Privacy-enhanced Security Framework for Bring Your Own Device

Abstract

the term has become mainstream in 2010. BYOD refers to the phenomenon in which organizations permit and encourage employees to bring and utilize their personal devices for work activities. It is not only beneficial for enterprises but it also increases employee satisfaction. Organizations get benefit of increased productivity and reduced IT expenditure whereas the employees are able to use the mobile device which is comfortable and convenient for them. However, BYOD deployment also brings serious security and privacy concerns. Critical information of organizations can be leaked if proper measures are not taken to secure BYOD devices. Moreover, if due to BYOD model, customer’s data gets lost or compromised then the company’s reputation and trust relationship might get damaged. Several frameworks have been introduced in literature which aims at providing security to corporate data in BYOD environment but none of them provides comprehensive security. Some of the frameworks utilize Access Control models which restricts the access of corporate data from enterprise server based on defined attributes, but do not ensure security of data stored on enterprise device. Others restrict employees to install only company authorized applications on their personal device, completely nullifying the purpose of BYOD. Moreover, most of the frameworks require root privileges and modification of underlying operating system. This research focuses on providing comprehensive security to corporate data in order to support secure IT consumerization. The framework creates encrypted container on employee’s device. Corporate applications utilize this container for data storage. Other applications are not authorized to access corporate data. Moreover, it enforces security policies on device to log attempted violations. The proposed framework does not require modification to the underlying kernel and allows the IT administrator to remotely manage and control BYOD devices.