UMBC ebiquity

Assigning and Enforcing Security Policies on Handheld Devices

Authors: Wayne Jensen, Tom Karygiannis, Serban Gavrila, and Vladimir Korolev

Book Title: 14th Annual Canadian Information Technology Security Symposium

Date: May 30, 2002

Abstract: The proliferation of mobile handheld devices, such as Personal Digital Assistants (PDAs) andtablet computers, within the workplace is expanding rapidly. While providing productivity benefits, theability of these devices to store and transmit corporate information through both wired and wirelessnetworks poses potential risks to an organization’s security. This paper describes an approach to assigningand enforcing an organization’s security policy on handheld devices. The approach relies on the deviceholding a valid policy certificate, obtained through synchronization with a user’s desktop computer,organizational server, or other means, before conducting any security-sensitive operations. The paperdescribes a proof-of-concept implementation of the policy certificate issuing tool, policy specificationlanguage, certificate representation, and enforcement mechanisms that were used to demonstrate thisapproach, and discusses the associated benefits and drawbacks

Type: InProceedings

Tags: trust management, handheld devices, digital certificate, security policy

Google Scholar: search