Configuration Management of iOS Devices based on SCAP
暂无分享,去创建一个
As popularity of the iOS mobile devices, such as iPhone and iPad, continues to grow, more and more personal data inevitably stored inside these devices and it has become an important issue to protect private data on the devices. In order to protect private data on the mobile devices, we designed and implemented configuration management software for iOS devices based on the SCAP (Security Content Automation Protocol). In 2012, the National Security Agency (NSA) publicly gave a document that provided recommendations for secure configuration setting of iOS5 mobile devices and we use these recommendations for configuration management of iOS devices. The iPhone Configuration Utility (iPCU) is a software program developed by the Apple Inc. and could be used for create and install configuration profile for iOS mobile devices. In this research, we used iPCU to read current configuration setting of iOS device and sent to the developed SCAP-based server for security evaluation and scoring each configuration with OVAL (Open Vulnerability and Assessment Language) and Common Vulnerability Scoring System (CVSS).
[1] Karen A. Scarfone,et al. The Common Vulnerability Scoring System (CVSS) and its Applicability to Federal Agency Systems , 2007 .
[2] Jessica Keyes,et al. Bring Your Own Devices (BYOD) Survival Guide , 2013 .
[3] R.A. Martin,et al. Making security measurable and manageable , 2008, MILCOM 2008 - 2008 IEEE Military Communications Conference.