MobileGuardian: A security policy enforcement framework for mobile devices

Abstract

Mobile devices such as smartphones and tablets are widely used for personal and business uses. Compared to personal mobile subscribers, enterprises have more concerns about mobile device security. The challenges an enterprise may face include unlimited access to corporate resources, lack of encryption on corporate data, unwillingness to backup data, etc. Many of these issues have been resolved by auditing and enforcing security policies in enterprise networks. However, it is difficult to audit and enforce security policies on mobile devices. A substantial discrepancy exists between enterprise security policy administration and security policy enforcement. In this paper, we propose a framework, MobileGuardian, for security policy enforcement on mobile devices. Security policy enforcement is further divided into four issues, i.e., sensitive data isolation, security policy formulation, security policy testing, and security policy execution. The proposed framework is secure, flexible, and scalable. It can be adopted on any mobile platforms to implement access control, data confidentiality, security, and integrity.