to use their personal smart phones for business and
within organizations. Protection software was not used on these devices and even if it is used it may not be
effective without professional help from IT departments. IT security is a process that needs continuous attention.
One vulnerability is sufficient to compromise the whole system or network. Mobile devices may be going
     International Conference on Internet Computing , Informatics in E-Business and applied Computing ( ICIEACS 2012 )
                                           Venue : Hotel RAMADA , Bur Dubai, UAE
                                                  Date : 27 – 28 July, 2012




through the same path that desktop systems went through when it comes to protection and security. However,
mobile devices may be greatly affected than desktops did. Lack of processing power may lead users to ignore
the installation of protection software, be it antivirus, firewall, encryption, remote wipeout etc. In addition,
policies written for RIM Blackberry devices may not be enforceable on devices running iOS and Android, thus,
these policies may be overlooked at least at this time. The increase in number of rogue apps in the app store and
the number of serious security flaws discovered on Android OS have reached alarming heights. The later
coupled with the findings of this study, namely the percent of mobile devices without protection software (66%)
and the increasing number of readymade hacking tools suggest that the implementation of security rules, best
practices, security software and tools, and enforcing mechanisms across organizations must be of top priority.

VII. LIMITATIONS AND RECOMMENDATIONS

            This study is limited to employees from the UAE. The same study if conducted in other countries may
lead to different findings. Therefore, generalizing the findings to population out of the UAE may not be
adequate. Our recommendation is to repeat the same study in different countries to determine if the findings are
to be generalized to population out of the UAE.

VIII.CONCLUSION

            Smart Phones such as the iPhone, Google’s Android based devices are changing the ways we conduct
business. There is no doubt that the benefits are tremendous. However, organization’s sensitive and confidential
data is being stored and accessed by these devices. Some organizations own these smart phones, which makes
controlling and managing them easier. However, privately owned smart phones and mobile devices were
increasingly being used without the knowledge of the IT department, which again increases the risk of security
breaches.

            Mobile ICT Security Policies have to be revised to include different types of mobile platforms. In
addition, they have to be flexible to be enforceable. Enforcement mechanisms for these policies are instrumental
in protecting sensitive and private data. The authors wish to acknowledge Mrs. Rekha Pillai from the
Department of Business Administration for proof reading the paper.

REFERENCES

1.   Dearman, D. and Pierce, J. (2008). It’s on my other computer!: computing with multiple devices. CHI 2008,
     767--776. ACM Press, New York.
2.   Coiera, E. (2000). When conversation is better than computation. J Am Med Inform Assoc 2000;7(3):277-
     286.
3.   Maly, F., Kozel, T., Slaby, A. (2008). Mobile approach, trends and technologies in modern information
     system. Proceedings of the 7th WSEAS International Conference on Applied Computer & Applied
     Computational Science (ACACOS'08). Hangzhou, China, April 6-8, 2008. ISSN 1790-5117. ISBN 978-
     960-6766-49-7.
     International Conference on Internet Computing , Informatics in E-Business and applied Computing ( ICIEACS 2012 )
                                           Venue : Hotel RAMADA , Bur Dubai, UAE
                                                  Date : 27 – 28 July, 2012




4.   Schmidt, A.D., Schmidt, H.G., Batyuk, L., Clausen, J.H., Camtepe, S.A., Albayrak, S. and Yildizli, C.
     (2009). Smartphone malware evolution revisited: Android next target? Proceedings of the 4th IEEE
     International Conference on Malicious and Unwanted Software (Malware 2009), pp. 1-7.
5.   Eric, Y. and Mistutaka, I. (2010). Virtual smartphone over IP. IEEE International Symposium on a World
     of Wireless Mobile and Multimedia Networks (WoWMoM), pp. 1-6, Giugno 2010.
6.   Li, F., Yang, Y. and Wu, J. (2010). CPMC: An Efficient Proximity Malware Coping Scheme in
     Smartphone-based Mobile Networks. INFOCOM, 2010 Proceedings IEEE.

6 a.     Robles, R.J. and Kim, T. (2011). Scheme to Secure Communication of SCADA Master Station and
     Remote HMI’s through Smart Phones. Journal of Security Engineering (8).3.

7.   Allam, S. and Flowerday, S. (2010). An adaptation of the awareness boundary model towards smartphone
     security. Information Security South Africa (ISSA), 2011, pp. 1-8.

7 a. Ko, H. (2008) A New Data Filtering Method for Auto Vacc in Handheld Device. Journal of Security
     Engineering. 5(1).

7 b. Woodbridge J., Nahapetian A., Noshadi H., Kaiser W., Sarrafzadeh M. (2009). Wireless Health and the
     Smart Phone Conundrum. Proceeding of the 2nd Joint Workshop on High Confidence Medical Devices,
     Software, Systems and Medical Device Plug-and-Play Interoperability (HCMDSS/MDPnP 2009), San
     Francisco, CA, USA. From: http://www.cs.ucla.edu/~ani/publications/smartphoneconundrum.pdf

8.   Turner, H., White, T., Thompson, V., Zienkiewicz, K, Campbell, S. and Schmidt, D. (2009). Building
     Mobile Sensor Networks Using Smartphones and Web Services: Ramifications and Development
     Challenges.     Handbook       of   Research     on    Mobility          and   Computing,   Hershey,   PA.    From:
     HTTP://LSRG.CS.WUSTL.EDU/~SCHMIDT/PDF/NEW-WW-MOBILE-COMPUTING.PDF

 8 a.     Li, B. and Im, E.G. (2011). Smartphone, promising battlefield for hackers. Journal of Security
     Engineering 8(1). From :

       HTTP://WWW.SERSC.ORG/JOURNALS/JSE/VOL8_NO1_2011/9.PDF

9.   Android dev phone 1. From: www.code.google.com/android/dev-devices.html
10. Apple iPhone. From: www.apple.com/iphone
11. Blackberry smart phones. From www.na.blackberry.com
12. Ongtang, M., McLaughlin, S., Enck, W. and McDaniel, P. (2009). Semantically Rich Application-Centric
     Security in Android. ACSAC, pp.340-349, 2009 Annual Computer Security Applications Conference.
13. Corner, M.D. and Noble, B.D. (2002). Zero-interaction authentication. In Proceedings of the 8th annual
     international conference on Mobile computing and networking, pages 1–11. ACM New York, NY, USA.
14. Red herring mobiles scream for help: Uk-based mobile security company adds security to mobile phones,
     October 2006.
15. Red Hat Enterprise Linux 4 User Guide. Available at: http://www.centos.org/docs/4/pdf/rhel-sg-en.pdf.
16. FBI Computer Crime Survey (2005). From :
     http://mitnicksecurity.com/media/2005%20FBI%20Computer%20Crime%20Survey%20Report.pdf
   International Conference on Internet Computing , Informatics in E-Business and applied Computing ( ICIEACS 2012 )
                                         Venue : Hotel RAMADA , Bur Dubai, UAE
                                                Date : 27 – 28 July, 2012




17. Oberheide, J., Veeraraghavan, K., Cooke, E., Flinn, J. and Jahanian, F. (2008). Virtualized in-cloud security
    services for mobile devices. In Proc. of MobiVirt ’08, pages 31–35, June 2008
18. Nokia Corporation. Maemo sdk. From: http://maemo.org/
19. Nullriver, Inc. iphone installer.app. (2008). From: http://www.iphone.nullriver.com
20. Google Android - an open handset alliance project (2008). From: http://code.google.com/android
21. Bickford, J., O'Hare, R., Baliga, A., Ganapathy, V. and Iftode, L. (2010) Rootkits on Smart Phones:
    Attacks, Implications and Opportunities. In Workshop on Mobile Computing Sys. and Appl.
    (HotMobile’10). ACM.
22. Cai, L., Machiraju, S. and Chen, H. (2009) Defending against sensor-sniffing attacks on mobile phones. In
    MobiHeld ’09: Proceedings of the 1st ACM workshop on Networking, systems, and applications for mobile
    handhelds, pages 31–36, New York, NY, USA, 2009. ACM.
23. P. Traynor, M. Lin, M. Ongtang, V. Rao, T. Jaeger, P. Mc-Daniel, and T. La Porta (2009). On cellular
    botnets: Measuring the impact of malicious devices on a cellular network core. In Proceedings of the 16th
    ACM conference on Computer and communications security, pp 223–234. ACM.
24. Xu, N., Zhang, F., Luo, Y., Jia, W., Xuan, D. and Teng, J. (2009). Stealthy video capturer: a new video-
    based spyware in 3g smartphones. In Proceedings of the second ACM conference on Wireless network
    security, pp 69–78, New York, NY, USA, 2009. ACM.
25. Schlegel, R., Zhang, K., Zhou, X., Intwala, M., Kapadia, A. and Wang, X. (2011). Soundcomber: A Stealthy
    and Context-Aware Sound Trojan for Smartphones. In Proceedings of the 18th Annual Network &
    Distributed System Security Symposium (NDSS '11), pp. 17–33.
26. N. Hardy. (1988) The Confused Deputy. ACM Operating Systems Review, 22(4):36–38.
27. BullGuard Mobile Security. From: http://www.bullguard.com/products/bullguard-mobile-security-10.aspx
28. SMobile Security Shield. From: http://www.smobilesystems.com/
29. Kaspersky Mobile Security. From: http://www.kaspersky.com/kaspersky_mobile_security
30. ESET Mobile Security. From: http://www.eset.com/us/home/products/mobile-security/
31. Lookout Premium. From: https://www.mylookout.com/premium/
32. Norton Smartphone Security. From: http://us.norton.com/mobile-security/
33. F-Secure Mobile Security. From: http://mobile.f-secure.com/
34. BitDefender Mobile Security. From: http://m.bitdefender.com/
35. NetQin Mobile Anti-virus. From: www.netqin.com/en/antivirus/
36. SimWorks Anti-Virus. From: http://www.simworks.biz/sav/AntiVirus.php?id=home
37. Portokalidis, G., Homburg, P., Anagnostakis, K. and Bos, H. (2010). Paranoid Android: Zero-day
    protection for smartphones using the cloud. In Annual Computer Security Applications Conference
    (ACSAC’10), Austin, TX, Dec. 2010.
38. Becher, M., Freiling, F. and Leider, B. (2007) On the Effort to Create Smartphone Worms in Windows
    Mobile. Proceedings of the 2007 IEEE Workshop on Information Assurance United States Military
    Academy, West Point, NY, 20-22 June 2007.
39. Hamdi, M. (2010). Architecture and Insecurity Issues of a Handheld Device Journal of Security
    Engineering 7(6).
   International Conference on Internet Computing , Informatics in E-Business and applied Computing ( ICIEACS 2012 )
                                         Venue : Hotel RAMADA , Bur Dubai, UAE
                                                Date : 27 – 28 July, 2012




40. Dietz, M., Shekhar, S., Pisetsky, Y., Shu, A., and Wallach, D. S. (2011). QUIRE: Lightweight Provenance
    for Smart Phone Operating Systems. USENIX Security.
41. Ioannidis, S., Bellovin, S. M. and Smith, J. (2002). Suboperating systems: A new approach to application
    security. SIGOPS European Workshop.
42. Becher M., Freiling C. F. Hoffmann, J. , Holz T. , Uellenbeck S., Wolf C. (2011) Mobile Security Catching
    Up? Revealing the Nuts and Bolts of the Security of Mobile Devices
43. M. Becher, “Security of smartphones at the dawn of their ubiquitousness,” Ph.D. dissertation, University of
    Mannheim, Oct. 2009.
44. Booz Allen Hamilton (2011). Cybersecurity in the Age of Mobility:Building a Mobile Infrastructure that
    Promotes Productivity Retrieved April 7, 2012 from
    http://www.cyberhub.com/viewpoints/Resource/2?resourceID=Virtualization%20A%20Technique%20for
    %20Securing%20the%20Consumerized%20Organization.pdf
45. 3GPP, “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects;
    3G security; Security principles and objectives (Release 4),” 3rd Generation Partnership Project (3GPP),
    Tech. Rep., Mar. 2001.

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:6
posted:9/16/2012
language:English
pages:10