Benchmarking User-Defined Security Configuration of Mobile Devices

The popularization of smartphones and tablets and their increasing usage turns them into an attractive target for cyber attackers. This, together with the fact that many organizations employ a Bring Your Own Device (BYOD) policy, make assessing and comparing the security of mobile devices a key issue, in particular in what regards user-defined configurations as these have a huge impact on the potential attack surface. In order to allow characterizing the relative security level of mobile devices with respect to user configurations, this paper proposes a research towards a benchmarking approach to compare and rank mobile devices, with respect to their security. Preliminary results show that Android users neglect important security recommendations while configuring their devices and that benchmarking is indeed a good way to identify the most secure user-defined configuration.

[1]  José Rui Figueira,et al.  Building a set of additive value functions representing a reference preorder and intensities of preference: GRIP method , 2009, Eur. J. Oper. Res..

[2]  Marco Vieira,et al.  Towards assessing the security of DBMS configurations , 2008, 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN).

[3]  Eliane Martins,et al.  A security configuration assessment for android devices , 2015, SAC.

[4]  Ibrahim Sogukpinar,et al.  ISRAM: information security risk analysis method , 2005, Comput. Secur..

[5]  Samuel Kounev,et al.  Resilience Benchmarking , 2012, Resilience Assessment and Evaluation of Computing Systems.

[6]  Eliane Martins,et al.  Experience report: A field analysis of user-defined security configurations of Android devices , 2015, 2015 IEEE 26th International Symposium on Software Reliability Engineering (ISSRE).

[7]  Dimitris Gritzalis,et al.  A Qualitative Metrics Vector for the Awareness of Smartphone Security Users , 2013, TrustBus.

[8]  Marco Vieira,et al.  On the Metrics for Benchmarking Vulnerability Detection Tools , 2015, 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[9]  Raymond Bisdorff,et al.  The Decision Deck Project , 2009 .

[10]  Marco Vieira,et al.  TO BEnchmark or NOT TO BEnchmark security: That is the question , 2011, 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W).