BYOD 下兼顧公司安全政策與員工隱私保護之資訊流追蹤機制研究

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：64

、訪客IP：3.135.204.13

姓名

郭宏毅(Hong-Yi Guo) 查詢紙本館藏

畢業系所

資訊管理學系

論文名稱

BYOD 下兼顧公司安全政策與員工隱私保護之資訊流追蹤機制研究

相關論文

★ 應用數位版權管理機制於數位影音光碟內容保護之研究	★ 以應用程式虛擬化技術達成企業軟體版權管理之研究
★ 以IAX2為基礎之網頁電話架構設計	★ 應用機器學習技術協助警察偵辦詐騙案件之研究
★ 擴充防止詐欺及保護隱私功能之帳戶式票務系統研究-以大眾運輸為例	★ 網際網路半結構化資料之蒐集與整合研究
★ 電子商務環境下網路購物幫手之研究	★ 網路安全縱深防護機制之研究
★ 國家寬頻實驗網路上資源預先保留與資源衝突之研究	★ 以樹狀關聯式架構偵測電子郵件病毒之研究
★ 考量地區差異性之隨選視訊系統影片配置研究	★ 不信任區域網路中數位證據保留之研究
★ 入侵偵測系統事件說明暨自動增加偵測規則之整合性輔助系統研發	★ 利用程序追蹤方法關聯分散式入侵偵測系統之入侵警示研究
★ 一種網頁資訊擷取程式之自動化產生技術研發	★ 應用XML/XACML於工作流程管理系統之授權管制研究

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

[檢視]

[下載]

本電子論文使用權限為同意立即開放。
已達開放權限電子全文僅授權使用者為學術研究之目的，進行個人非營利性質之檢索、閱讀、列印。
請遵守中華民國著作權法之相關規定，切勿任意重製、散佈、改作、轉貼、播送，以免觸法。

摘要(中)

隨著智慧型手機的蓬勃發展，現在有越來越多的員工能夠自行攜帶自己的行動裝置去上班，而衍生出現今「Bring Your Own Device (BYOD)」的現象。在 BYOD 之下，企業為了確保公司內的資料不被員工濫用，導入了功能強大的安全系統來做保護，然而，員工們所最關心的個人隱私問題，卻無法在現行的安全架構中能有所保障。因此，為了能夠同時繼續保護企業的資料不被員工非法的存取，又能夠同時多加保障員工的隱私資料不會被企業侵犯，本研究欲提出一個系統架構的設計，以能夠同時保護企業以及員工雙方各自的資料安全，達到雙贏的局面。在本研究的系統架構之中，企業、員工雙方可以各自對想要保護的資料加上識別的標籤，也能夠利用這些標籤來加以制定安全政策。本研究應用了「資訊流追蹤（Information Flow Tracking）」的機制，來監控行動裝置上資料的讀取以及流動情況，並且與制定好的安全政策做比對，來確保即時的資料使用情況是否確實符合已經制定好的安全政策。本研究的系統架構於數個情境的實驗中證明，無論是企業或是員工的資料發生了違規狀況，本研究的系統架構都能夠即時地偵測出來，並且對該資料做後續的保護動作，避免該資料被繼續的違規使用，證明本研究在 BYOD的環境下，確實能夠兼顧企業資料的安全與員工隱私的保護。

摘要(英)

With the rapid development of smart phones, more and more employees are able to carry their own mobile devices to work now, and it derivatives "Bring Your Own Device (BYOD)" phenomenon. Under BYOD, enterprise would want to ensure that the corporate’s information is not abused by employees, so enterprise introduces powerful security systems to do the protection. However, employees concerned about privacy issues the most, but existing architectures do not take it into considerations. Therefore, in order to protect corporate’s information against illegally accessing by employees, but also to pay more attention to protect the privacy of employees while privacy information will not be violated by enterprise, we propose a system architecture to simultaneously protect corporate’s and employee’s data security, to achieve a win-win situation. In this study, business and employees both sides can protect their information by identifying the label, and by using these labels to develope security policies. We use the "Information Flow Tracking" mechanism to monitor the flow of information on mobile devices, and simultaneously check the situation with the security policy, to ensure real-time information on usage is indeed comply with security policy. In the end, we use a number of experiments to prove the functionalities, while corporate’s or employee’s data violate to the policy, our architecture is able to instantly detect it, and do the follow-up of the data protection operations, to protect both employee’s privacy and corporate’s security.

關鍵字(中)

★ Bring Your Own Device
★ 企業資料安全
★ 員工隱私保護
★ 安全政策
★ 資訊流追蹤

關鍵字(英)

★ Bring Your Own Device
★ Enterprise’s Security
★ Employee’s Privacy
★ Security Policy
★ Information Flow Tracking

論文目次

論文摘要 i
Abstract ii
謝誌 iii
目錄 iv
圖目錄 vii
表目錄 xi
第一章緒論 1
1-1 背景 1
1-2 動機 2
1-3 目的 4
1-4 章節架構 5
第二章相關研究 6
2-1 企業因應 BYOD 的安全系統 6
2-1-1 Mobile Device Management (MDM) 6
2-1-2 Mobile Application Management (MAM) 7
2-1-3 Virtual Mobile Infrastructure (VMI) 8
2-1-4 Containerization 9
2-2 手機惡意軟體分析方式 11
2-3 資訊流追蹤 16
2-3-1 TaintDroid 17
2-3-2 TaintDroid 相關文獻 19
2-3-3 資訊流追蹤與 BYOD 之關聯 24
2-4 小結 26
第三章研究方法 29
3-1 系統架構 29
3-1-1 系統架構圖 29
3-1-2 模組功能介紹 31
3-2 運作流程 51
3-2-1 安裝新 APP 51
3-2-2 新增資料 52
3-2-3 下載資料 55
3-2-4 卸載現有的 APP 57
3-2-5 刪除資料 58
3-2-6 存取或傳輸公司的資料 59
3-2-7 存取或傳輸員工的資料 61
第四章實驗設計與結果討論 63
4-1 功能驗證實驗 63
4-1-1 開啟企業檔案 63
4-1-2 開啟員工檔案 66
4-1-3 傳輸企業檔案 68
4-1-4 傳輸員工檔案 71
4-1-5 例外處理 74
4-2 實驗結果討論 75
第五章結論與未來研究 77
5-1 研究結論 77
5-2 研究貢獻 78
5-3 研究限制 79
5-4 未來研究 80
參考文獻 89

參考文獻

[1] “Beyond the PC.” [Online]. Available: http://www.economist.com/sites/default/files/special-reports-pdfs/20111008_personal_ technology.pdf. [Accessed: 26-Mar-2015].
[2] “The Financial Impact of BYOD.” [Online]. Available: http://www.cisco.com/web/about/ac79/docs/re/byod/BYOD-Economics_Presentation.p df. [Accessed: 26-Mar-2015].
[3] Buckalew et al., “The Financial Impact of BYOD A Model of BYOD’s Benefits to Global Companies,” pp. 1–26, 2013.
[4] “Gartner Predicts by 2017, Half of Employers will Require Employees to Supply Their Own Device for Work Purposes.” [Online]. Available: http://www.gartner.com/newsroom/id/2466615. [Accessed: 26-Mar-2015].
[5] H. Romer, “Best practices for BYOD security,” Comput. Fraud Secur., vol. 2014, no. 1, pp. 13–15, 2014.
[6] B. Morrow, “BYOD security challenges: Control and protect your most sensitive data,” Netw. Secur., vol. 2012, no. 12, pp. 5–8, 2012.
[7] S. Mansfield-Devine, “Interview: BYOD and the enterprise network,” Comput. Fraud Secur., vol. 2012, no. 4, pp. 14–17, 2012.
[8] “MDM and beyond : Rethinking mobile security in a BYOD world,” 2013.
[9] G. Kulkarni, R. Shelke, R. Palwe, V. Solanke, S. Belsare, and S. Mohite, “Mobile Cloud Computing - Bring Your Own Device,” 2014 Fourth Int. Conf. Commun. Syst. Netw. Technol., pp. 565–568, 2014.
[10] P. Beckett, “BYOD – popular and problematic,” Netw. Secur., vol. 2014, no. 9, pp. 7–9, 2014.
[11] J. M. Chang, “Securing BYOD,” pp. 9–11, 2012. 90
[12] B. Lokhande and S. Dhavale, “Overview of information flow tracking techniques based on Taint analysis for Android,” 2014 Int. Conf. Comput. Sustain. Glob. Dev. INDIACom 2014, pp. 749–753, 2014.
[13] “RiskIQ Reports Malicious Mobile Apps in Google Play Have Spiked Nearly 400 Percent | Business Wire.” [Online]. Available: http://www.businesswire.com/news/home/20140219005470/en/RiskIQ-Reports-Malici ous-Mobile-Apps-Google-Play#.VJlVuF4ALE. [Accessed: 26-Mar-2015].
[14] “Gartner Says More than 75 Percent of Mobile Applications will Fail Basic Security Tests Through 2015.” [Online]. Available: http://www.gartner.com/newsroom/id/2846017. [Accessed: 26-Mar-2015].
[15] K. W. Miller, I. Springfield, J. Voas, I. Fellow, G. F. Hurlburt, and C. Index, “BYOD : Security Considerations,” pp. 53–55.
[16] “2014 Employee BYOD Survey.” [Online]. Available: http://www.zixcorp.com/byod/employee-survey/. [Accessed: 26-Mar-2015].
[17] K. Hwang, S. Kulkarni, Y. Hu, F. Doelitzscher, C. Reich, M. Knahl, N. Clarke, J. Liu, M. Xian, S. Fu, and K. Huang, “Cloud security with virtualized defense and reputation-based trust management,” IET Commun., vol. 8, no. 12, pp. 197–204, 2014.
[18] F. Doelitzscher, C. Reich, M. Knahl, and N. Clarke, “An autonomous agent based incident detection system for cloud environments,” Proc. - 2011 3rd IEEE Int. Conf. Cloud Comput. Technol. Sci. CloudCom 2011, pp. 197–204, 2011.
[19] J. Liu, M. Xian, S. Fu, and K. Huang, “Securing the cloud storage audit service: defending against frame and collude attacks of third party auditor,” IET Commun., vol. 8, no. 12, pp. 2106–2113, 2014.
[20] “What is MDM, MAM, and MIM? (And what’s the difference?) - Brian Madden - BrianMadden.com.” [Online]. Available: http://www.brianmadden.com/blogs/brianmadden/archive/2012/05/29/what-is-mdm-m am-and-mim-and-what-s-the-difference.aspx. [Accessed: 26-Mar-2015].
[21] F. B. Kessler, A. Armando, and L. Verderame, “Bring Your Own Device , Securely ∗,” pp. 1852–1858, 2013.
[22] A. Armando, F. B. Kessler, G. Costa, and L. Verderame, “Enabling BYOD through Secure Meta-Market Categories and Subject Descriptors,” pp. 219–230. 91
[23] A. Armando, G. Costa, L. Verderame, and A. Merlo, “Securing the ‘Bring your own device’ paradigm,” Computer (Long. Beach. Calif)., vol. 47, pp. 48–56, 2014.
[24] “Are you ready for VMI (Virtual Mobile Infrastructure)? It’s like VDI, but for remoting mobile OSes - Brian Madden - BrianMadden.com.” [Online]. Available: http://www.brianmadden.com/blogs/brianmadden/archive/2015/02/11/are-you-ready-fo r-vmi-virtual-mobile-infrastructure-it-s-like-vdi-but-for-remoting-mobile-oses.aspx. [Accessed: 26-Mar-2015].
[25] “Why Remote Rendering Protocols CANNOT Deliver a True Mobile UX.” [Online]. Available: http://blog.reddomobility.com/remote-rendering-protocols-cannot-deliver-mobile-ux.
[26] “Mobile Content Management (MCM) and BYOD - Vaultize.” [Online]. Available: http://www.vaultize.com/mobile-content-management-byod.html. [Accessed: 26-Mar-2015].
[27] “Centrify and Samsung partners for Samsung KNOX.” [Online]. Available: http://www.centrify.com/partners/alliance-partners/centrify-and-samsung/. [Accessed: 26-Mar-2015].
[28] “KNOX.” [Online]. Available: http://www.samsung.com/global/business/mobile/platform/mobile-platform/knox/index _management.html. [Accessed: 26-Mar-2015].
[29] “MobileIron 6.0.1 權限設定彈性，MDM、MAM、MCM 三合一 | iThome.” [Online]. Available: http://www.ithome.com.tw/review/88237. [Accessed: 26-Mar-2015].
[30] “因應 BYOD 風潮行動裝置管理系統崛起 | iThome.” [Online]. Available: http://www.ithome.com.tw/tech/87146. [Accessed: 26-Mar-2015].
[31] K. Z. Chen, N. Johnson, V. D’Silva, S. Dai, K. MacNamara, T. Magrino, E. Wu, M. Rinard, and D. Song, “Contextual Policy Enforcement in Android Applications with Permission Event Graphs,” Symp. Netw. Distrib. Syst. Secur., 2013.
[32] E. C. Code, “Embedded c code 17,” Proofs, no. C, pp. 495–512.
[33] G. J. Holzmann, “The Model Checker,” vol. 23, no. 5, pp. 279–295, 1997.
[34] W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth, “TaintDroid,” Commun. ACM, vol. 57, pp. 99–106, 2014.
[35] W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth, “TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones,” Osdi ’10, vol. 49, pp. 1–6, 2010.
[36] “TaintDroid 2.3.” [Online]. Available: https://sites.google.com/site/taintdroid23/home. [Accessed: 29-Jun-2015].
[37] “TaintDroid: Realtime Privacy Monitoring on Smartphones.” [Online]. Available: http://appanalysis.org/index.html. [Accessed: 29-Jun-2015].
[38] H. Wang, “Detection for Android Application Abnormal Download Behavior via Ordered Sequential Pattern Mining,” 國立台灣科技大學, 2014.
[39] H.-T. Su, “Detecting Sensitive Data Stealing on Android with System-Wide Information Flow Tracking,” 2011.
[40] “BYOD & Mobile Security Report.” [Online]. Available: http://www.slideshare.net/informationsecurity/byod-mobile-security-report. [Accessed: 15-Jul-2015].
[41] M. Ketel and T. Shumate, “Bring Your Own Device : Security Technologies,” 2015.
[42] “A Multitude of Mobile Security Issues - ESG Research - Enterprise Strategy Group.” [Online]. Available: http://www.esg-global.com/blogs/a-multitude-of-mobile-security-issues/. [Accessed: 15-Jul-2015].
[43] A. Scarfo, “New security perspectives around BYOD,” Proc. - 2012 7th Int. Conf. Broadband, Wirel. Comput. Commun. Appl. BWCCA 2012, pp. 446–451, 2012.
[44] E. McCallister, T. Grance, and K. Kent, “Guide to protecting the confidentiality of personally identifiable information (PII),” Recomm. Natl. Inst. …, pp. 1–59, 2010.
[45] P. J. Bruening and K. K. Waterman, “Data tagging for new information governance models,” IEEE Secur. Priv., vol. 8, no. 5, pp. 64–68, 2010.
[46] a. C. Myers and B. Liskov, “Protecting privacy using the decentralized label model,” Found. Intrusion Toler. Syst. 2003 [Organically Assur. Surviv. Inf. Syst., no. 607, 2003.
[47] D. Evans and D. M. Eyers, “Efficient data tagging for managing privacy in the Internet of Things,” Proc. - 2012 IEEE Int. Conf. Green Comput. Commun. GreenCom 2012,
Conf. Internet Things, iThings 2012 Conf. Cyber, Phys. Soc. Comput. CPSCom 2012, pp. 244–248, 2012.
[48] 李佩芸, “企業實施 BYOD 之安全政策管理平台設計與雛型實作.”
[49] M. Ongtang, S. Mclaughlin, W. Enck, and P. Mcdaniel, “Semantically rich application-centric security in Android,” Secur. Commun. Networks, vol. 5, pp. 658–673, 2012.
[50] “android - READ_LOGS permission on Jelly Bean (api 16) - Stack Overflow.” [Online]. Available: http://stackoverflow.com/questions/11461650/read-logs-permission-on-jelly-bean-api16. [Accessed: 01-Jul-2015].
[51] “Android Logging System - eLinux.org.” [Online]. Available: http://elinux.org/Android_Logging_System. [Accessed: 02-Jul-2015].
[52] “Update: Android Malware DroidDream: How it Works | Lookout Blog.” [Online]. Available: https://blog.lookout.com/blog/2011/03/02/android-malware-droiddream-how-it-works/. [Accessed: 05-Jul-2015].
[53] “What is DroidDream? A Tech Definition from Webopedia.com.” [Online]. Available: http://www.webopedia.com/TERM/D/droiddream.html. [Accessed: 05-Jul-2015].
[54] “Newswire | Nielsen Tops of 2012: Digital | Nielsen.” [Online]. Available: http://www.nielsen.com/us/en/insights/news/2012/nielsen-tops-of-2012-digital.html. [Accessed: 05-Jul-2015].
[55] “Google I/O 2012 - Ten Things Game Developers Should Know.” [Online]. Available: https://www.youtube.com/watch?feature=player_embedded&v=WDDgoxvQsrQ#t=13 69s. [Accessed: 01-Jul-2015].
[56] “Google I/O 2012 - Android Fireside Chat.” [Online]. Available: https://www.youtube.com/watch?feature=player_embedded&v=UGJbPPjANKA#t=31 03s. [Accessed: 01-Jul-2015].
[57] “Get real path from URI, Android KitKat new storage access framework - Stack Overflow.” [Online]. Available: http://stackoverflow.com/questions/20067508/get-real-path-from-uri-android-kitkat-ne w-storage-access-framework. [Accessed: 02-Jul-2015]. 94
[58] “Android Gallery on KitKat returns different Uri for Intent.ACTION_GET_CONTENT - Stack Overflow.” [Online]. Available: http://stackoverflow.com/questions/19834842/android-gallery-on-kitkat-returns-differe nt-uri-for-intent-action-get-content. [Accessed: 02-Jul-2015].
[59] “android - Get filename and path from uri from mediastore - Stack Overflow.” [Online]. Available: http://stackoverflow.com/questions/3401579/get-filename-and-path-from-uri-from-med iastore. [Accessed: 02-Jul-2015].

指導教授

陳奕明(Yi-Ming Chen)

審核日期

2015-7-27

推文