| 摘要: | 隨著智慧型手機的蓬勃發展,現在有越來越多的員工能夠自行攜帶自己的行動裝置去上班,而衍生出現今「Bring Your Own Device (BYOD)」的現象。在 BYOD 之下,企業為了確保公司內的資料不被員工濫用,導入了功能強大的安全系統來做保護,然而,員工們所最關心的個人隱私問題,卻無法在現行的安全架構中能有所保障。因此,為了能夠同時繼續保護企業的資料不被員工非法的存取,又能夠同時多加保障員工的隱私資料不會被企業侵犯,本研究欲提出一個系統架構的設計,以能夠同時保護企業以及員工雙方各自的資料安全,達到雙贏的局面。在本研究的系統架構之中,企業、員工雙方可以各自對想要保護的資料加上識別的標籤,也能夠利用這些標籤來加以制定安全政策。本研究應用了「資訊流追蹤(Information Flow Tracking)」的機制,來監控行動裝置上資料的讀取以及流動情況,並且與制定好的安全政策做比對,來確保即時的資料使用情況是否確實符合已經制定好的安全政策。本研究的系統架構於數個情境的實驗中證明,無論是企業或是員工的資料發生了違規狀況,本研究的系統架構都能夠即時地偵測出來,並且對該資料做後續的保護動作,避免該資料被繼續的違規使用,證明本研究在 BYOD的環境下,確實能夠兼顧企業資料的安全與員工隱私的保護。;With the rapid development of smart phones, more and more employees are able to carry their own mobile devices to work now, and it derivatives "Bring Your Own Device (BYOD)" phenomenon. Under BYOD, enterprise would want to ensure that the corporate’s information is not abused by employees, so enterprise introduces powerful security systems to do the protection. However, employees concerned about privacy issues the most, but existing architectures do not take it into considerations. Therefore, in order to protect corporate’s information against illegally accessing by employees, but also to pay more attention to protect the privacy of employees while privacy information will not be violated by enterprise, we propose a system architecture to simultaneously protect corporate’s and employee’s data security, to achieve a win-win situation. In this study, business and employees both sides can protect their information by identifying the label, and by using these labels to develope security policies. We use the "Information Flow Tracking" mechanism to monitor the flow of information on mobile devices, and simultaneously check the situation with the security policy, to ensure real-time information on usage is indeed comply with security policy. In the end, we use a number of experiments to prove the functionalities, while corporate’s or employee’s data violate to the policy, our architecture is able to instantly detect it, and do the follow-up of the data protection operations, to protect both employee’s privacy and corporate’s security. |
