SecureMyDroid: Enforcing Security in the Mobile Devices Lifecycle

摘要

Due to the extensive growth and diffusion of mobile devices (e.g., Smartphone, PDAs, mobile phones, etc.), and to their powerful capabilities, many users are massively using mobile devices both for personal and for work-related (corporate) activities. This poses serious threats to the security of such devices. In this paper, we propose a novel approach, based on the definition of a secure lifecycle for mobile devices, in order to extend corporate security policies to such devices. We focus on a new perspective that allows us to apply strong security policies and services enforcement to mobile devices. The approach proposed leverages on a customized release of the mobile device Operating System (OS). In particular, we present a prototype (called SecureMyDroid) of a secure mobile device based on a customized release of the Google Android operating system. One of the strong features of this prototype lies in the capability of folly customizing the operating environment of mobile devices. This prevents most of the tampering that is still practicable for devices that have been personalized through the installation of customized applications such as antimalware, antivirus, etc.