SECURITY ATTACKS TAXONOMY ON BRING YOUR OWN DEVICES (BYOD) MODEL

Mobile devices, specifically smartphones, have become ubiquitous. For this reason, businesses are starting to develop “Bring Your Own Device” policies to allow their employees to use their owned devices in the workplace. BYOD offers many potential advantages: enhanced productivity, increased revenues, reduced mobile costs and IT efficiencies. However, due to emerging attacks and limitations on device resources, it is difficult to trust these devices with access to critical proprietary information. Therefore, in this paper, the potential attacks of BYOD and taxonomy of BYOD attacks are presented. Advanced persistent threat (APT) and malware attack are discussed in depth in this paper. Next, the proposed solution to mitigate the attacks of BYOD is discussed. Lastly, the evaluations of the proposed solutions based on the X.800 security architecture are presented.

[1]  Mike Auty Anatomy of an advanced persistent threat , 2015, Netw. Secur..

[2]  J. A. De Vries Towards a roadmap for development of intelligent data analysis based cyber attack detection systems , 2012 .

[3]  Antonio Scarfò,et al.  New Security Perspectives around BYOD , 2012, 2012 Seventh International Conference on Broadband, Wireless Computing, Communication and Applications.

[4]  Christoph Reich,et al.  Enhancing Mobile Device Security by Security Level Integration in a Cloud Proxy , 2012, CLOUD 2012.

[5]  Jessica Keyes,et al.  Bring Your Own Devices (BYOD) Survival Guide , 2013 .

[6]  Georg Disterer,et al.  BYOD Bring Your Own Device , 2013 .

[7]  Bermejo Ruiz,et al.  CENTERIS 2013 - Conference on ENTERprise Information Systems / PRojMAN 2013 - International Conference on Project MANagement / HCIST 2013 - International Conference on Health and Social Care Information Systems and Technologies , 2013 .

[8]  Tu Delft,et al.  Towards a roadmap for development of intelligent data analysis based cyber attack detection systems , 2012 .

[9]  Ge Wei,et al.  TEEM: A User-Oriented Trusted Mobile Device for Multi-platform Security Applications , 2013, TRUST.

[10]  Yan Bai,et al.  2TAC: Distributed Access Control Architecture for "Bring Your Own Device" Security , 2012, 2012 ASE/IEEE International Conference on BioMedical Computing (BioMedCom).

[11]  Tarique Mustafa Malicious Data Leak Prevention and Purposeful Evasion Attacks: An approach to Advanced Persistent Threat (APT) management , 2013, 2013 Saudi International Electronics, Communications and Photonics Conference.

[12]  R. G. Lennon Changing user attitudes to security in bring your own device (BYOD) & the cloud , 2012, 2012 5th Romania Tier 2 Federation Grid, Cloud & High Performance Computing Science (RQLCG).

[13]  Khoula AlHarthy,et al.  Implement network security control solutions in BYOD environment , 2013, 2013 IEEE International Conference on Control System, Computing and Engineering.

[14]  Han Zhen,et al.  Protocol for trusted channel based on portable trusted module , 2013, China Communications.

[15]  John Thielens Why APIs are central to a BYOD security strategy , 2013, Netw. Secur..

[16]  Kathleen N. McGill Trusted Mobile Devices : Requirements for a Mobile Trusted Platform Module , 2013 .

[17]  Mark Ryan,et al.  Attack, Solution and Verification for Shared Authorisation Data in TCG TPM , 2009, Formal Aspects in Security and Trust.