FBYOD: A Fuzzy Logic-based System for Safe BYOD Adoption

  IJCOT-book-cover
 
International Journal of Computer & Organization Trends  (IJCOT)          
 
© 2019 by IJCOT Journal
Volume - 9 Issue - 4
Year of Publication : 2019
AuthorsPaulo Roberto Uhlig, LuizNacamura Junior
  10.14445/22492593/IJCOT-V9I4P307

MLA

MLA Style: Paulo Roberto Uhlig, LuizNacamura Junior"FBYOD: A Fuzzy Logic-based System for Safe BYOD Adoption" International Journal of Engineering Trends and Technology 9.4 (2019): 40-53.

APA Style: Paulo Roberto Uhlig, LuizNacamura Junior(2019). FBYOD: A Fuzzy Logic-based System for Safe BYOD Adoption International Journal of Engineering Trends and Technology, 9(4), 40-53.

Abstract

Smartphones are commonly used equipment for personal purposes and well as for work-oriented activities. There is a growing number of companies that adopt the policy of allowing their users to use their own equipment to perform personal and work activities. This policy, called Bring Your Own Device (BYOD), offers advantages such as reducing costs in the acquisition of equipment by the company, increased mobility and productivity. However, the adoption of BYOD offers risks because these devices may have customizable security configurations that are too permissive and also store highly relevant information. In this way, the customizable security settings of the smartphone’s operating system can directly impact the security of the device and as a result, data theft and financial loss can occur. Thus, the individual assessment of the security impact that each custom configuration represents together with the quantification of the data stored in the mobile device, may provide a degree of security impact that that equipment presents. In this work, an application called Fuzzy BYOD (FBYOD) is proposed. FBYOD introduces the use of fuzzy logic to assess in real time the security impact of the smartphone by automatically evaluating and recalculating any changes to the customizable security settings and the amount of user data files. As an additional feature, FBYOD enables the device to access new corporate information whose relevance is compatible with the level of risk presented by the device. This application is implemented and validated in a non-simulated corporate environment and in a scenario where mobile devices use the Android operating system. The results obtained demonstrate the effectiveness of FBYOD in promoting access to corporate information whose importance is compatible with the security impact generated by the mobile device.

References

[1] E. Sitnikova and M. Asgarkhani, "A strategic framework for managing internet security," in Fuzzy Systems and Knowledge Discovery (FSKD), 2014 11th International Conference on. IEEE, 2014, pp. 947–955.
[2] T. Oktavia, Y. Tjong, H. Prabowoet al., "Security and privacy challenge in bring your own device environment: A systematic literature review," in Information Management and Technology (ICIMTech), International Conference on. IEEE, 2016, pp. 194–199.
[3] A. B. Garba, J. Armarego, D. Murray, and W. Kenworthy, "Review of the information security and privacy challenges in bring your own device (byod) environments," Journal of Information privacy and security, vol. 11, no. 1, pp. 38–54, 2015.
[4] D. A. Vecchiato, "Benchmarking user-defined security configurations of android devices," Ph.D. dissertation, Unicamp - UniversidadeEstadual de Campinas, Campinas - Brazil, 2016.
[5] M. Lazar, "Byod statistics provide snapshot of future," https://bit.ly/2Ccjw5l/, 2017, accessed 12/13/2018.
[6] R. Ko, A. Tan, and T. Gao, "A mantrap-inspired, user-centric data leakage prevention (dlp) approach," in Cloud Computing Technology and Science (CloudCom), 2014 IEEE 6th International Conference on. IEEE, Dec 2014.
[7] Symantec, "Internet security threat report - istr," Symantec Corporation, techreport 22, Apr. 2017. [Online]. Available: https://www.symantec.com/content/dam/symantec/docs/reports/istr-22-2017-en.pdf
[8] A. P. Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner, "A survey of mobile malware in the wild," in Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices. ACM, 2011, pp. 3–14.
[9] Y. Zhou and X. Jiang, "Dissecting android malware: Characterization and evolution," in Security and Privacy (SP), 2012 IEEE Symposium on. IEEE, 2012, pp. 95–109.
[10] L. Page, "The trade offs for bring your own devices," IS Practices for SME Success Series, vol. 1, no. 1, 2013.
[11] E. Kritzinger and S. H. von Solms, "Cyber security for home users: A new way of protection through awareness enforcement," Computers & Security, vol. 29, no. 8, pp. 840–847, 2010.
[12] M. Becher, F. C. Freiling, J. Hoffmann, T. Holz, S. Uellenbeck, and C. Wolf, "Mobile security catching up? revealing the nuts and bolts of the security of mobile devices," in Security and Privacy (SP), 2011 IEEE Symposium on. IEEE, 2011, pp. 96–111.
[13] W. Jeon, J. Kim, Y. Lee, and D. Won, "A practical analysis of smartphone security," in Symposium on Human Interface. Springer, 2011, pp. 311–320.
[14] W. V. Maconachy, C. D. Schou, D. Ragsdale, and D. Welch, "A model for information assurance: An integrated approach," in Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, vol. 310. United States Military Academy, West Point. IEEE, 2001.
[15] R. S. Ross and M. M. Swanson, "Standards for security categorization of federal information and information systems," NIST, techreport NIST FIPS 199, Feb 2004. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.199.pdf
[16] G.-l. Shao, X.-s. Chen, X.-y. Yin, and X.-m. Ye, "A fuzzy detection approach toward different speed port scan attacks based on dempstershafer evidence theory," Security and Communication Networks, vol. 9 , no. 15, pp. 2627–2640, 2016, sCN-14-0841.R1. [Online]. Available: http://dx.doi.org/10.1002/sec.1508
[17] H. Fatima, G. N. Dash, and S. K. Pradhan, "Soft computing applications in cyber crimes," in 2017 2nd International Conference on Anti-Cyber Crimes (ICACC), March 2017, pp. 66–69.
[18] L. A. Zadeh, "Fuzzy sets," in Fuzzy Sets, Fuzzy Logic, And Fuzzy Systems: Selected Papers by Lotfi A Zadeh. World Scientific, 1996 , pp. 394–432.
[19] W. Yunwu, "Using fuzzy expert system based on genetic algorithms for intrusion detection system," in 2009 International Forum on Information Technology and Applications, vol. 2, May 2009, pp. 221–224.
[20] A. Almutairi, D. Parish, and J. Flint, "Predicting multi-stage attacks based on ip information," in 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST), Dec 2015, pp. 384–390.
[21] G. P. Rout and S. N. Mohanty, "A hybrid approach for network intrusion detection," in 2015 Fifth International Conference on Communication Systems and Network Technologies, April 2015, pp. 614–617.
[22] N. Naik, "Fuzzy inference based intrusion detection system: Fi-snort," in Computer and Information Technology; Ubiquitous Computing andCommunications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), 2015 IEEE International Conference on. IEEE, 2015, pp. 2062–2067.
[23] N. Zahadat, P. Blessner, T. Blackburn, and B. A. Olson, "Byod security engineering: A framework and its analysis," Computers & Security, vol. 55, pp. 81–99, 2015.
[24] A. Armando, G. Costa, A. Merlo, L. Verderame, and K. Wrona, "Developing a natobyod security policy," in Military Communications and Information Systems (ICMCIS), 2016 International Conference on. IEEE, 2016, pp. 1 – 6.
[25] CIS, ―Security benchmarks,‖ https://www.cisecurity.org, 2018, accessed 04/30/2018.
[26] I. Muslukhov, Y. Boshmaf, C. Kuo, J. Lester, and K. Beznosov, "Understanding users’ requirements for data protection in smartphones," in Data Engineering Workshops (ICDEW), 2012 IEEE 28th International Conference on. IEEE, 2012, pp. 228–235.
[27] N. Ben-Asher, N. Kirschnick, H. Sieger, J. Meyer, A. Ben-Oved, and S. Moller,¨ "On the need for different security methods on mobile phones," in Proceedings of the 13th International Conference on Human Computer Interaction with Mobile Devices and Services. ACM, 2011, pp. 465–473.
[28] F. Yao, S. Y. Yerima, B. Kang, and S. Sezer, "Fuzzy logic-based implicit authentication for mobile access control," in SAI Computing Conference (SAI), 2016. IEEE, 2016, pp. 968–975.
[29] F. Schaub, R. Deyhle, and M. Weber, "Password entry usability and shoulder surfing susceptibility on different smartphone platforms," in Proceedings of the 11th international conference on mobile and ubiquitous multimedia. ACM, 2012, p. 13.
[30] G. Kambourakis, D. Damopoulos, D. Papamartzivanos, and E. Pavlidakis, "Introducing touchstroke: keystroke-based authentication system for smartphones," Security and Communication Networks, vol. 9, no. 6, pp. 542–554, 2016.
[31] MITRE, "Cve - common vulnerabilities and exposures," https://cve.mitre.org, 2018, accessed 05/01/2018.
[32] H. Zhang, D. She, and Z. Qian, "Android root and its providers: A double-edged sword," in Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. ACM, 2015, pp. 1093–1104.
[33] Y. Shao, X. Luo, and C. Qian, "Rootguard: Protecting rooted android phones," Computer, vol. 47, no. 6, pp. 32–40, 2014.
[34] P. R. Uhlig, "Fuzzy byod - fbyod," play.google.com/store/apps/details?id=mestrado.dissertacao.com.fbyod, 2018.
[35] Google, "Developers – Android Studio" https://developer.android.com/studio, 2018, accessed: 09/23/2018
[36] __, "Google play store," https://play.google.com/store, 2018, accessed 14/11/2018.
[37] __, "Android developer," https://developer.android.com/, 2018, accessed 08/01/2018.
[38] "Stackoverflow," https://stackoverflow.com/,2018, accessed: 08/07/2018.
[39] Rada-Vilela, "fuzzylite: a fuzzy logic control library," 2017. [Online]. Available: http://fuzzylite.com
[40] "Matlab2019," https://www.mathworks.com/products/matlab.html, 2019
[41] Google, "Google firebase realtime database,‖ 2018. [Online]. Available: https://firebase.google.com
[42] __, "Google firebase administration console," 2018. [Online]. Available: https://console.firebase.google.com
[43] __, "Google firebase storage," 2018. [Online]. Available: https://firebase.google.com

Keywords
BYOD, custom configuration, data theft, fuzzy