Smartphones host operating systems that are on a par with modern desktop environments. For example, Google Android is a mobile operating system that is based upon a modified version of the Linux OS. Notwithstanding traditional threats to mobile phones, threats to desktop environments are also applicable to smartphones. Management of security configurations for the end-user has, to date, been complex and error-prone. As a consequence, misconfiguration of and/or a poor understanding of a security configuration may unnecessarily expose a smartphone to known threats. In this paper, a threat-based model for smartphone security configuration is presented. To evaluate the approach, a prototype smartphone security agent that automatically manages security configurations on behalf of the end-user is developed. A case study based on firewall access control demonstrates how automated security configuration recommendations can be made based on catalogues of countermeasures. These countermeasures are drawn from best-practice standards such as NIST 800-124, a guideline on cell phone and PDA security and NIST 800-41-rev1, a guideline on firewall security configuration. © 2013 Springer-Verlag.
CITATION STYLE
Fitzgerald, W. M., Neville, U., & Foley, S. N. (2013). Automated smartphone security configuration. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7731 LNCS, pp. 227–242). https://doi.org/10.1007/978-3-642-35890-6_17
Mendeley helps you to discover research relevant for your work.