14th Annual Canadian Information Technology Security Symposium

Assigning and Enforcing Security Policies on Handheld Devices

, , , and

The proliferation of mobile handheld devices, such as Personal Digital Assistants (PDAs) andtablet computers, within the workplace is expanding rapidly. While providing productivity benefits, theability of these devices to store and transmit corporate information through both wired and wirelessnetworks poses potential risks to an organization’s security. This paper describes an approach to assigningand enforcing an organization’s security policy on handheld devices. The approach relies on the deviceholding a valid policy certificate, obtained through synchronization with a user’s desktop computer,organizational server, or other means, before conducting any security-sensitive operations. The paperdescribes a proof-of-concept implementation of the policy certificate issuing tool, policy specificationlanguage, certificate representation, and enforcement mechanisms that were used to demonstrate thisapproach, and discusses the associated benefits and drawbacks

UMBC ebiquity