BYOD (Bring Your Own Device) 為企業節省採購成本,並使工作產能提升;另一方面也讓企業面臨新的資訊安全風險,因此如何制訂與實施BYOD安全政策成為一項重要的企業資訊安全議題。而在應用程式方面,值得注意的是能夠帶來危害的並不只有惡意程式,合法的應用程序也可能暴露隱密資訊,但面對逐漸增長的應用程式數量,已無法單靠資訊人員逐一分析應用程式是否對企業造成風險。為解決上述問題,本研究提出一個稱為「自動化BYOD安全政策制定」的平台,當員工安裝了一個新的應用程式時,本平台將自動地偵測員工新安裝的應用程式是否為惡意程式,對於合法的應用程式也會分析其宣告的權限是否會對企業帶來安全風險,並將以上分析的結果以安全政策來表示,提供給企業做為制定安全政策的參考。本研究經實驗證明確實可以滿足安全政策制定功能,且本平台也具有足夠高的效率可以進行大量的應用程式分析,幫助企業面對BYOD對於管理應用程式安全性上的挑戰。;BYOD (Bring Your Own Device) make enterprises reduce their cost of purchasing and improve work efficiency. On the other hand, they also face the risks of information security, such as stealing confidential business information by employee’s own device. Therefore, it’s an important issue that how to formulate and implement the BYOD security policy in the enterprises. In the application, it is worth to notice that not only malware has risk, legitimate applications may also expose the secret information. However, with the increasing applications, it’s impossible just to rely on IT analyzing applications one by one. In order to solve these problems which enterprise faces, we propose a platform of formulating security policy for Bring Your Own Device (BYOD) by analyzing Android permission. When employees install an unknown application, the platform will automatically detect the application if a malware, and if not, we are going to find out the application have possibility of having a business risk. The results of the above analysis will translate into security policy for enterprises as a reference. Finally, the experiment proved that we actually can give the security policy advice to enterprise, and our effectiveness in analyzing application is enough to handle the tremendous amount of Android applications.
