International Conference on Internet Computing , Informatics in E-Business and applied Computing ( ICIEACS 2012 ) Venue : Hotel RAMADA , Bur Dubai, UAE Date : 27 – 28 July, 2012 Smart Phones: another IT Security scuffle Mhamed Zineddine Huda Kindi MIS Department ALHOSN University, Abu Dhabi, UAE Abstract : Smart Phones have been pervasively and ubiquitously penetrating and integrating into an organization’s Information and Communication Technology (ICT) environment at a speedy rate. However, sensitive data such as instant message conversations, emails, credit card numbers, passwords and corporate private data made its ways into these devices. Smart Phones thus have become attractive targets to hackers, crackers, scammers and others. This paper is a part of a comprehensive study of Smart Phones and IT security dilemma from the employees’ and their organizations’ perspective. The paper employs a survey method to investigate if employees who are using their smart phone devices in the organization’s IT environment are aware of security threats emerging from the use of mobile devices and the mobile security policies in place. Results revealed that nearly 42% of the sample (171 participants) studied confirm that their organizations allow personal mobile devices to be used inside the organization and more than 60% of respondents report that they have not used any mobile ant-virus and anti-theft products or software on their mobile devices, although the majority is aware of the security threats. Meanwhile, 18% of the respondents report little or nil awareness about the Smart Phones security. The findings of this study reveal that mobile devices are not only invading an organizations’ ICT environment, but their complex and heterogeneous nature is making the environment they operate in susceptible to breaches. Key Words: ICT security, Smart Phones, Mobile Devices. I. INTRODUCTION Years ago, work environment encompassed a network of portable or fixed workstations that supported employees’ daily tasks at the company premises or at home . Early mobile phones were limited to basic activities such as voice calls and SMS messages. The fast evolving Smartphones such as the Apple iPhone , Blackberry smartphones , and the Google Android phone  to mention a few, with their increasing connectivity and computing power, extended this environment. In addition to physical Smartphones, virtual Smartphones over IP system in the form of images in the mobile cloud  enabled users to customize each image as they saw fit. Globalization, extensive use of Information Communication Technology, and telecommuting led to extensive use of mobile devices . The majority of institutions built their systems around blackberry platforms running RIM's Blackberry Operating Systems (OS), [2,3]. Nowadays, mobile devices, especially smart phones are widely used by employees  Apple’s iOS, Google’s Android OS, Microsoft’s Windows Mobile and Windows Phone, Nokia’s Symbian, Palm’s OS, Linux based International Conference on Internet Computing , Informatics in E-Business and applied Computing ( ICIEACS 2012 ) Venue : Hotel RAMADA , Bur Dubai, UAE Date : 27 – 28 July, 2012 OSs Maemo and MeeGo are flooding corporate environment, which make it vulnerable to ICT security attacks. Securing mobile access to firms’ ICT assets is a core problem in the mobile enabled ICT environment . The Increased numbers of vendors penetrating the Smart Phones market add to the complexity of securing these assets. Comprehensive security solutions do exist, however, the cost factor made them less accessible to small businesses . Furthermore, sufficient knowledge and understanding of security mechanisms and the application used on Smart Phone is to be strengthened . The remainder of the paper is structured as follows. Section 2 reviews recent studies relating to Smartphone security issues and Section 3 pertains to the problem and the research questions addressed in the study. Section 4 states the research design and methodology adopted in the study. Section 5 presents the analysis while section 6 presents the discussion. Section 7 and 8 concludes the study with limitations, recommendations and scope for further research. II. BACKGROUND OF THE STUDY Smart Phones integration In recent years, Smart Phones have been pervasively and ubiquitously penetrating into organization’s ICT environment in a higher rate than ever. Mobile phone based Supervisory Control and Data Acquisition (SCADA) integration using the general packet radio service (GPRS) or wireless application protocol (WAP) enabled the operator to display and change the plant configuration parameters using his mobile phone. Adopting this remote option reduces maintenance costs and improves productivity . The conventional SCADA is made of a master station, Programmable logic controllers (PLC)/remote terminal units (RTU), fieldbus, and sensors. Internet SCADA replaces or extends the fieldbus to the Internet [6a]. Other examples include healthcare [7, 7a, 7b, 39], sensor networks  etc. Market shares of Smart Phone’s operating systems Google’s Android and MS windows mobile are gaining ground in the Smart Phones market according to Gartner's analysis of global Q2 2011 Smart Phone sales and 2012 predictions as shown in Figure 1 and Figure2. However, the Symbian system is being phased-out. Figure1: Source: Gartner (August 2011) Figure 2: Source: Gartner (April 2011) New smart phones are equipped with a rich combination of hardware and software that enable the user to interact with the cyberspace and the phone network. However, the increasing complexity, the heterogeneous nature of these devices has also increased their vulnerabilities to attacks and the number of security threats. Security threats on Smart Phones International Conference on Internet Computing , Informatics in E-Business and applied Computing ( ICIEACS 2012 ) Venue : Hotel RAMADA , Bur Dubai, UAE Date : 27 – 28 July, 2012 Smart phones have been evolving to encompass more computers “like” capabilities. Multiple software applications have been developed to handle several tasks. Sensitive data, however, made its way to these devices such as instant message conversations, emails, credit card numbers, passwords, corporate private data etc. Smart Phones have thus become attractive targets to hackers, crackers, scammers etc. . Hackers may move the battlefield to smartphones due to the embedded profit factor [8a]. Stolen Smart Phones might lead to unauthorized disclosure, deception, disruption, usurpation, or other malicious and/or unlawful activities. Stolen mobile phone owners are more concerned about the misuse of services and information than the monetary value of the device itself . The security track of traditional ICT infrastructure (PCs, servers, routers etc.) reflects the darker side of ICT security. Information security issues were brought into the spotlight after the popular Kevin Mitnick incident. Furthermore, an estimated loss of 50 million worth of intellectual property and source code stolen were reported from Nokia, NEC, Sun Microsystems, Novell, Fujitsu, and Motorola . In addition, viruses, Trojans, botnets, worms, adware, and spyware are other negative issues which follow the scandals . At present, Smart Phones are moving towards the same capabilities of traditional computer devices. They offer a rich environment for software applications developer including “multi-protocol networking stack, UI toolkits, and file systems”  which make them as vulnerable as their bulky desktop cousins. Also, thousands of applications have been developed for multiple smart phones platforms (, , and ). Today’s Smart Phone are able to perform logic processing, therefore, malicious software based on malicious logic will be executed on these platforms. Some other challenges facing the evil doers are the understanding of the software structure, design of operating systems running of drivers, hardware, processors and the architecture used in Smart Phones (ARM1, Intel ATOM2 etc…). However, it is only a question of time. Viruses, Spyware, Malware etc. have been already detected in Mobile based Smart phones (, , , ,  and ). Unfortunately, Smart Phone manufactures are still following old simple system designs, starting with an open system and letting the users lock it down later. This strategy makes life easier. Applications on Smart Phones enjoy broad security privileges to make network connections, access data and communicate with other applications (app) on the device. A vetting process is used by Apple’s iPhone/app store to protect users from malicious apps (They may remotely delete an offending application) . Apps used on the Smart Phones are still susceptible to other vulnerabilities such as buffer overflow attacks etc. Jail breaking is widely used to run other unauthorized apps on iPhone, which makes Apple’s vetting process ineffective. In contrast, Google’s Android follows a design similar to SubOS . Apps on Google’s Android run with different UNIX user ids, to mitigate the impact of an application being compromised. However, Confused Deputy attacks still hold . Furthermore, Google’s Android platforms can be susceptible to rooting to attain privileged control or commonly termed as root access. 1 ARM is a 32-bit reduced instruction set computer (RISC) instruction set architecture (ISA) developed by ARM Holdings 2 Intel Atom is the brand name for a line of ultra-low-voltage x86 and x86-64 CPUs (or microprocessors) from Intel, designed in 45 nm CMOS and used mainly in netbooks , nettops, embedded application ranging from health care to advanced robotics and Mobile Internet devices (MIDs). Counter measures International Conference on Internet Computing , Informatics in E-Business and applied Computing ( ICIEACS 2012 ) Venue : Hotel RAMADA , Bur Dubai, UAE Date : 27 – 28 July, 2012 To deal with mobile-based threats, new security companies in traditional computer protection, in addition to new mobile focused companies have been marketing mobile specific versions of security software [27, 28, 29, 30, 31, 32, 33, 34, 35 and 36]. The level of complexity and threats increase to Smart Phone platforms, although they may belong to Apple’s iOS, Google’s Android OS, Microsoft’s Windows Mobile and Windows Phone, Nokia’s Symbian, Palm’s OS, Linux based OSs Maemo and MeeGo etc... Mobile antivirus, detection/prevention system to scan and monitor Smart Phone activities, Firewalls to control IP-based access and other security solutions are more likely to follow the same track as their desktop counterparts. Lack of resources on mobile devices is an impediment for implementing sophisticated functionalities to detect intricate malware. Resources required to run security software may lead users to be less enthusiastic to adopt more sophisticated security applications at present. . Mobile devices threats and remedies Mobile device based threats and attacks can be divided into four classes  namely hardware-centric, device independent, software-centric and user layer attacks : • Hardware-centric attacks which requires physical access to the device makes them not easily exploitable. • Device-independent attacks which involves eavesdropping on the wireless connection or leaking mirrored private data from the back end systems. • Software-centric attacks center around web based applications attacks center around web based applications which reveal a great deal of exploitable vulnerabilities. • User layer attacks which are not of technical nature, but are designed to trick the user to help override existing technical security mechanisms. Spyware and malware programs are typical examples that use such type of attacks. In order to defend the device against each category of attacks, a different type of mechanism is required . The first category (Hardware-centric attacks) can be mitigated by adding sound encryption mechanisms to protect communication between hardware components and protect stored data. For instance, the communication between the mobile device and the Smartcard should be encrypted. Furthermore, Mobile devices are susceptible to loss and theft. To deal with the type of issues remote wipeout and self-destroy mechanisms should be in place. The second category (Device-independent attacks) can be mitigated by using sound encryption mechanisms and protocols. For instance, adopting new systems such as UMTS (Universal Mobile Telecommunications System), as it is designed to be less vulnerable to flaws known in GSM . Mobile devices are easy targets when connected through unsecured and ragged “Wi-Fi” network access points. Thus, they should be configured to connect only to trusted wireless networks with strong encryption mechanisms in place. Also, mobile devices are treated as personal property, thus not subjected to the normal security practices imposed by organizations such as backup and securing data stored in mobile devices. III. THE PROBLEM/RESEARCH QUESTIONS There is no doubt, that mobility is becoming a critical part of today’s ICT infrastructure, be it traditional computing devices such as laptops, Tablet PCs or the recently introduced Smart Phones. The latter International Conference on Internet Computing , Informatics in E-Business and applied Computing ( ICIEACS 2012 ) Venue : Hotel RAMADA , Bur Dubai, UAE Date : 27 – 28 July, 2012 has been pervasively and ubiquitously penetrating, integrating into the corporate and organization’s ICT environment. The problem is that they are usually personally owned, managed, and may pose an ICT security threat to the environment they are operating in. This paper is aimed at finding out if employees are using their smart phone devices in the organization’s IT environment and are aware of security threats emerging from the use of mobile devices and the mobile security policies in their organizations. IV. RESEARCH DESIGN This research consists of two phases. The first phase is concerning employees and their use of Smart Phones. It is quantitative, non-experimental research study utilizing primary data collected using a questionnaire. SPSS version 19 is used to generate statistical information. 4.1 Population and Sampling The population targeted in this study consist of employees from different industries. Questionnaires were distributed to 850 employees from different organizations from which 171 responses were collected. 4.2 Pilot test of the instrument The instrument used in this study has been through a face validity process, which ensures that the instrument is at least superficially capturing what is intended to be measured. Content validity was used to minimize the subjectivity factor that may hinder the face validity process. The feedback from a panel of experts was used to achieve content validity. Enhancements and changes suggested were made to the survey. Reliability on the other hand is about the consistency of results and whether it is free of random or unstable errors. The researcher, made every effort in minimizing errors in the process of entering the data collected using a standardized data collection instrument, implementing the appropriate sample designs and sampling procedures, adequate survey administration procedures, data verification and correction procedures. All the scales were designed to be on a positive direction. Cronbach's alpha (Cronbach, 1951) is a measure of reliability and internal consistency. The value of Cronbach’s Alpha in this study is 0.759 which suggests that the instrument is reliable. The second phase is concerning organizations’ management of these devices and policy enforcement. IT directors, CIO’s, SIT security officers will be approached for data gathering V. DATA ANALYSIS Demographic data analysis The data collected revealed that fifty one per cent of respondents were employed in the government sector. Smart Phone use in the UAE business environment International Conference on Internet Computing , Informatics in E-Business and applied Computing ( ICIEACS 2012 ) Venue : Hotel RAMADA , Bur Dubai, UAE Date : 27 – 28 July, 2012 Thirty three per cent (33%) of respondents reported that the number of employees in their company ranged between 1,000 and 10,000. Regarding mobile platforms used within the organization, a mixed response was received. Nearly 40% of the organizations used blackberry and 22% used the Apple iPhone. However, one of the striking findings was that only 3.8% used Windows phone. The data collected also indicated that 26% adopted tablet computers that run mobile platforms. This signals that highly capable smartphones and tablets are being used in organizations as a means of providing employees with mobile access to corporate resources and these devices may replace everyday PCs’ in the near future. Most of the respondents (86%) confirmed that their organizations used a documented security policy. Furthermore, 46% of the sample used security policies for mobile phones, smartphones and tablet computers. This will reduce the number of future incidents in which sensitive data gets lost or compromised and viruses being spread. Nearly 42% of respondents confirmed that their organizations allowed personal mobile devices to be used inside the organization. Also, 42% percent of respondents were allowed to connect mobile devices including tablets to their organizations local network. This can increase security risks in terms of exposing customer or corporate information. Regarding storage of company data on company-owned mobile devices, 40% reported that they store company owned mobile devices while 47% claim that they do not. Results also revealed that 21% of the respondents do store company data on their own mobile devices. Personal use of Smart phones The data collected concerning the respondents’ personal use of smart phones indicated that 53% used blackberry while 33% used Apple iPhone. With reference to mobile device security, 66% of respondents reported that they have not used any mobile ant-virus and 60% have not used any anti-theft products or software on their mobile devices. Sixty percent of respondents have not encrypted sensitive data on their mobile devices. This also puts the organizations information at high risk of getting disclosed or stolen. Nearly 44% have adequate knowledge of MSecurity and would like to learn more about such issues. However, nearly 18% of the respondents have little or no awareness at all about the Smart Phones security. VI. DISCUSSION Business environment nowadays has become pervasively penetrated by mobile devices including Smart Phones. Industries across the world are embracing mobile devices as a part of their ICT environment. These devices were used in some cases to connect to highly sensitive systems, such as SCADA’s and healthcare systems, which made these networks vulnerable to security breaches. Furthermore, being able to remotely control or monitor a system poses serious risks, such as changing the behavior of these systems, disabling them, or used them for illegal purposes. As the data suggested, employees were allowed to use their personal smart phones for business and within organizations. Protection software was not used on these devices and even if it is used it may not be effective without professional help from IT departments. IT security is a process that needs continuous attention. One vulnerability is sufficient to compromise the whole system or network. Mobile devices may be going International Conference on Internet Computing , Informatics in E-Business and applied Computing ( ICIEACS 2012 ) Venue : Hotel RAMADA , Bur Dubai, UAE Date : 27 – 28 July, 2012 through the same path that desktop systems went through when it comes to protection and security. However, mobile devices may be greatly affected than desktops did. Lack of processing power may lead users to ignore the installation of protection software, be it antivirus, firewall, encryption, remote wipeout etc. In addition, policies written for RIM Blackberry devices may not be enforceable on devices running iOS and Android, thus, these policies may be overlooked at least at this time. The increase in number of rogue apps in the app store and the number of serious security flaws discovered on Android OS have reached alarming heights. The later coupled with the findings of this study, namely the percent of mobile devices without protection software (66%) and the increasing number of readymade hacking tools suggest that the implementation of security rules, best practices, security software and tools, and enforcing mechanisms across organizations must be of top priority. VII. LIMITATIONS AND RECOMMENDATIONS This study is limited to employees from the UAE. The same study if conducted in other countries may lead to different findings. Therefore, generalizing the findings to population out of the UAE may not be adequate. Our recommendation is to repeat the same study in different countries to determine if the findings are to be generalized to population out of the UAE. VIII.CONCLUSION Smart Phones such as the iPhone, Google’s Android based devices are changing the ways we conduct business. There is no doubt that the benefits are tremendous. However, organization’s sensitive and confidential data is being stored and accessed by these devices. Some organizations own these smart phones, which makes controlling and managing them easier. However, privately owned smart phones and mobile devices were increasingly being used without the knowledge of the IT department, which again increases the risk of security breaches. Mobile ICT Security Policies have to be revised to include different types of mobile platforms. In addition, they have to be flexible to be enforceable. Enforcement mechanisms for these policies are instrumental in protecting sensitive and private data. The authors wish to acknowledge Mrs. Rekha Pillai from the Department of Business Administration for proof reading the paper. REFERENCES 1. Dearman, D. and Pierce, J. (2008). It’s on my other computer!: computing with multiple devices. CHI 2008, 767--776. ACM Press, New York. 2. Coiera, E. (2000). When conversation is better than computation. J Am Med Inform Assoc 2000;7(3):277- 286. 3. Maly, F., Kozel, T., Slaby, A. (2008). Mobile approach, trends and technologies in modern information system. Proceedings of the 7th WSEAS International Conference on Applied Computer & Applied Computational Science (ACACOS'08). Hangzhou, China, April 6-8, 2008. ISSN 1790-5117. ISBN 978- 960-6766-49-7. International Conference on Internet Computing , Informatics in E-Business and applied Computing ( ICIEACS 2012 ) Venue : Hotel RAMADA , Bur Dubai, UAE Date : 27 – 28 July, 2012 4. Schmidt, A.D., Schmidt, H.G., Batyuk, L., Clausen, J.H., Camtepe, S.A., Albayrak, S. and Yildizli, C. (2009). Smartphone malware evolution revisited: Android next target? Proceedings of the 4th IEEE International Conference on Malicious and Unwanted Software (Malware 2009), pp. 1-7. 5. Eric, Y. and Mistutaka, I. (2010). Virtual smartphone over IP. IEEE International Symposium on a World of Wireless Mobile and Multimedia Networks (WoWMoM), pp. 1-6, Giugno 2010. 6. Li, F., Yang, Y. and Wu, J. (2010). CPMC: An Efficient Proximity Malware Coping Scheme in Smartphone-based Mobile Networks. INFOCOM, 2010 Proceedings IEEE. 6 a. Robles, R.J. and Kim, T. (2011). Scheme to Secure Communication of SCADA Master Station and Remote HMI’s through Smart Phones. Journal of Security Engineering (8).3. 7. Allam, S. and Flowerday, S. (2010). An adaptation of the awareness boundary model towards smartphone security. Information Security South Africa (ISSA), 2011, pp. 1-8. 7 a. Ko, H. (2008) A New Data Filtering Method for Auto Vacc in Handheld Device. Journal of Security Engineering. 5(1). 7 b. Woodbridge J., Nahapetian A., Noshadi H., Kaiser W., Sarrafzadeh M. (2009). Wireless Health and the Smart Phone Conundrum. Proceeding of the 2nd Joint Workshop on High Confidence Medical Devices, Software, Systems and Medical Device Plug-and-Play Interoperability (HCMDSS/MDPnP 2009), San Francisco, CA, USA. From: http://www.cs.ucla.edu/~ani/publications/smartphoneconundrum.pdf 8. Turner, H., White, T., Thompson, V., Zienkiewicz, K, Campbell, S. and Schmidt, D. (2009). Building Mobile Sensor Networks Using Smartphones and Web Services: Ramifications and Development Challenges. Handbook of Research on Mobility and Computing, Hershey, PA. From: HTTP://LSRG.CS.WUSTL.EDU/~SCHMIDT/PDF/NEW-WW-MOBILE-COMPUTING.PDF 8 a. Li, B. and Im, E.G. (2011). Smartphone, promising battlefield for hackers. Journal of Security Engineering 8(1). From : HTTP://WWW.SERSC.ORG/JOURNALS/JSE/VOL8_NO1_2011/9.PDF 9. Android dev phone 1. From: www.code.google.com/android/dev-devices.html 10. Apple iPhone. From: www.apple.com/iphone 11. Blackberry smart phones. From www.na.blackberry.com 12. Ongtang, M., McLaughlin, S., Enck, W. and McDaniel, P. (2009). Semantically Rich Application-Centric Security in Android. ACSAC, pp.340-349, 2009 Annual Computer Security Applications Conference. 13. Corner, M.D. and Noble, B.D. (2002). Zero-interaction authentication. In Proceedings of the 8th annual international conference on Mobile computing and networking, pages 1–11. ACM New York, NY, USA. 14. Red herring mobiles scream for help: Uk-based mobile security company adds security to mobile phones, October 2006. 15. Red Hat Enterprise Linux 4 User Guide. Available at: http://www.centos.org/docs/4/pdf/rhel-sg-en.pdf. 16. FBI Computer Crime Survey (2005). From : http://mitnicksecurity.com/media/2005%20FBI%20Computer%20Crime%20Survey%20Report.pdf International Conference on Internet Computing , Informatics in E-Business and applied Computing ( ICIEACS 2012 ) Venue : Hotel RAMADA , Bur Dubai, UAE Date : 27 – 28 July, 2012 17. Oberheide, J., Veeraraghavan, K., Cooke, E., Flinn, J. and Jahanian, F. (2008). Virtualized in-cloud security services for mobile devices. In Proc. of MobiVirt ’08, pages 31–35, June 2008 18. Nokia Corporation. Maemo sdk. From: http://maemo.org/ 19. Nullriver, Inc. iphone installer.app. (2008). From: http://www.iphone.nullriver.com 20. Google Android - an open handset alliance project (2008). From: http://code.google.com/android 21. Bickford, J., O'Hare, R., Baliga, A., Ganapathy, V. and Iftode, L. (2010) Rootkits on Smart Phones: Attacks, Implications and Opportunities. In Workshop on Mobile Computing Sys. and Appl. (HotMobile’10). ACM. 22. Cai, L., Machiraju, S. and Chen, H. (2009) Defending against sensor-sniffing attacks on mobile phones. In MobiHeld ’09: Proceedings of the 1st ACM workshop on Networking, systems, and applications for mobile handhelds, pages 31–36, New York, NY, USA, 2009. ACM. 23. P. Traynor, M. Lin, M. Ongtang, V. Rao, T. Jaeger, P. Mc-Daniel, and T. La Porta (2009). On cellular botnets: Measuring the impact of malicious devices on a cellular network core. In Proceedings of the 16th ACM conference on Computer and communications security, pp 223–234. ACM. 24. Xu, N., Zhang, F., Luo, Y., Jia, W., Xuan, D. and Teng, J. (2009). Stealthy video capturer: a new video- based spyware in 3g smartphones. In Proceedings of the second ACM conference on Wireless network security, pp 69–78, New York, NY, USA, 2009. ACM. 25. Schlegel, R., Zhang, K., Zhou, X., Intwala, M., Kapadia, A. and Wang, X. (2011). Soundcomber: A Stealthy and Context-Aware Sound Trojan for Smartphones. In Proceedings of the 18th Annual Network & Distributed System Security Symposium (NDSS '11), pp. 17–33. 26. N. Hardy. (1988) The Confused Deputy. ACM Operating Systems Review, 22(4):36–38. 27. BullGuard Mobile Security. From: http://www.bullguard.com/products/bullguard-mobile-security-10.aspx 28. SMobile Security Shield. From: http://www.smobilesystems.com/ 29. Kaspersky Mobile Security. From: http://www.kaspersky.com/kaspersky_mobile_security 30. ESET Mobile Security. From: http://www.eset.com/us/home/products/mobile-security/ 31. Lookout Premium. From: https://www.mylookout.com/premium/ 32. Norton Smartphone Security. From: http://us.norton.com/mobile-security/ 33. F-Secure Mobile Security. From: http://mobile.f-secure.com/ 34. BitDefender Mobile Security. From: http://m.bitdefender.com/ 35. NetQin Mobile Anti-virus. From: www.netqin.com/en/antivirus/ 36. SimWorks Anti-Virus. From: http://www.simworks.biz/sav/AntiVirus.php?id=home 37. Portokalidis, G., Homburg, P., Anagnostakis, K. and Bos, H. (2010). Paranoid Android: Zero-day protection for smartphones using the cloud. In Annual Computer Security Applications Conference (ACSAC’10), Austin, TX, Dec. 2010. 38. Becher, M., Freiling, F. and Leider, B. (2007) On the Effort to Create Smartphone Worms in Windows Mobile. Proceedings of the 2007 IEEE Workshop on Information Assurance United States Military Academy, West Point, NY, 20-22 June 2007. 39. Hamdi, M. (2010). Architecture and Insecurity Issues of a Handheld Device Journal of Security Engineering 7(6). International Conference on Internet Computing , Informatics in E-Business and applied Computing ( ICIEACS 2012 ) Venue : Hotel RAMADA , Bur Dubai, UAE Date : 27 – 28 July, 2012 40. Dietz, M., Shekhar, S., Pisetsky, Y., Shu, A., and Wallach, D. S. (2011). QUIRE: Lightweight Provenance for Smart Phone Operating Systems. USENIX Security. 41. Ioannidis, S., Bellovin, S. M. and Smith, J. (2002). Suboperating systems: A new approach to application security. SIGOPS European Workshop. 42. Becher M., Freiling C. F. Hoffmann, J. , Holz T. , Uellenbeck S., Wolf C. (2011) Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices 43. M. Becher, “Security of smartphones at the dawn of their ubiquitousness,” Ph.D. dissertation, University of Mannheim, Oct. 2009. 44. Booz Allen Hamilton (2011). Cybersecurity in the Age of Mobility:Building a Mobile Infrastructure that Promotes Productivity Retrieved April 7, 2012 from http://www.cyberhub.com/viewpoints/Resource/2?resourceID=Virtualization%20A%20Technique%20for %20Securing%20the%20Consumerized%20Organization.pdf 45. 3GPP, “3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G security; Security principles and objectives (Release 4),” 3rd Generation Partnership Project (3GPP), Tech. Rep., Mar. 2001.
Pages to are hidden for
"mhamed+zineddine"Please download to view full document