Android Security Extensions
|
|
- Merilyn Oliver
- 8 years ago
- Views:
Transcription
1 Android Security Extensions
2 Android Security Model Main objective is simplicity Users should not be bothered Does the user care? Most do not care until its too late But We do It needs a more advanced security mechanism
3 Who is in charge of Security? It depends on the device use Personal use: then the user is in charge Work use: the security admin of the company BYOD: both The user for the private/personal part The security admin for the work part Google: they are in charge They control the platform The App developers Not as much as you think
4 Able to change your mind? The authority that is in charge should be allowed to change security policies/settings This should be done By using the device Remotely No side effects on the apps installed With the current model it is not possible Most apps crash when operations are denied
5 Defining Malware Any software that can disrupt normal activities Any software that does not behave as declared Any software that compromises some properties Privacy Confidentiality Reliability
6 Poorly Designed Apps If not designed properly, apps can (unintentionally): Deplete your resources (battery, data, etc.) Expose resources (internet, location, etc.)
7 Over Privileged Apps Apps (developers) can ask for any combination of permissions Users can either install the apps (granting permissions) or not install at all Combinations of permissions such as Internet and Locations SMS Local Storage Can result in information leakage
8 Privilege Escalation Attacks An adversary tries to escalate privileges to get unauthorised access to protected resources Confused deputy attack Leverage the vulnerability of a benign application Colluding attacks More applications collaborate to get an objectionable set of permissions Android does not deal with transitive privilege usage Allows applications to bypass restrictions imposed by their sandboxes An application with less permissions (a non privileged caller) is not restricted to access components of a more privileged application (a privileged callee) by default.
9 Privilege Escalation Attacks Data from component CA1 can reach component CC1 indirectly, via the CB1 component CB1 is able to access CC1 component since the application B and consequently all its components are granted p1 permission
10 Privilege Escalation Attacks Application B must enforce additional checks on permissions to ensure that the application calling CB1 component is granted a permission p1 Reference monitor hooks included in the code of the component The task to perform these checks is delegated to application developers instead of being enforced by the system in a centralized way
11 Android Security Extensions
12 Fine grained Security Policy Saint (ACSAC 09) Allows app developers to protect their applications from being misused APEX (ASIACCS 10) Circumvent the All or Nothing approach of Android permission granting Porscha (ACSAC 10) Support for DRM like policies for phone data CRePE (ISC 10) Enforcement of context related policies
13 Data Filtering and Tainting MockDroid (HotMobile 11) Limiting the access to the data TISSA (Trust 11) Substituting the reply from content providers TaintDroid (OSDI 10) Labelling of data for preventing data leakage
14 Protection against Privilege Escalation QUIRE (USENIX Security Symposium 11) Effective against confused deputy attacks Tracing of IPC chain to check if all apps have the right to access a resource However It requires that apps have to use modified API It does not solve the problem of colluding apps
15 Protection against Privilege Escalation AppFence (TR 11 Uni Washington and MS Research) Based on TaintDroid for taint capability It supports data shadowing and protects from data exfiltration However Effective only against confused deputy attack
16 Protection against Privilege Escalation XManDroid (TR 11) Real time IPC monitoring System state of the app communications for potential spread of privileges However No control outside the IPC channels (i.e. Internet access)
17 What is missing? No modifications to Android API No trust on apps Control over IPC and system level calls (internet) Data filtering capabilities Tuneable
18 That is why they came up with Yet Another Android Security Extension
19 Readings Davi, Lucas, et al. "Privilege escalation attacks on android." Information Security. Springer Berlin Heidelberg,
20 Questions?
Android Security Extensions 2. Giovanni Russello g.russello@auckland.ac.nz
Android Security Extensions 2 Giovanni Russello g.russello@auckland.ac.nz Preparing the Report A report must be provided before your presentation The report should be 4 pages long The content of the report
More informationFirewall-based Solution for Preventing Privilege Escalation Attacks in Android
International Journal of Computer Networks and Communications Security VOL. 2, NO. 9, SEPTEMBER 2014, 318 327 Available online at: www.ijcncs.org ISSN 2308-9830 C N C S Firewall-based Solution for Preventing
More informationSmartphone Security 20-00-0615-pr. Sven Bugiel
Smartphone Security 20-00-0615-pr Sven Bugiel Organizational: Teams 2-3 Students per team Register your team by email to me Names, Student IDs, and email addresses of all team members Preferred and backup
More informationPerformance Measuring in Smartphones Using MOSES Algorithm
Performance Measuring in Smartphones Using MOSES Algorithm Ms.MALARVIZHI.M, Mrs.RAJESWARI.P ME- Communication Systems, Dept of ECE, Dhanalakshmi Srinivasan Engineering college, Perambalur, Tamilnadu, India,
More informationAndroid Security. Giovanni Russello g.russello@auckland.ac.nz
Android Security Giovanni Russello g.russello@auckland.ac.nz N-Degree of Separation Applications can be thought as composed by Main Functionality Several Non-functional Concerns Security is a non-functional
More informationThe Open University s repository of research publications and other research outputs
Open Research Online The Open University s repository of research publications and other research outputs PrimAndroid: privacy policy modelling and analysis for Android applications Conference Item How
More informationUbiquitous and Mobile Computing CS 528: Information Leakage through Mobile Analytics Services
Ubiquitous and Mobile Computing CS 528: Information Leakage through Mobile Analytics Services Amit Srivastava Computer Science Dept. Worcester Polytechnic Institute (WPI) This paper is about.. Analytics
More informationPractical Attacks against Mobile Device Management Solutions
Practical Attacks against Mobile Device Management Solutions Michael Shaulov, CEO michael@lacoon.com Daniel Brodie, Sr Security Researcher daniel@lacoon.com About: Daniel Security researcher for nearly
More informationDefending Behind The Device Mobile Application Risks
Defending Behind The Device Mobile Application Risks Tyler Shields Product Manager and Strategist Veracode, Inc Session ID: MBS-301 Session Classification: Advanced Agenda The What The Problem Mobile Ecosystem
More informationMOBILE SECURITY: DON T FENCE ME IN
MOBILE SECURITY: DON T FENCE ME IN Apart from the known and the unknown, what else is there? 18 Harold Pinter, Nobel Prize-winning playwright, screenwriter, director, actor 32 INTRODUCTION AND METHODOLOGY
More informationSecuring Corporate Email on Personal Mobile Devices
Securing Corporate Email on Personal Mobile Devices Table of Contents The Impact of Personal Mobile Devices on Corporate Security... 3 Introducing LetMobile Secure Mobile Email... 3 Solution Architecture...
More informationPerformance Analysis Of Policy Based Mobile Virtualization in Smartphones Using MOSES Algorithm
Performance Analysis Of Policy Based Mobile Virtualization in Smartphones Using MOSES Algorithm Ms.MALARVIZHI.M, Mrs.RAJESWARI.P Abstract: Now a day s most of the people used in smart phones. Smartphone
More informationASM: A Programmable Interface for Extending Android Security
ASM: A Programmable Interface for Extending Android Security Stephan Heuser stephan.heuser@trust.cased.de Intel CRI-SC at TU Darmstadt William Enck enck@cs.ncsu.edu North Carolina State University Adwait
More informationDefending Users Against Smartphone Apps: Techniques and Future Directions
Defending Users Against Smartphone Apps: Techniques and Future Directions William Enck North Carolina State University enck@cs.ncsu.edu Abstract. Smartphone security research has become very popular in
More informationCloudy with a chance of 0-day
Cloudy with a chance of 0-day November 12, 2009 Jon Rose Trustwave jrose@trustwave.com The Foundation http://www.owasp.org Jon Rose Trustwave SpiderLabs Phoenix DC AppSec 09! Tom Leavey Trustwave SpiderLabs
More informationWhy Email Encryption is Essential to the Safety of Your Business
Why Email Encryption is Essential to the Safety of Your Business What We ll Cover Email is Like a Postcard o The Cost of Unsecured Email 5 Steps to Implement Email Encryption o Know Your Compliance Regulations
More informationASSURING INTEGRITY OF DATAFLOW PROCESSING IN CLOUD COMPUTING INFRASTRUCTURE
ASSURING INTEGRITY OF DATAFLOW PROCESSING IN CLOUD COMPUTING INFRASTRUCTURE R.Genga devi 1, K.Anitha 2, M.Murugeshwari 3,S.vidhya 4, Dr.K.Ramasamy 5 1, 2, 3- UG STUDENT, P.S.R.RENGASAMY COLLEGE OF ENGINEERING
More informationFlexible Data-Driven Security for Android
Flexible Data-Driven Security for Android Denis Feth Fraunhofer Institute for Experimental Software Engineering IESE Kaiserslautern, Germany denis.feth@iese.fraunhofer.de Alexander Pretschner Karlsruhe
More informationHow Attackers are Targeting Your Mobile Devices. Wade Williamson
How Attackers are Targeting Your Mobile Devices Wade Williamson Today s Agenda Brief overview of mobile computing today Understanding the risks Analysis of recently discovered malware Protections and best
More informationPractical and Lightweight Domain Isolation on Android
Practical and Lightweight Domain Isolation on Android Sven Bugiel, Lucas Davi, Alexandra Dmitrienko, Stephan Heuser, Ahmad-Reza Sadeghi,, Bhargava Shastry Technische Universität Darmstadt Darmstadt, Germany
More informationQUIRE: : Lightweight Provenance for Smart Phone Operating Systems
QUIRE: : Lightweight Provenance for Smart Phone Operating Systems Dan S. Wallach Rice University Joint work with Mike Dietz, Yuliy Pisetsky, Shashi Shekhar, and Anhei Shu Android's security is awesome
More informationHow to Practice Safely in an era of Cybercrime and Privacy Fears
How to Practice Safely in an era of Cybercrime and Privacy Fears Christina Harbridge INFORMATION PROTECTION SPECIALIST Information Security The practice of defending information from unauthorised access,
More informationBYOD Guidance: BlackBerry Secure Work Space
GOV.UK Guidance BYOD Guidance: BlackBerry Secure Work Space Published 17 February 2015 Contents 1. About this guidance 2. Summary of key risks 3. Secure Work Space components 4. Technical assessment 5.
More informationThe Sandbox Roulette: are you ready to gamble? Rafal Wojtczuk rafal@bromium.com Rahul Kashyap rahul@bromium.com
The Sandbox Roulette: are you ready to gamble? Rafal Wojtczuk rafal@bromium.com Rahul Kashyap rahul@bromium.com What is a sandbox? Environment designed to run untrusted (or exploitable) code, in a manner
More informationPRESENTING RISKS INTRODUCED BY ANDROID APPLICATION PERMISSIONS IN A USER-FRIENDLY WAY
Ø Ñ Å Ø Ñ Ø Ð ÈÙ Ð Ø ÓÒ DOI: 10.2478/tmmp-2014-0026 Tatra Mt. Math. Publ. 60 (2014), 85 100 PRESENTING RISKS INTRODUCED BY ANDROID APPLICATION PERMISSIONS IN A USER-FRIENDLY WAY Juraj Varga Peter Muska
More informationRecDroid: A Resource Access Permission Control Portal and Recommendation Service for Smartphone Users
RecDroid: A Resource Access Permission Control Portal and Recommendation Service for Smartphone Users Bahman Rashidi Virginia Commonwealth University rashidib@vcu.edu Carol Fung Virginia Commonwealth University
More informationData Protection Act 1998. Bring your own device (BYOD)
Data Protection Act 1998 Bring your own device (BYOD) Contents Introduction... 3 Overview... 3 What the DPA says... 3 What is BYOD?... 4 What are the risks?... 4 What are the benefits?... 5 What to consider?...
More informationF-Secure Mobile Security. Android
F-Secure Mobile Security Android F-Secure Mobile Security TOC 2 Contents Chapter 1: Installation...4 1.1 Installing...5 1.2 Activating...6 1.3 Configuring the product...7 1.4 Uninstalling the product from
More informationA number of factors contribute to the diminished regard for security:
TrendLabs Enterprises cite security as their number one concern with regard to consumerization. During the actual execution of a consumerization strategy, however, IT groups find that the increasing demand
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationDroidAuditor: Forensic Analysis of Application-Layer Privilege Escalation Attacks on Android
Technical Report Nr. TUD-CS-2016-0025 January 28, 2016 DroidAuditor: Forensic Analysis of Application-Layer Privilege Escalation Attacks on Android Authors Stephan Heuser, Marco Negro, Praveen Kumar Pendyala,
More informationResearch on Situation and Key Issues of Smart Mobile Terminal Security
Research on Situation and Key Issues of Smart Mobile Terminal Security Hao-hao Song, Jun-bing Zhang, Lei Lu and Jian Gu Abstract As information technology continues to develop, smart mobile terminal has
More informationPractical Attacks against Mobile Device Management (MDM)
Practical Attacks against Mobile Device Management (MDM) Daniel Brodie, Sr. Security Researcher, Lacoon Mobile Security Introduction Mobile Device Management (MDM) solutions are perceived to be the ultimate
More informationEmerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA
Emerging Network Security Threats and what they mean for internal auditors December 11, 2013 John Gagne, CISSP, CISA 0 Objectives Emerging Risks Distributed Denial of Service (DDoS) Attacks Social Engineering
More informationTaxonomic Modeling of Security Threats in Software Defined Networking
Taxonomic Modeling of Security Threats in Software Defined Networking Recent advances in software defined networking (SDN) provide an opportunity to create flexible and secure next-generation networks.
More informationBYOD in the Enterprise
BYOD in the Enterprise MDM. The solution to BYOD? Context Information Security whitepapers@contextis.co.uk October 2013 Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) 207 537 7515
More informationEmerging threats for the healthcare industry: The BYOD. By Luca Sambucci www.deepsecurity.us
Emerging threats for the healthcare industry: The BYOD Revolution By Luca Sambucci www.deepsecurity.us Copyright 2013 Emerging threats for the healthcare industry: The BYOD REVOLUTION Copyright 2013 Luca
More informationBYPASSING THE ios GATEKEEPER
BYPASSING THE ios GATEKEEPER AVI BASHAN Technology Leader Check Point Software Technologies, Ltd. OHAD BOBROV Director, Mobile Threat Prevention Check Point Software Technologies, Ltd. EXECUTIVE SUMMARY
More informationAnalysis of advanced issues in mobile security in android operating system
Available online atwww.scholarsresearchlibrary.com Archives of Applied Science Research, 2015, 7 (2):34-38 (http://scholarsresearchlibrary.com/archive.html) ISSN 0975-508X CODEN (USA) AASRC9 Analysis of
More informationInformation Services. The University of Kent Information Technology Security Policy
Information Services The University of Kent Information Technology Security Policy 1. General The University IT Security Policy (the Policy) shall be approved by the Information Services Committee (ISC)
More informationTowards Taming Privilege-Escalation Attacks on Android
Towards Taming Privilege-Escalation Attacks on Android Sven Bugiel 1, Lucas Davi 1, Alexandra Dmitrienko 3, Thomas Fischer 2, Ahmad-Reza Sadeghi 1,3, Bhargava Shastry 3 1 CASED/Technische Universität Darmstadt,
More informationHands on, field experiences with BYOD. BYOD Seminar
Hands on, field experiences with BYOD. BYOD Seminar Brussel, 25 september 2012 Agenda Challenges RIsks Strategy Before We Begin Thom Schiltmans Deloitte Risk Services Security & Privacy Amstelveen tschiltmans@deloitte.nl
More informationTHOUSANDS OF APPS CAN'T BE WRONG: MOBILE APPLICATION ANALYSIS AT SCALE
THOUSANDS OF APPS CAN'T BE WRONG: MOBILE APPLICATION ANALYSIS AT SCALE Chris Eng Vice President, Research Session ID: Session Classification: MBS-T08 Intermediate Agenda State of Mobility in the Enterprise
More informationJUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM
JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM May 2015 Nguyễn Tiến Đức ASEAN Security Specialist Agenda Modern Malware: State of the Industry Dynamic Threat Intelligence on the Firewall
More informationNext-Generation Penetration Testing. Benjamin Mossé, MD, Mossé Security
Next-Generation Penetration Testing Benjamin Mossé, MD, Mossé Security About Me Managing Director of Mossé Security Creator of an Mossé Cyber Security Institute - in Melbourne +30,000 machines compromised
More informationThe Cloud App Visibility Blindspot
The Cloud App Visibility Blindspot Understanding the Risks of Sanctioned and Unsanctioned Cloud Apps and How to Take Back Control Introduction Today, enterprise assets are more at risk than ever before
More informationMobile Device Security Information for IT Managers
Mobile Device Security Information for IT Managers July 2012 Disclaimer: This paper is intended as a general guide only. To the extent permitted by law, the Australian Government makes no representations
More informationMobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing
Driving Productivity Without Compromising Protection Brian Duckering Mobile Trend Marketing Mobile Device Explosion Paves Way for BYOD 39% 69% 340% 2,170% 2010 177M corp PCs 2015 246M corp PCs 2010 173
More informationBest Practice Guide (SSL Implementation) for Mobile App Development 最 佳 行 事 指 引. Jointly published by. Publication version 1.
Best Practice Guide (SSL Implementation) for Mobile App Development 流 動 應 用 程 式 (SSL 實 施 ) 最 佳 行 事 指 引 香 港 電 腦 事 故 協 調 中 心 ] Jointly published by [ 專 業 資 訊 保 安 協 會 ] Hong Kong Computer Emergency Response
More informationDepartment of Education. Network Security Controls. Information Technology Audit
O L A OFFICE OF THE LEGISLATIVE AUDITOR STATE OF MINNESOTA FINANCIAL AUDIT DIVISION REPORT Department of Education Network Security Controls Information Technology Audit May 5, 2010 Report 10-17 FINANCIAL
More informationPractical Attacks against Mobile Device Management (MDM) Michael Shaulov, CEO Daniel Brodie, Security Researcher Lacoon Mobile Security
Practical Attacks against Mobile Device Management (MDM) Michael Shaulov, CEO Daniel Brodie, Security Researcher Lacoon Mobile Security March 14, 2013 About: Daniel Security researcher for almost a decade
More informationMobile Security and Management Opportunities for Telcos and Service Providers
Mobile Security and Management Opportunities for Telcos and Service Providers Lionel Gonzalez Symantec EMEA Solution architect Mike Gibson Protirus Brice Renaud Orange Business Services ST B03 - Mobile
More informationDon t Lose the Data: Six Ways You May Be Losing Mobile Data and Don t Even Know It
WHITE PAPER: DON T LOSE THE DATA: SIX WAYS YOU MAY BE LOSING........ MOBILE....... DATA......................... Don t Lose the Data: Six Ways You May Be Losing Mobile Data and Don t Even Know It Who should
More informationThreat Model for Mobile Applications Security & Privacy www.datatheorem.com
Overview Mobile applications (and the devices they run on) are powerful, as they can play music, check email, read documents, purchase products, get directions, play games, watch movies, scan barcodes,
More informationBlackBerry 10.3 Work and Personal Corporate
GOV.UK Guidance BlackBerry 10.3 Work and Personal Corporate Published Contents 1. Usage scenario 2. Summary of platform security 3. How the platform can best satisfy the security recommendations 4. Network
More informationMitigating Bring Your Own Device (BYOD) Risk for Organisations
Mitigating Bring Your Own Device (BYOD) Risk for Organisations Harness the benefits and mitigate the risks of BYOD espiongroup.com Executive Summary Mobile devices such as smart phones, tablets, or laptops
More informationWhite Paper. Data Security. The Top Threat Facing Enterprises Today
White Paper Data Security The Top Threat Facing Enterprises Today CONTENTS Introduction Vulnerabilities of Mobile Devices Alarming State of Mobile Insecurity Security Best Practices What if a Device is
More informationBlackRidge Technology Transport Access Control: Overview
2011 BlackRidge Technology Transport Access Control: Overview 1 Introduction Enterprises and government agencies are under repeated cyber attack. Attacks range in scope from distributed denial of service
More informationA number of factors contribute to the diminished regard for security:
TrendLabs Enterprises cite security as their number one concern with regard to consumerization. During the actual execution of a consumerization strategy, however, IT groups find that the increasing demand
More informationPractical Attacks against MDM Solutions (and What Can You Do About It)
Practical Attacks against MDM Solutions (and What Can You Do About It) SESSION ID: MBS-R02 Michael Shaulov CEO and Co-Founder Lacoon Mobile Security @LacoonSecurity Agenda Your Data Exploits to target
More informations@lm@n IBM Exam M2150-768 IBM Security Sales Mastery Test v4 Version: 7.0 [ Total Questions: 62 ]
s@lm@n IBM Exam M2150-768 IBM Security Sales Mastery Test v4 Version: 7.0 [ Total Questions: 62 ] Question No : 1 A single appliance to collect events and flow data, perform data correlation and rule matching,
More informationCovert Operations: Kill Chain Actions using Security Analytics
Covert Operations: Kill Chain Actions using Security Analytics Written by Aman Diwakar Twitter: https://twitter.com/ddos LinkedIn: http://www.linkedin.com/pub/aman-diwakar-ccie-cissp/5/217/4b7 In Special
More informationRightsWATCH. Data-centric Security.
RightsWATCH. Data-centric Security. Rui Melo Biscaia, Watchful Software www.watchfulsoftware.com Director of Product Management rui.biscaia@watchfulsoftware.com The Perimeter Paradigm Well Meant Insider
More informationONE DEVICE TO RULE THEM ALL! AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014
ONE DEVICE TO RULE THEM ALL! 1993 2013 1 AUDITING MOBILE DEVICES / BYOD NSAA IT CONFERENCE OCTOBER 2, 2014 2 1 AGENDA Mobile Devices / Smart Devices Implementation Models Risks & Threats Audit Program
More informationPREVENTIA. Skyhigh Best Practices and Use cases. Table of Contents
PREVENTIA Forward Thinking Security Solutions Skyhigh Best Practices and Use cases. Table of Contents Discover Your Cloud 1. Identify all cloud services in use & evaluate risk 2. Encourage use of low-risk
More informationIncident Response 101: You ve been hacked, now what?
Incident Response 101: You ve been hacked, now what? Gary Perkins, MBA, CISSP Chief Information Security Officer (CISO) Information Security Branch Government of British Columbia Agenda: threat landscape
More informationHow To Audit The Minnesota Department Of Agriculture Network Security Controls Audit
O L A OFFICE OF THE LEGISLATIVE AUDITOR STATE OF MINNESOTA FINANCIAL AUDIT DIVISION REPORT Department of Agriculture Network Security Controls Information Technology Audit July 1, 2010 Report 10-23 FINANCIAL
More informationAgenda. 3 2012, Palo Alto Networks. Confidential and Proprietary.
Agenda Evolution of the cyber threat How the cyber threat develops Why traditional systems are failing Need move to application controls Need for automation 3 2012, Palo Alto Networks. Confidential and
More informationSamsung SDS. Enterprise Mobility Management
Samsung SDS Enterprise Mobility Samsung SDS Enterprise Mobility Faster and Safer Samsung SDS Enterprise Mobility provides stronger security for enterprise mobility without Compromising usability of mobile
More informationData Loss Prevention Whitepaper. When Mobile Device Management Isn t Enough. Your Device Here. Good supports hundreds of devices.
Data Loss Prevention Whitepaper When Mobile Device Management Isn t Enough Your Device Here. Good supports hundreds of devices. Contents Shifting Security Landscapes 3 Security Challenges to Enterprise
More informationTop Ten Security and Privacy Challenges for Big Data and Smartgrids. Arnab Roy Fujitsu Laboratories of America
1 Top Ten Security and Privacy Challenges for Big Data and Smartgrids Arnab Roy Fujitsu Laboratories of America 2 User Roles and Security Concerns [SKCP11] Users and Security Concerns [SKCP10] Utilities:
More informationKony Mobile Application Management (MAM)
Kony Mobile Application Management (MAM) Kony s Secure Mobile Application Management Feature Brief Contents What is Mobile Application Management? 3 Kony Mobile Application Management Solution Overview
More informationSTRONGER AUTHENTICATION for CA SiteMinder
STRONGER AUTHENTICATION for CA SiteMinder Adding Stronger Authentication for CA SiteMinder Access Control 1 STRONGER AUTHENTICATION for CA SiteMinder Access Control CA SITEMINDER provides a comprehensive
More informationSecurity Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0
Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features
More informationCITY UNIVERSITY OF HONG KONG Information Security Incident Management Standard
CITY UNIVERSITY OF HONG KONG Information Security Incident Management Standard (Approved by the Information Strategy and Governance Committee in December 2013; revision 1.1 approved by Chief Information
More informationOWASP Mobile Top Ten 2014 Meet the New Addition
OWASP Mobile Top Ten 2014 Meet the New Addition Agenda OWASP Mobile Top Ten 2014 Lack of Binary Protections added Why is Binary Protection important? What Risks Need to be Mitigated? Where to Go For Further
More informationBuilding a Mobile Information Management Strategy
The SIMS Partnership Transforming Transforming health health care care delivery delivery Building a Mobile Information Management Strategy The Approach Taken by UHN to Balance Both Security and Practice
More informationMobility, Security Concerns, and Avoidance
By Jorge García, Technology Evaluation Centers Technology Evaluation Centers Mobile Challenges: An Overview Data drives business today, as IT managers and security executives face enormous pressure to
More informationStreamline Mobile Telecom Management with DATALERT! And MobileIron
Streamline Mobile Telecom Management with DATALERT! And MobileIron Companies are constantly struggling with the day-to-day management of their telecom expenses. With expanded use of mobile devices, companies
More informationEnterprise Mobility Management
Enterprise Mobility Management Security Without Compromising User Experience SESSION ID: SPO2-R03 Brian Robison Principal Technology Evangelist, XenMobile Citrix Systems, Inc. Providing the freedom to
More informationPost-Access Cyber Defense
Post-Access Cyber Defense Dr. Vipin Swarup Chief Scientist, Cyber Security The MITRE Corporation November 2015 Approved for Public Release; Distribution Unlimited. 15-3647. 2 Cyber Security Technical Center
More informationOwner-centric Protection of Unstructured Data on Smartphones
Owner-centric Protection of Unstructured Data on Smartphones Yajin Zhou 1, Kapil Singh 2, and Xuxian Jiang 1 1 North Carolina State University yajin zhou@ncsu.edu, jiang@cs.ncsu.edu 2 IBM T.J. Watson Research
More informationChapter 20 Firewalls. Cryptography and Network Security Chapter 22. What is a Firewall? Introduction 4/19/2010
Cryptography and Network Security Chapter 22 Fifth Edition by William Stallings Chapter 20 Firewalls The function of a strong position is to make the forces holding it practically unassailable On O War,
More informationSo#ware Security Goes Mobile. Russell Spitler
So#ware Security Goes Mobile Russell Spitler Overview Motivation - Numbers: Morgan Stanley statistics - Money: Google study with 5,000+ smart phone users Landscape - What is mobile? - Who cares about mobile
More informationRegulation 8.3.R2 COMPUTING AND NETWORK FACILITIES RULES. 1. Definitions. In this regulation unless a contrary intention appears.
Regulation 8.3.R2 COMPUTING AND NETWORK FACILITIES RULES 1. Definitions In this regulation unless a contrary intention appears Authority means (i) in relation to the central facilities and computing and
More informationAGENDA. Background. The Attack Surface. Case Studies. Binary Protections. Bypasses. Conclusions
MOBILE APPLICATIONS AGENDA Background The Attack Surface Case Studies Binary Protections Bypasses Conclusions BACKGROUND Mobile apps for everything == lots of interesting data Banking financial Social
More informationEnterprise Apps: Bypassing the Gatekeeper
Enterprise Apps: Bypassing the Gatekeeper By Avi Bashan and Ohad Bobrov Executive Summary The Apple App Store is a major part of the ios security paradigm, offering a central distribution process that
More informationIT Security Incident Management Policies and Practices
IT Security Incident Management Policies and Practices Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology Date: Feb 6, 2015 i Document Control Document
More informationCyber Security Incident Handling Policy. Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology
Cyber Security Incident Handling Policy Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology Date: Oct 9, 2015 i Document Control Document Owner Classification
More informationCA Service Desk Manager - Mobile Enabler 2.0
This Document is aimed at providing information about the (CA SDM) Mobile Enabler and mobile capabilities that is typically not available in the product documentation. This is a living document and will
More informationTwo Vulnerabilities in Android OS Kernel
IEEE ICC 2013 - Wireless Networking Symposium Two Vulnerabilities in Android OS Kernel Xiali Hei, Xiaojiang Du and Shan Lin Department of Computer and Information Sciences Temple University Philadelphia,
More informationWhat Is BYOD? Challenges and Opportunities
Wor k s pac es Mobi l i t ysol ut i ons Bl uewi r esol ut i ons www. bl uewi r e. c o. uk What Is BYOD? Challenges and Opportunities What is BYOD How Secure is Your BYOD Environment? Bring your own device
More informationFaculty/Staff/Community Mountain Home School District Computer and Network Appropriate Use Policy
Faculty/Staff/Community Mountain Home School District Computer and Network Appropriate Use Policy Mountain Home School District is responsible for securing its network and computer systems against unauthorized
More informationAdobe Flash Player and Adobe AIR security
Adobe Flash Player and Adobe AIR security Both Adobe Flash Platform runtimes Flash Player and AIR include built-in security and privacy features to provide strong protection for your data and privacy,
More information10 easy steps to secure your retail network
10 easy steps to secure your retail network Simple step-by-step IT solutions for small business in retail to leverage advanced protection technology in ways that are affordable, fast and easy October 2015
More informationInformation Security Policy
Information Security Policy Touro College/University ( Touro ) is committed to information security. Information security is defined as protection of data, applications, networks, and computer systems
More informationHP AppPulse Mobile. Whitepaper: Privacy, Security, and Overhead. Document Release Date: September 2014 (v1.0)
HP AppPulse Mobile Whitepaper: Privacy, Security, and Overhead Document Release Date: September 2014 (v1.0) Introduction Introduction In mobile applications, user experience isn t everything; it s the
More informationPRAIRIE SPIRIT SCHOOL DIVISION NO. 206, BOX 809, 121 KLASSEN STREET EAST, WARMAN, SK S0K 4S0 -- PHONE: (306) 683-2800
PRAIRIE SPIRIT SCHOOL DIVISION NO. 206, BOX 809, 121 KLASSEN STREET EAST, WARMAN, SK S0K 4S0 -- PHONE: (306) 683-2800 ADMINISTRATIVE POLICY NO. 511 IMPLEMENTATION JANUARY 2014 EMPLOYEE ACCEPTABLE USE POLICY
More informationCMPT 471 Networking II
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
More information