Network Aware Adaptive Security for Mobile Computing

Abstract

Context and Challenges: In recent years, mobile computing has replaced the traditional computing paradigm with mobility-driven and context-aware commu- nication and computation. Mobile computing empowers its users to exploit the context information and mobility to perform various activities, such as mobile commerce, location-aware social networking and pulse-based health monitoring. Despite these bene ts, there are various critical challenges - such as security, re- source scarcity, and power consumption etc. - that need to be addressed to increase the pervasiveness of the mobile computing. The research state-of-the-art highlights that security and privacy are among the most critical issues in the context of mo- bile computing. The existing research lacks solutions to enable self-protection of mobile devices against runtime changes in the mobile computing environment. Solution and Implications: In this thesis, rst we report the empirical re- sults of our mapping study that highlights a collective impact, shortcomings and futuristic dimensions of research on security for mobile computing. We then ad- dress the challenges of self-protection of mobile devices and their critical resources in an unsecured networked environment. We proposed and developed a framework - for adaptive security - that dynamically adapts the security of a mobile device as per the con gurations of the network to which the device is connected. We unify the research on autonomic computing and computer security to develop a frame- work that enables runtime protection for mobile devices. The proposed framework enables self-protection mechanism for mobile devices - addressing runtime threats by means of adaptive security. The solution advances state-of-the-art on adaptive security and speci cally enables the self-protection mechanism for mobile devices that connect to and operate in non-secure and ad-hoc networks. Implementation and Validation: As proof of the concept and validation of the solution, we have developed an android-based network monitoring system that enables automation and provides user's decision support to prevent security threats. Based on the ISO-IEC 9126-1 model for evaluating software quality, our evaluations of the framework suggest computational, energy e ciency and usability of the solution. The futuristic challenges for our research relate to the security of mobile-cloud computing systems.