企業實施BYOD之安全政策管理平台設計與雛型實作

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：39

、訪客IP：18.226.52.161

姓名

李佩芸(Pei-Yun Lee) 查詢紙本館藏

畢業系所

資訊管理學系

論文名稱

企業實施BYOD之安全政策管理平台設計與雛型實作
(A Platform of Managing Security Policy for Bring Your Own Device (BYOD) in Enterprise)

相關論文

★ 應用數位版權管理機制於數位影音光碟內容保護之研究	★ 以應用程式虛擬化技術達成企業軟體版權管理之研究
★ 以IAX2為基礎之網頁電話架構設計	★ 應用機器學習技術協助警察偵辦詐騙案件之研究
★ 擴充防止詐欺及保護隱私功能之帳戶式票務系統研究-以大眾運輸為例	★ 網際網路半結構化資料之蒐集與整合研究
★ 電子商務環境下網路購物幫手之研究	★ 網路安全縱深防護機制之研究
★ 國家寬頻實驗網路上資源預先保留與資源衝突之研究	★ 以樹狀關聯式架構偵測電子郵件病毒之研究
★ 考量地區差異性之隨選視訊系統影片配置研究	★ 不信任區域網路中數位證據保留之研究
★ 入侵偵測系統事件說明暨自動增加偵測規則之整合性輔助系統研發	★ 利用程序追蹤方法關聯分散式入侵偵測系統之入侵警示研究
★ 一種網頁資訊擷取程式之自動化產生技術研發	★ 應用XML/XACML於工作流程管理系統之授權管制研究

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

隨著行動裝置的迅速普及，開啟了數位生活新世代，人們已經習慣隨身攜帶個人行動裝置上班工作，因此許多企業開始希望能實施BYOD（Bring Your Own Device）政策，一方面能讓員工使用個人行動裝置來投入企業的商業流程，為企業節省硬體採購成本與提升整體工作效率；另一方面也讓企業需要面臨新的資訊安全風險，例如員工利用行動裝置的便利性而更容易竊取企業內部機密資料等，因此如何制訂與實施BYOD安全政策成為一項重要的企業資訊安全議題。為解決上述問題，本研究提出企業實施BYOD之安全政策管理平台（SDroid）在安全政策制定方面，本研究提供安全政策制定的操作管理介面，讓資訊安全人員制定企業所需的Install-time與Run-time安全政策，並且利於日後維護。本研究亦提供SDroidAgent應用程式，能即時分析員工所安裝的應用程式皆符合企業制定的安全政策，因此企業不需格外建立專屬應用程式商店或黑白名單機制。本研究的設計特色在於避免修改Android作業系統，以降低日後系統更新或員工接受使用的障礙，本研究亦將資訊統一交由遠端SDroid平台進行分析，可大幅降低行動裝置的運算負擔。本研究提出之企業實施BYOD安全政策管理平台，經實驗證明確實能制定Install-time與Run-time安全政策，並正確地將政策實施於員工的Android行動裝置中，確保員工使用的應用程式皆符合企業安全政策的規範。

摘要(英)

According to the popularity of personal mobile devices, more and more people bring their own device to work. The new term of “Bring Your Own Device”, also called BYOD, is appeared. On the one hand, enterprises can reduce their cost of purchasing and improve work efficiency. On the other hand, they also face the risks of information security, such as stealing confidential business information by employee’s own device. Therefore, it’s an important issue that how to formulate and implement the BYOD security policy in the enterprises. In order to solve these problems which enterprise faces, we propose a platform of managing Security policy for Bring Your Own Device (BYOD) in enterprise. We manage security policies those enterprises draft and provide a user interface to set up those policies. This platform receives information from an agent of mobile device and processes those information in run-time analysis. This run-time analysis takes responsibility for matching behaviors of application and security policy. In addition, we rarely modify android operating system and reduce computing of mobile device. Finally, using this proposed mechanism, enterprise can reduce risks of information security.

關鍵字(中)

★ 員工自帶設備上班
★ 行動裝置
★ 智慧型手機
★ 資訊安全政策
★ Android

關鍵字(英)

★ Bring your own device
★ Mobile device
★ Security Policy Enforcement
★ Android

論文目次

論文摘要 i
Abstract ii
誌謝 iii
目錄 iv
圖目錄 vii
表目錄 x
第一章緒論 1
1-1 研究背景 1
1-2 研究動機與目的 3
1-3 研究貢獻 5
1-4 章節架構 6
第二章相關研究 7
2-1 BYOD安全政策之定義 7
2-2 安全政策之相關研究 8
2-3 BYOD安全機制之相關研究 12
2-3-1 常見的BYOD安全機制 12
2-3-2 其他的BYOD安全機制 14
2-4 ANDROID靜態分析之相關研究 17
2-5 小結 19
第三章 BYOD安全政策管理平台 22
3-1 安全政策制定 22
3-1-1 Install-time安全政策 22
3-1-2 Run-time安全政策 23
3-2 BYOD安全政策管理平台之架構設計 24
3-2-1 BYOD安全政策管理平台之系統架構 24
3-2-2 BYOD安全政策管理平台之資料庫設計 26
3-2-3 BYOD安全政策管理平台之運作流程 27
3-3 BYOD安全政策管理平台之功能詳述 29
3-3-1 BYOD安全政策管理平台頁面 29
3-3-2 Install-time政策制定 30
3-3-3 Run-time政策制定 32
3-3-4 解析政策 36
3-3-5 政策比對機制 37
3-3-6 訊息事件通知 40
3-3-7 防止SDroidAgent卸載之機制 41
3-4 SDROIDAGENT之功能詳述 43
3-4-1 擷取行動裝置新增應用程式的Intent事件 44
3-4-2 接收與回傳遠端SDroid平台的相關資訊 45
3-4-3 針對目標應用程式進行鎖住與解鎖動作 46
3-4-4 顯示目前限制的應用程式清單 47
第四章實驗與討論 48
4-1 實驗環境 48
4-2 實驗一：INSTALL-TIME安全政策比對機制之功能驗證 48
4-2-1 實驗目的 48
4-2-2 實驗環境 48
4-2-3 實驗結果 49
4-3 實驗二：RUN-TIME安全政策制定之功能驗證 52
4-3-1 實驗目的 52
4-3-2 實驗環境 52
4-3-3 實驗結果 52
4-4 實驗三：APKCRAWLER功能對使用者的影響 56
4-4-1 實驗目的 56
4-4-2 實驗環境 56
4-4-3 實驗結果 57
4-5 小結 59
第五章結論與未來研究 60
5-1 研究結論與貢獻 60
5-2 研究限制 61
5-3 未來研究 61
參考文獻 63
附錄一 68

參考文獻

[1] “行政院及所屬各機關行動化服務發展作業原則.” [Online]. Available: http://www.rootlaw.com.tw/LawContent.aspx?LawID=A040030001023000-1010103. [Accessed: 03-Jun-2015].
[2] “Technology Research | Gartner Inc.” [Online]. Available: http://www.gartner.com/technology/home.jsp. [Accessed: 29-Mar-2015].
[3] K. W. Miller, I. Springfield, J. Voas, I. Fellow, G. F. Hurlburt, and C. Index, “BYOD : Security Considerations,” IT Prof., vol. 14, no. 5, pp. 53–55, 2012.
[4] “The Financial Impact of BYOD.” [Online]. Available: http://www.cisco.com/web/about/ac79/docs/re/byod/BYOD-Economics_Presentation.pdf.
[5] “NTT Communications Global Website.” [Online]. Available: http://www.ntt.com/index-e.html. [Accessed: 28-May-2015].
[6] “Apple - iOS 8.” [Online]. Available: https://www.apple.com/tw/ios/. [Accessed: 28-Mar-2015].
[7] “Android Developers.” [Online]. Available: http://developer.android.com/index.html. [Accessed: 28-Mar-2015].
[8] “Windows Phone.” [Online]. Available: https://www.windowsphone.com/zh-tw. [Accessed: 04-Jun-2015].
[9] “Endpoint, Cloud, Mobile & Virtual Security Solutions | Symantec.” [Online]. Available: https://www.symantec.com/index.jsp. [Accessed: 28-May-2015].
[10] “Check Point Offers Network, Firewall & Data Security Solutions | Check Point Software.” [Online]. Available: http://www.checkpoint.com/. [Accessed: 03-Jun-2015].
[11] Check Point Software Technologies Ltd., “The impact of mobile devices on information security,” 2013. [Online]. Available: http://www.checkpoint.com/downloads/products/check-point-mobile-security-survey-report2013.pdf.
[12] A. Armando, F. B. Kessler, G. Costa, and L. Verderame, “Enabling BYOD through Secure Meta-Market Categories and Subject Descriptors,” pp. 219–230, 2014.
[13] “Google Play.” [Online]. Available: https://play.google.com/store. [Accessed: 26-Mar-2015].
[14] “Oxford Dictionaries.” [Online]. Available: http://www.oxfordlearnersdictionaries.com/.
[15] N. L. Johnson, M. Cross, and T. Piltzecker, Security+ Study Guide and DVD Training System. 2002.
[16] E. Maiwald, Fundamentals of Network Security. McGraw-Hill, Inc. New York, NY, USA, 2004.
[17] P.-C. H. and T.-C. C. Chang, J Morris, “Securing BYOD,” IT Prof., vol. 16, no. 5, pp. 9–11, 2014.
[18] M. Ongtang, S. Mclaughlin, W. Enck, and P. Mcdaniel, “Semantically rich application-centric security in Android,” Secur. Commun. Networks, vol. 5, pp. 658–673, 2012.
[19] M. Nauman, S. Khan, and X. Zhang, “Apex : Extending Android Permission Model and Enforcement with User-defined Runtime Constraints,” ASIACCS ’10 Proc. 5th ACM Symp. Information, Comput. Commun. Secur., pp. 328–332, 2010.
[20] R. Xu, H. Saïdi, R. Anderson, and H. Saıdi, “Aurasium: Practical Policy Enforcement for Android Applications,” Proc. 21st USENIX Conf. …, p. 27, 2012.
[21] “Airwatch-MDM.” [Online]. Available: http://www.air-watch.com/zh-hant/solutions/mobile-device-management. [Accessed: 26-Mar-2015].
[22] “MobileIron-MAM.” [Online]. Available: https://www.mobileiron.com/en/solutions/mobile-application-management-mam. [Accessed: 26-Mar-2015].
[23] S. G. Ocano, B. Ramamurthy, and Y. Wang, “Remote Mobile Screen ( RMS ): an approach for secure BYOD environments,” pp. 52–56, 2015.
[24] “Samsung KNOX.” [Online]. Available: http://www.samsung.com/global/business/mobile/platform/mobile-platform/knox/. [Accessed: 26-Mar-2015].
[25] S. Chung, S. Chung, T. Escrig, Y. Bai, and B. Endicott-Popovsky, “2TAC: Distributed access control architecture for ‘bring your own device’ security,” Proc. 2012 ASE Int. Conf. Biomed. Comput. BioMedCom 2012, no. SocialInformatics, pp. 123–126, 2013.
[26] I. Aktug and K. Naliuka, “ConSpec – a formal language for policy Security Enforcement in the Application Lifecycle,” Electron. Notes Theor. Comput. Sci., pp. 1–13, 2007.
[27] “Bring Your Own Device | The White House.” [Online]. Available: https://www.whitehouse.gov/digitalgov/bring-your-own-device. [Accessed: 27-Mar-2015].
[28] Y. Wang, J. Wei, and K. Vangury, “Bring Your Own Device Security Issues and Challenges,” Consum. Commun. Netw. Conf., pp. 276–281, 2014.
[29] 張至安, “Android應用程式靜態API分析以及安裝建議系統,” 國立臺灣大學，碩士論文, 2014.
[30] “Apktool - A tool for reverse engineering Android apk files.” [Online]. Available: http://ibotpeaches.github.io/Apktool/. [Accessed: 24-Jun-2015].
[31] A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner, “Android permissions demystified,” Proc. 18th ACM Conf. Comput. Commun. Secur. - CCS ’11, p. 627, 2011.
[32] K. Wain, Y. Au, Y. F. Zhou, Z. Huang, and D. Lie, “PScout : Analyzing the Android Permission Specification,” CCS ’12 Proc. 2012 ACM Conf. Comput. Commun. Secur., pp. 217–228, 2012.
[33] A. Armando, G. Costa, L. Verderame, and A. Merlo, “Securing the ‘Bring your own device’ paradigm,” Computer (Long. Beach. Calif)., vol. 47, pp. 48–56, 2014.
[34] 郭宏毅, “BYOD下兼顧公司安全與員工隱私保護之資訊流追蹤機制研究,” 國立中央大學，碩士論文, 2015.
[35] “Leading Enterprise Java Web Framework | ZK.” [Online]. Available: http://www.zkoss.org/. [Accessed: 21-May-2015].
[36] “ZK - ZK Developer’s Reference/MVVM - Documentation.” [Online]. Available: http://books.zkoss.org/wiki/ZK_Developer’s_Reference/MVVM. [Accessed: 21-May-2015].
[37] “MySQL: The world’s most popular open source database.” [Online]. Available: http://www.mysql.com/. [Accessed: 21-May-2015].
[38] “Manifest.permission | Android Developers.” [Online]. Available: http://developer.android.com/reference/android/Manifest.permission.html. [Accessed: 27-Mar-2015].
[39] “XStream.” [Online]. Available: http://www.xml.com/pub/a/2004/08/18/xstream.html. [Accessed: 11-Jun-2015].
[40] “Cloud Messaging | Google Developers.” [Online]. Available: https://developers.google.com/cloud-messaging/?hl=zh-TW. [Accessed: 15-Jun-2015].
[41] “Eclipse - The Eclipse Foundation open source community website.” [Online]. Available: https://eclipse.org/. [Accessed: 11-Jun-2015].
[42] “Installing the Android SDK | Android Developers.” [Online]. Available: https://developer.android.com/sdk/installing/index.html. [Accessed: 11-Jun-2015].
[43] “Android Developer Tools | Android Developers.” [Online]. Available: http://developer.android.com/tools/help/adt.html. [Accessed: 11-Jun-2015].
[44] “PackageInstaller | Android Developers.” [Online]. Available: https://developer.android.com/reference/android/content/pm/PackageInstaller.html. [Accessed: 10-Jul-2015].
[45] “The Apache HTTP Server Project.” [Online]. Available: http://httpd.apache.org/. [Accessed: 11-Jun-2015].
[46] “android-market-api - Android Market for all developers.” [Online]. Available: https://code.google.com/p/android-market-api/. [Accessed: 23-May-2015].
[47] “Processes and Threads | Android Developers.” [Online]. Available: http://developer.android.com/guide/components/processes-and-threads.html. [Accessed: 04-Jun-2015].
[48] “Java Servlet Technology - The Java EE 6 Tutorial.” [Online]. Available: http://docs.oracle.com/javaee/6/tutorial/doc/bnafd.html. [Accessed: 11-Jun-2015].
[49] “SharedPreferences | Android Developers.” [Online]. Available: http://developer.android.com/reference/android/content/SharedPreferences.html. [Accessed: 11-Jun-2015].
[50] “Intents and Intent Filters | Android Developers.” [Online]. Available: http://developer.android.com/guide/components/intents-filters.html. [Accessed: 11-Jun-2015].
[51] “AlarmManager | Android Developers.” [Online]. Available: http://developer.android.com/reference/android/app/AlarmManager.html. [Accessed: 11-Jun-2015].

指導教授

陳奕明(Yi-Ming Chen)

審核日期

2015-7-24

推文