跳到主要內容

簡易檢索 / 詳目顯示

回結果列表
研究生: 郭宏毅
Hong-Yi Guo
論文名稱: BYOD 下兼顧公司安全政策與員工隱私保護之資訊流追蹤機制研究
指導教授: 陳奕明
Yi-Ming Chen
口試委員:
學位類別: 碩士
Master
系所名稱: 管理學院 - 資訊管理學系
Department of Information Management
論文出版年: 2015
畢業學年度: 103
語文別: 中文
論文頁數: 109
中文關鍵詞: Bring Your Own Device企業資料安全員工隱私保護安全政策資訊流追蹤
外文關鍵詞: Bring Your Own Device, Enterprise’s Security, Employee’s Privacy, Security Policy, Information Flow Tracking
相關次數: 點閱:10下載:0
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 隨著智慧型手機的蓬勃發展,現在有越來越多的員工能夠自行攜帶自己的行動裝置去上班,而衍生出現今「Bring Your Own Device (BYOD)」的現象。在 BYOD 之下,企業為了確保公司內的資料不被員工濫用,導入了功能強大的安全系統來做保護,然而,員工們所最關心的個人隱私問題,卻無法在現行的安全架構中能有所保障。因此,為了能夠同時繼續保護企業的資料不被員工非法的存取,又能夠同時多加保障員工的隱私資料不會被企業侵犯,本研究欲提出一個系統架構的設計,以能夠同時保護企業以及員工雙方各自的資料安全,達到雙贏的局面。在本研究的系統架構之中,企業、員工雙方可以各自對想要保護的資料加上識別的標籤,也能夠利用這些標籤來加以制定安全政策。本研究應用了「資訊流追蹤(Information Flow Tracking)」的機制,來監控行動裝置上資料的讀取以及流動情況,並且與制定好的安全政策做比對,來確保即時的資料使用情況是否確實符合已經制定好的安全政策。本研究的系統架構於數個情境的實驗中證明,無論是企業或是員工的資料發生了違規狀況,本研究的系統架構都能夠即時地偵測出來,並且對該資料做後續的保護動作,避免該資料被繼續的違規使用,證明本研究在 BYOD的環境下,確實能夠兼顧企業資料的安全與員工隱私的保護。

    With the rapid development of smart phones, more and more employees are able to carry their own mobile devices to work now, and it derivatives "Bring Your Own Device (BYOD)" phenomenon. Under BYOD, enterprise would want to ensure that the corporate’s information is not abused by employees, so enterprise introduces powerful security systems to do the protection. However, employees concerned about privacy issues the most, but existing architectures do not take it into considerations. Therefore, in order to protect corporate’s information against illegally accessing by employees, but also to pay more attention to protect the privacy of employees while privacy information will not be violated by enterprise, we propose a system architecture to simultaneously protect corporate’s and employee’s data security, to achieve a win-win situation. In this study, business and employees both sides can protect their information by identifying the label, and by using these labels to develope security policies. We use the "Information Flow Tracking" mechanism to monitor the flow of information on mobile devices, and simultaneously check the situation with the security policy, to ensure real-time information on usage is indeed comply with security policy. In the end, we use a number of experiments to prove the functionalities, while corporate’s or employee’s data violate to the policy, our architecture is able to instantly detect it, and do the follow-up of the data protection operations, to protect both employee’s privacy and corporate’s security.

    論文摘要 i Abstract ii 謝誌 iii 目錄 iv 圖目錄 vii 表目錄 xi 第一章 緒論 1 1-1 背景 1 1-2 動機 2 1-3 目的 4 1-4 章節架構 5 第二章 相關研究 6 2-1 企業因應 BYOD 的安全系統 6 2-1-1 Mobile Device Management (MDM) 6 2-1-2 Mobile Application Management (MAM) 7 2-1-3 Virtual Mobile Infrastructure (VMI) 8 2-1-4 Containerization 9 2-2 手機惡意軟體分析方式 11 2-3 資訊流追蹤 16 2-3-1 TaintDroid 17 2-3-2 TaintDroid 相關文獻 19 2-3-3 資訊流追蹤與 BYOD 之關聯 24 2-4 小結 26 第三章 研究方法 29 3-1 系統架構 29 3-1-1 系統架構圖 29 3-1-2 模組功能介紹 31 3-2 運作流程 51 3-2-1 安裝新 APP 51 3-2-2 新增資料 52 3-2-3 下載資料 55 3-2-4 卸載現有的 APP 57 3-2-5 刪除資料 58 3-2-6 存取或傳輸公司的資料 59 3-2-7 存取或傳輸員工的資料 61 第四章 實驗設計與結果討論 63 4-1 功能驗證實驗 63 4-1-1 開啟企業檔案 63 4-1-2 開啟員工檔案 66 4-1-3 傳輸企業檔案 68 4-1-4 傳輸員工檔案 71 4-1-5 例外處理 74 4-2 實驗結果討論 75 第五章 結論與未來研究 77 5-1 研究結論 77 5-2 研究貢獻 78 5-3 研究限制 79 5-4 未來研究 80 參考文獻 89

    [1] “Beyond the PC.” [Online]. Available: http://www.economist.com/sites/default/files/special-reports-pdfs/20111008_personal_ technology.pdf. [Accessed: 26-Mar-2015].
    [2] “The Financial Impact of BYOD.” [Online]. Available: http://www.cisco.com/web/about/ac79/docs/re/byod/BYOD-Economics_Presentation.p df. [Accessed: 26-Mar-2015].
    [3] Buckalew et al., “The Financial Impact of BYOD A Model of BYOD’s Benefits to Global Companies,” pp. 1–26, 2013.
    [4] “Gartner Predicts by 2017, Half of Employers will Require Employees to Supply Their Own Device for Work Purposes.” [Online]. Available: http://www.gartner.com/newsroom/id/2466615. [Accessed: 26-Mar-2015].
    [5] H. Romer, “Best practices for BYOD security,” Comput. Fraud Secur., vol. 2014, no. 1, pp. 13–15, 2014.
    [6] B. Morrow, “BYOD security challenges: Control and protect your most sensitive data,” Netw. Secur., vol. 2012, no. 12, pp. 5–8, 2012.
    [7] S. Mansfield-Devine, “Interview: BYOD and the enterprise network,” Comput. Fraud Secur., vol. 2012, no. 4, pp. 14–17, 2012.
    [8] “MDM and beyond : Rethinking mobile security in a BYOD world,” 2013.
    [9] G. Kulkarni, R. Shelke, R. Palwe, V. Solanke, S. Belsare, and S. Mohite, “Mobile Cloud Computing - Bring Your Own Device,” 2014 Fourth Int. Conf. Commun. Syst. Netw. Technol., pp. 565–568, 2014.
    [10] P. Beckett, “BYOD – popular and problematic,” Netw. Secur., vol. 2014, no. 9, pp. 7–9, 2014.
    [11] J. M. Chang, “Securing BYOD,” pp. 9–11, 2012. 90
    [12] B. Lokhande and S. Dhavale, “Overview of information flow tracking techniques based on Taint analysis for Android,” 2014 Int. Conf. Comput. Sustain. Glob. Dev. INDIACom 2014, pp. 749–753, 2014.
    [13] “RiskIQ Reports Malicious Mobile Apps in Google Play Have Spiked Nearly 400 Percent | Business Wire.” [Online]. Available: http://www.businesswire.com/news/home/20140219005470/en/RiskIQ-Reports-Malici ous-Mobile-Apps-Google-Play#.VJlVuF4ALE. [Accessed: 26-Mar-2015].
    [14] “Gartner Says More than 75 Percent of Mobile Applications will Fail Basic Security Tests Through 2015.” [Online]. Available: http://www.gartner.com/newsroom/id/2846017. [Accessed: 26-Mar-2015].
    [15] K. W. Miller, I. Springfield, J. Voas, I. Fellow, G. F. Hurlburt, and C. Index, “BYOD : Security Considerations,” pp. 53–55.
    [16] “2014 Employee BYOD Survey.” [Online]. Available: http://www.zixcorp.com/byod/employee-survey/. [Accessed: 26-Mar-2015].
    [17] K. Hwang, S. Kulkarni, Y. Hu, F. Doelitzscher, C. Reich, M. Knahl, N. Clarke, J. Liu, M. Xian, S. Fu, and K. Huang, “Cloud security with virtualized defense and reputation-based trust management,” IET Commun., vol. 8, no. 12, pp. 197–204, 2014.
    [18] F. Doelitzscher, C. Reich, M. Knahl, and N. Clarke, “An autonomous agent based incident detection system for cloud environments,” Proc. - 2011 3rd IEEE Int. Conf. Cloud Comput. Technol. Sci. CloudCom 2011, pp. 197–204, 2011.
    [19] J. Liu, M. Xian, S. Fu, and K. Huang, “Securing the cloud storage audit service: defending against frame and collude attacks of third party auditor,” IET Commun., vol. 8, no. 12, pp. 2106–2113, 2014.
    [20] “What is MDM, MAM, and MIM? (And what’s the difference?) - Brian Madden - BrianMadden.com.” [Online]. Available: http://www.brianmadden.com/blogs/brianmadden/archive/2012/05/29/what-is-mdm-m am-and-mim-and-what-s-the-difference.aspx. [Accessed: 26-Mar-2015].
    [21] F. B. Kessler, A. Armando, and L. Verderame, “Bring Your Own Device , Securely ∗,” pp. 1852–1858, 2013.
    [22] A. Armando, F. B. Kessler, G. Costa, and L. Verderame, “Enabling BYOD through Secure Meta-Market Categories and Subject Descriptors,” pp. 219–230. 91
    [23] A. Armando, G. Costa, L. Verderame, and A. Merlo, “Securing the ‘Bring your own device’ paradigm,” Computer (Long. Beach. Calif)., vol. 47, pp. 48–56, 2014.
    [24] “Are you ready for VMI (Virtual Mobile Infrastructure)? It’s like VDI, but for remoting mobile OSes - Brian Madden - BrianMadden.com.” [Online]. Available: http://www.brianmadden.com/blogs/brianmadden/archive/2015/02/11/are-you-ready-fo r-vmi-virtual-mobile-infrastructure-it-s-like-vdi-but-for-remoting-mobile-oses.aspx. [Accessed: 26-Mar-2015].
    [25] “Why Remote Rendering Protocols CANNOT Deliver a True Mobile UX.” [Online]. Available: http://blog.reddomobility.com/remote-rendering-protocols-cannot-deliver-mobile-ux.
    [26] “Mobile Content Management (MCM) and BYOD - Vaultize.” [Online]. Available: http://www.vaultize.com/mobile-content-management-byod.html. [Accessed: 26-Mar-2015].
    [27] “Centrify and Samsung partners for Samsung KNOX.” [Online]. Available: http://www.centrify.com/partners/alliance-partners/centrify-and-samsung/. [Accessed: 26-Mar-2015].
    [28] “KNOX.” [Online]. Available: http://www.samsung.com/global/business/mobile/platform/mobile-platform/knox/index _management.html. [Accessed: 26-Mar-2015].
    [29] “MobileIron 6.0.1 權限設定彈性,MDM、MAM、MCM 三合一 | iThome.” [Online]. Available: http://www.ithome.com.tw/review/88237. [Accessed: 26-Mar-2015].
    [30] “因應 BYOD 風潮 行動裝置管理系統崛起 | iThome.” [Online]. Available: http://www.ithome.com.tw/tech/87146. [Accessed: 26-Mar-2015].
    [31] K. Z. Chen, N. Johnson, V. D’Silva, S. Dai, K. MacNamara, T. Magrino, E. Wu, M. Rinard, and D. Song, “Contextual Policy Enforcement in Android Applications with Permission Event Graphs,” Symp. Netw. Distrib. Syst. Secur., 2013.
    [32] E. C. Code, “Embedded c code 17,” Proofs, no. C, pp. 495–512.
    [33] G. J. Holzmann, “The Model Checker,” vol. 23, no. 5, pp. 279–295, 1997.
    [34] W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth, “TaintDroid,” Commun. ACM, vol. 57, pp. 99–106, 2014.
    [35] W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth, “TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones,” Osdi ’10, vol. 49, pp. 1–6, 2010.
    [36] “TaintDroid 2.3.” [Online]. Available: https://sites.google.com/site/taintdroid23/home. [Accessed: 29-Jun-2015].
    [37] “TaintDroid: Realtime Privacy Monitoring on Smartphones.” [Online]. Available: http://appanalysis.org/index.html. [Accessed: 29-Jun-2015].
    [38] H. Wang, “Detection for Android Application Abnormal Download Behavior via Ordered Sequential Pattern Mining,” 國立台灣科技大學, 2014.
    [39] H.-T. Su, “Detecting Sensitive Data Stealing on Android with System-Wide Information Flow Tracking,” 2011.
    [40] “BYOD & Mobile Security Report.” [Online]. Available: http://www.slideshare.net/informationsecurity/byod-mobile-security-report. [Accessed: 15-Jul-2015].
    [41] M. Ketel and T. Shumate, “Bring Your Own Device : Security Technologies,” 2015.
    [42] “A Multitude of Mobile Security Issues - ESG Research - Enterprise Strategy Group.” [Online]. Available: http://www.esg-global.com/blogs/a-multitude-of-mobile-security-issues/. [Accessed: 15-Jul-2015].
    [43] A. Scarfo, “New security perspectives around BYOD,” Proc. - 2012 7th Int. Conf. Broadband, Wirel. Comput. Commun. Appl. BWCCA 2012, pp. 446–451, 2012.
    [44] E. McCallister, T. Grance, and K. Kent, “Guide to protecting the confidentiality of personally identifiable information (PII),” Recomm. Natl. Inst. …, pp. 1–59, 2010.
    [45] P. J. Bruening and K. K. Waterman, “Data tagging for new information governance models,” IEEE Secur. Priv., vol. 8, no. 5, pp. 64–68, 2010.
    [46] a. C. Myers and B. Liskov, “Protecting privacy using the decentralized label model,” Found. Intrusion Toler. Syst. 2003 [Organically Assur. Surviv. Inf. Syst., no. 607, 2003.
    [47] D. Evans and D. M. Eyers, “Efficient data tagging for managing privacy in the Internet of Things,” Proc. - 2012 IEEE Int. Conf. Green Comput. Commun. GreenCom 2012,
    Conf. Internet Things, iThings 2012 Conf. Cyber, Phys. Soc. Comput. CPSCom 2012, pp. 244–248, 2012.
    [48] 李佩芸, “企業實施 BYOD 之安全政策管理平台設計與雛型實作.”
    [49] M. Ongtang, S. Mclaughlin, W. Enck, and P. Mcdaniel, “Semantically rich application-centric security in Android,” Secur. Commun. Networks, vol. 5, pp. 658–673, 2012.
    [50] “android - READ_LOGS permission on Jelly Bean (api 16) - Stack Overflow.” [Online]. Available: http://stackoverflow.com/questions/11461650/read-logs-permission-on-jelly-bean-api16. [Accessed: 01-Jul-2015].
    [51] “Android Logging System - eLinux.org.” [Online]. Available: http://elinux.org/Android_Logging_System. [Accessed: 02-Jul-2015].
    [52] “Update: Android Malware DroidDream: How it Works | Lookout Blog.” [Online]. Available: https://blog.lookout.com/blog/2011/03/02/android-malware-droiddream-how-it-works/. [Accessed: 05-Jul-2015].
    [53] “What is DroidDream? A Tech Definition from Webopedia.com.” [Online]. Available: http://www.webopedia.com/TERM/D/droiddream.html. [Accessed: 05-Jul-2015].
    [54] “Newswire | Nielsen Tops of 2012: Digital | Nielsen.” [Online]. Available: http://www.nielsen.com/us/en/insights/news/2012/nielsen-tops-of-2012-digital.html. [Accessed: 05-Jul-2015].
    [55] “Google I/O 2012 - Ten Things Game Developers Should Know.” [Online]. Available: https://www.youtube.com/watch?feature=player_embedded&v=WDDgoxvQsrQ#t=13 69s. [Accessed: 01-Jul-2015].
    [56] “Google I/O 2012 - Android Fireside Chat.” [Online]. Available: https://www.youtube.com/watch?feature=player_embedded&v=UGJbPPjANKA#t=31 03s. [Accessed: 01-Jul-2015].
    [57] “Get real path from URI, Android KitKat new storage access framework - Stack Overflow.” [Online]. Available: http://stackoverflow.com/questions/20067508/get-real-path-from-uri-android-kitkat-ne w-storage-access-framework. [Accessed: 02-Jul-2015]. 94
    [58] “Android Gallery on KitKat returns different Uri for Intent.ACTION_GET_CONTENT - Stack Overflow.” [Online]. Available: http://stackoverflow.com/questions/19834842/android-gallery-on-kitkat-returns-differe nt-uri-for-intent-action-get-content. [Accessed: 02-Jul-2015].
    [59] “android - Get filename and path from uri from mediastore - Stack Overflow.” [Online]. Available: http://stackoverflow.com/questions/3401579/get-filename-and-path-from-uri-from-med iastore. [Accessed: 02-Jul-2015].

    QR CODE
    :::