Don't Just BYOD, Bring-Your-Own-App Too! Protection via Virtual Micro Security Perimeters

Gabriel Salles-Loustau, Vidyasagar Sadhu, Luis Garcia, Kaustubh Joshi, Dario Pompili, Saman Zonouz

Research output: Contribution to journalArticlepeer-review

Abstract

Mobile devices aggregate various types of data from sensitive corporate documents to personal content. While users desire to access this content on a single device via a unified user experience and through any mobile app, protecting this data is challenging. Even though different data types have different security and privacy needs, mobile operating systems include only a few, if any, functionalities for fine-grained data protection. We present SWIRLS, an Android-based mobile OS that provides a policy-based information-flow data protection abstraction for mobile apps to support BYOD (bring-your-own-device) use cases. SWIRLS attaches security policies to individual pieces of data and enforces these policies as the data flows through the device. Unlike current BYOD solutions like VMs that create duplication overload, SWIRLS provides a single environment to access content from different security contexts using the same applications while monitoring for malicious data leakage. SWIRLS leverages a two-level hybrid information flow tracking (IFT) mechanism to track both intra-application flows and a higher level IFT based on processes for application isolation. Our evaluation presents BYOD data protection use-cases such as limiting document sharing, preventing leakage based on document classification and security policies based on geo-fencing. SWIRLS only imposes a low battery consumption and performance overhead.

Original languageEnglish (US)
Pages (from-to)76-92
Number of pages17
JournalIEEE Transactions on Mobile Computing
Volume21
Issue number1
DOIs
StatePublished - Jan 1 2022

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'Don't Just BYOD, Bring-Your-Own-App Too! Protection via Virtual Micro Security Perimeters'. Together they form a unique fingerprint.

Cite this