跳到主要內容

簡易檢索 / 詳目顯示

回結果列表
研究生: 李佩芸
Pei-Yun Lee
論文名稱: 企業實施BYOD之安全政策管理平台設計與雛型實作
A Platform of Managing Security Policy for Bring Your Own Device (BYOD) in Enterprise
指導教授: 陳奕明
Yi-Ming Chen
口試委員:
學位類別: 碩士
Master
系所名稱: 管理學院 - 資訊管理學系
Department of Information Management
論文出版年: 2015
畢業學年度: 103
語文別: 中文
論文頁數: 85
中文關鍵詞: 員工自帶設備上班行動裝置智慧型手機資訊安全政策Android
外文關鍵詞: Security Policy Enforcement
相關次數: 點閱:17下載:0
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 隨著行動裝置的迅速普及,開啟了數位生活新世代,人們已經習慣隨身攜帶個人行動裝置上班工作,因此許多企業開始希望能實施BYOD(Bring Your Own Device)政策,一方面能讓員工使用個人行動裝置來投入企業的商業流程,為企業節省硬體採購成本與提升整體工作效率;另一方面也讓企業需要面臨新的資訊安全風險,例如員工利用行動裝置的便利性而更容易竊取企業內部機密資料等,因此如何制訂與實施BYOD安全政策成為一項重要的企業資訊安全議題。為解決上述問題,本研究提出企業實施BYOD之安全政策管理平台(SDroid)在安全政策制定方面,本研究提供安全政策制定的操作管理介面,讓資訊安全人員制定企業所需的Install-time與Run-time安全政策,並且利於日後維護。本研究亦提供SDroidAgent應用程式,能即時分析員工所安裝的應用程式皆符合企業制定的安全政策,因此企業不需格外建立專屬應用程式商店或黑白名單機制。本研究的設計特色在於避免修改Android作業系統,以降低日後系統更新或員工接受使用的障礙,本研究亦將資訊統一交由遠端SDroid平台進行分析,可大幅降低行動裝置的運算負擔。本研究提出之企業實施BYOD安全政策管理平台,經實驗證明確實能制定Install-time與Run-time安全政策,並正確地將政策實施於員工的Android行動裝置中,確保員工使用的應用程式皆符合企業安全政策的規範。

    According to the popularity of personal mobile devices, more and more people bring their own device to work. The new term of “Bring Your Own Device”, also called BYOD, is appeared. On the one hand, enterprises can reduce their cost of purchasing and improve work efficiency. On the other hand, they also face the risks of information security, such as stealing confidential business information by employee’s own device. Therefore, it’s an important issue that how to formulate and implement the BYOD security policy in the enterprises. In order to solve these problems which enterprise faces, we propose a platform of managing Security policy for Bring Your Own Device (BYOD) in enterprise. We manage security policies those enterprises draft and provide a user interface to set up those policies. This platform receives information from an agent of mobile device and processes those information in run-time analysis. This run-time analysis takes responsibility for matching behaviors of application and security policy. In addition, we rarely modify android operating system and reduce computing of mobile device. Finally, using this proposed mechanism, enterprise can reduce risks of information security.

    論文摘要 i Abstract ii 誌謝 iii 目錄 iv 圖目錄 vii 表目錄 x 第一章 緒論 1 1-1 研究背景 1 1-2 研究動機與目的 3 1-3 研究貢獻 5 1-4 章節架構 6 第二章 相關研究 7 2-1 BYOD安全政策之定義 7 2-2 安全政策之相關研究 8 2-3 BYOD安全機制之相關研究 12 2-3-1 常見的BYOD安全機制 12 2-3-2 其他的BYOD安全機制 14 2-4 ANDROID靜態分析之相關研究 17 2-5 小結 19 第三章 BYOD安全政策管理平台 22 3-1 安全政策制定 22 3-1-1 Install-time安全政策 22 3-1-2 Run-time安全政策 23 3-2 BYOD安全政策管理平台之架構設計 24 3-2-1 BYOD安全政策管理平台之系統架構 24 3-2-2 BYOD安全政策管理平台之資料庫設計 26 3-2-3 BYOD安全政策管理平台之運作流程 27 3-3 BYOD安全政策管理平台之功能詳述 29 3-3-1 BYOD安全政策管理平台頁面 29 3-3-2 Install-time政策制定 30 3-3-3 Run-time政策制定 32 3-3-4 解析政策 36 3-3-5 政策比對機制 37 3-3-6 訊息事件通知 40 3-3-7 防止SDroidAgent卸載之機制 41 3-4 SDROIDAGENT之功能詳述 43 3-4-1 擷取行動裝置新增應用程式的Intent事件 44 3-4-2 接收與回傳遠端SDroid平台的相關資訊 45 3-4-3 針對目標應用程式進行鎖住與解鎖動作 46 3-4-4 顯示目前限制的應用程式清單 47 第四章 實驗與討論 48 4-1 實驗環境 48 4-2 實驗一:INSTALL-TIME安全政策比對機制之功能驗證 48 4-2-1 實驗目的 48 4-2-2 實驗環境 48 4-2-3 實驗結果 49 4-3 實驗二:RUN-TIME安全政策制定之功能驗證 52 4-3-1 實驗目的 52 4-3-2 實驗環境 52 4-3-3 實驗結果 52 4-4 實驗三:APKCRAWLER功能對使用者的影響 56 4-4-1 實驗目的 56 4-4-2 實驗環境 56 4-4-3 實驗結果 57 4-5 小結 59 第五章 結論與未來研究 60 5-1 研究結論與貢獻 60 5-2 研究限制 61 5-3 未來研究 61 參考文獻 63 附錄一 68

    [1] “行政院及所屬各機關行動化服務發展作業原則.” [Online]. Available: http://www.rootlaw.com.tw/LawContent.aspx?LawID=A040030001023000-1010103. [Accessed: 03-Jun-2015].
    [2] “Technology Research | Gartner Inc.” [Online]. Available: http://www.gartner.com/technology/home.jsp. [Accessed: 29-Mar-2015].
    [3] K. W. Miller, I. Springfield, J. Voas, I. Fellow, G. F. Hurlburt, and C. Index, “BYOD : Security Considerations,” IT Prof., vol. 14, no. 5, pp. 53–55, 2012.
    [4] “The Financial Impact of BYOD.” [Online]. Available: http://www.cisco.com/web/about/ac79/docs/re/byod/BYOD-Economics_Presentation.pdf.
    [5] “NTT Communications Global Website.” [Online]. Available: http://www.ntt.com/index-e.html. [Accessed: 28-May-2015].
    [6] “Apple - iOS 8.” [Online]. Available: https://www.apple.com/tw/ios/. [Accessed: 28-Mar-2015].
    [7] “Android Developers.” [Online]. Available: http://developer.android.com/index.html. [Accessed: 28-Mar-2015].
    [8] “Windows Phone.” [Online]. Available: https://www.windowsphone.com/zh-tw. [Accessed: 04-Jun-2015].
    [9] “Endpoint, Cloud, Mobile & Virtual Security Solutions | Symantec.” [Online]. Available: https://www.symantec.com/index.jsp. [Accessed: 28-May-2015].
    [10] “Check Point Offers Network, Firewall & Data Security Solutions | Check Point Software.” [Online]. Available: http://www.checkpoint.com/. [Accessed: 03-Jun-2015].
    [11] Check Point Software Technologies Ltd., “The impact of mobile devices on information security,” 2013. [Online]. Available: http://www.checkpoint.com/downloads/products/check-point-mobile-security-survey-report2013.pdf.
    [12] A. Armando, F. B. Kessler, G. Costa, and L. Verderame, “Enabling BYOD through Secure Meta-Market Categories and Subject Descriptors,” pp. 219–230, 2014.
    [13] “Google Play.” [Online]. Available: https://play.google.com/store. [Accessed: 26-Mar-2015].
    [14] “Oxford Dictionaries.” [Online]. Available: http://www.oxfordlearnersdictionaries.com/.
    [15] N. L. Johnson, M. Cross, and T. Piltzecker, Security+ Study Guide and DVD Training System. 2002.
    [16] E. Maiwald, Fundamentals of Network Security. McGraw-Hill, Inc. New York, NY, USA, 2004.
    [17] P.-C. H. and T.-C. C. Chang, J Morris, “Securing BYOD,” IT Prof., vol. 16, no. 5, pp. 9–11, 2014.
    [18] M. Ongtang, S. Mclaughlin, W. Enck, and P. Mcdaniel, “Semantically rich application-centric security in Android,” Secur. Commun. Networks, vol. 5, pp. 658–673, 2012.
    [19] M. Nauman, S. Khan, and X. Zhang, “Apex : Extending Android Permission Model and Enforcement with User-defined Runtime Constraints,” ASIACCS ’10 Proc. 5th ACM Symp. Information, Comput. Commun. Secur., pp. 328–332, 2010.
    [20] R. Xu, H. Saïdi, R. Anderson, and H. Saıdi, “Aurasium: Practical Policy Enforcement for Android Applications,” Proc. 21st USENIX Conf. …, p. 27, 2012.
    [21] “Airwatch-MDM.” [Online]. Available: http://www.air-watch.com/zh-hant/solutions/mobile-device-management. [Accessed: 26-Mar-2015].
    [22] “MobileIron-MAM.” [Online]. Available: https://www.mobileiron.com/en/solutions/mobile-application-management-mam. [Accessed: 26-Mar-2015].
    [23] S. G. Ocano, B. Ramamurthy, and Y. Wang, “Remote Mobile Screen ( RMS ): an approach for secure BYOD environments,” pp. 52–56, 2015.
    [24] “Samsung KNOX.” [Online]. Available: http://www.samsung.com/global/business/mobile/platform/mobile-platform/knox/. [Accessed: 26-Mar-2015].
    [25] S. Chung, S. Chung, T. Escrig, Y. Bai, and B. Endicott-Popovsky, “2TAC: Distributed access control architecture for ‘bring your own device’ security,” Proc. 2012 ASE Int. Conf. Biomed. Comput. BioMedCom 2012, no. SocialInformatics, pp. 123–126, 2013.
    [26] I. Aktug and K. Naliuka, “ConSpec – a formal language for policy Security Enforcement in the Application Lifecycle,” Electron. Notes Theor. Comput. Sci., pp. 1–13, 2007.
    [27] “Bring Your Own Device | The White House.” [Online]. Available: https://www.whitehouse.gov/digitalgov/bring-your-own-device. [Accessed: 27-Mar-2015].
    [28] Y. Wang, J. Wei, and K. Vangury, “Bring Your Own Device Security Issues and Challenges,” Consum. Commun. Netw. Conf., pp. 276–281, 2014.
    [29] 張至安, “Android應用程式靜態API分析以及安裝建議系統,” 國立臺灣大學,碩士論文, 2014.
    [30] “Apktool - A tool for reverse engineering Android apk files.” [Online]. Available: http://ibotpeaches.github.io/Apktool/. [Accessed: 24-Jun-2015].
    [31] A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner, “Android permissions demystified,” Proc. 18th ACM Conf. Comput. Commun. Secur. - CCS ’11, p. 627, 2011.
    [32] K. Wain, Y. Au, Y. F. Zhou, Z. Huang, and D. Lie, “PScout : Analyzing the Android Permission Specification,” CCS ’12 Proc. 2012 ACM Conf. Comput. Commun. Secur., pp. 217–228, 2012.
    [33] A. Armando, G. Costa, L. Verderame, and A. Merlo, “Securing the ‘Bring your own device’ paradigm,” Computer (Long. Beach. Calif)., vol. 47, pp. 48–56, 2014.
    [34] 郭宏毅, “BYOD下兼顧公司安全與員工隱私保護之資訊流追蹤機制研究,” 國立中央大學,碩士論文, 2015.
    [35] “Leading Enterprise Java Web Framework | ZK.” [Online]. Available: http://www.zkoss.org/. [Accessed: 21-May-2015].
    [36] “ZK - ZK Developer’s Reference/MVVM - Documentation.” [Online]. Available: http://books.zkoss.org/wiki/ZK_Developer’s_Reference/MVVM. [Accessed: 21-May-2015].
    [37] “MySQL: The world’s most popular open source database.” [Online]. Available: http://www.mysql.com/. [Accessed: 21-May-2015].
    [38] “Manifest.permission | Android Developers.” [Online]. Available: http://developer.android.com/reference/android/Manifest.permission.html. [Accessed: 27-Mar-2015].
    [39] “XStream.” [Online]. Available: http://www.xml.com/pub/a/2004/08/18/xstream.html. [Accessed: 11-Jun-2015].
    [40] “Cloud Messaging | Google Developers.” [Online]. Available: https://developers.google.com/cloud-messaging/?hl=zh-TW. [Accessed: 15-Jun-2015].
    [41] “Eclipse - The Eclipse Foundation open source community website.” [Online]. Available: https://eclipse.org/. [Accessed: 11-Jun-2015].
    [42] “Installing the Android SDK | Android Developers.” [Online]. Available: https://developer.android.com/sdk/installing/index.html. [Accessed: 11-Jun-2015].
    [43] “Android Developer Tools | Android Developers.” [Online]. Available: http://developer.android.com/tools/help/adt.html. [Accessed: 11-Jun-2015].
    [44] “PackageInstaller | Android Developers.” [Online]. Available: https://developer.android.com/reference/android/content/pm/PackageInstaller.html. [Accessed: 10-Jul-2015].
    [45] “The Apache HTTP Server Project.” [Online]. Available: http://httpd.apache.org/. [Accessed: 11-Jun-2015].
    [46] “android-market-api - Android Market for all developers.” [Online]. Available: https://code.google.com/p/android-market-api/. [Accessed: 23-May-2015].
    [47] “Processes and Threads | Android Developers.” [Online]. Available: http://developer.android.com/guide/components/processes-and-threads.html. [Accessed: 04-Jun-2015].
    [48] “Java Servlet Technology - The Java EE 6 Tutorial.” [Online]. Available: http://docs.oracle.com/javaee/6/tutorial/doc/bnafd.html. [Accessed: 11-Jun-2015].
    [49] “SharedPreferences | Android Developers.” [Online]. Available: http://developer.android.com/reference/android/content/SharedPreferences.html. [Accessed: 11-Jun-2015].
    [50] “Intents and Intent Filters | Android Developers.” [Online]. Available: http://developer.android.com/guide/components/intents-filters.html. [Accessed: 11-Jun-2015].
    [51] “AlarmManager | Android Developers.” [Online]. Available: http://developer.android.com/reference/android/app/AlarmManager.html. [Accessed: 11-Jun-2015].

    QR CODE
    :::