Personal Trusted Devices for Web Services: Revisiting Multilevel Security

In this paper we revisit the concept of mandatory access control and investigate its potential with personal digital assistants (PDA). Only if applications are clearly separated and Trojans cannot leak personal information can these PDAs become personal trusted devices. Limited processing power and memory can be overcome by using Web services instead of full-fledged applications – a trend also in non-mobile computing. Web services, however, introduce additional security risks, some of them specific for mobile users. We propose an identification scheme that can be effectively used to protect privacy and show how this system builds upon a light-weight version of mandatory access control.

[1]  K J Biba,et al.  Integrity Considerations for Secure Computer Systems , 1977 .

[2]  Prathima Agrawal,et al.  Get wireless: a mobile technology spectrum , 1999 .

[3]  Tadayoshi Kohno,et al.  Trust (and mistrust) in secure applications , 2001, CACM.

[4]  Stephen T. Kent,et al.  A public‐key based secure Mobile IP , 1999, Wirel. Networks.

[5]  D. Elliott Bell,et al.  Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[6]  Hemma Prafullchandra,et al.  Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2 , 1997, USENIX Symposium on Internet Technologies and Systems.

[7]  Paul Syverson,et al.  Onion routing access configurations , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[8]  Edgar R. Weippl,et al.  Identity Mapping: An Approach to Unravel Enterprise Security Management Policies , 2000, SEC.

[9]  Levente Buttyán,et al.  A Pessimistic Approach to Trust in Mobile Agent Platforms , 2000, IEEE Internet Comput..

[10]  Barry Brumitt,et al.  EasyLiving: Technologies for Intelligent Environments , 2000, HUC.

[11]  Chris I. Dalton,et al.  An operating system approach to securing e-services , 2001, CACM.

[12]  Birgit Pfitzmann,et al.  Trusting Mobile User Devices and Security Modules , 1997, Computer.

[13]  Anind K. Dey,et al.  Understanding and Using Context , 2001, Personal and Ubiquitous Computing.

[14]  William H. Mangione-Smith,et al.  Mobile computing and smart spaces , 1998, IEEE Concurr..

[15]  Walid G. Aref,et al.  Security models for web-based applications , 2001, CACM.