Safety Enforcement Framework for Bring Your Own Device in Service-Oriented Architecture

在面向服务的架构中自带设备的安全执行框架

• 批准号: RGPIN-2015-04560
• 负责人: Hung, Patrick
• 金额: $ 1.31万
• 依托单位: University of Ontario Institute of Technology
• 依托单位国家: 加拿大
• 项目类别: Discovery Grants Program - Individual
• 财政年份: 2015
• 资助国家: 加拿大
• 起止时间: 2015-01-01 至 2016-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=589875
• 关键词: Safety; Enforcement; Framework; Bring; Your

Bring Your Own Device (BYOD) is an emerging application distribution model that encourages users to use their own mobile devices such as smart phones and tablet computers to access various online and mobile services in an organization, for example at work through a technical infrastructure or network, to support a workflow as long as the users agree to comply with a given safety policy in the organization. Since the services may contain sensitive information or even trade secrets of an organization, the safety policy usually specifies the security and privacy rules such as Single Sign On (SSO) and Lightweight Directory Access Protocol (LDAP) check-up of authenticity in End User Level Agreement (EULA) format as realistic regulatory measures and assessment. A Gartner report predicts over 30% of organizational BYOD strategies in the world will leverage personal applications and data in 2016 as well as half of the organizations will require employees to bring their own mobile devices for work purposes in 2017. Recently BYOD is being adopted by many traditional industries such as airline companies and even toy manufacturers around the world. From the perspective of the organization, BYOD is typically perceived as less secure and trustworthy because the organization may not be able to exercise as much control over the mobile devices as it may have over organization-issued devices. In addition, the mobile device may be used for both work related and private activities, resulting in both corporate and private data accessed and stored on that same device. From the perspective of users, there may also be concerns regarding the privacy issues of their private data while the device is interacting with the services. In Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) sets out ground rules for how private sector organizations may collect, use, or disclose personal information in the course of commercial activities. Failing to comply with these legislations may lead to civil and/or criminal penalties and/or imprisonment. Thus the organizations must comply with PIPEDA in order to enact BYOD in Canada. This proposed research program presents a technical framework of a mobile services cluster to publish, find and bind mobile services in an emerging movable and composable structure. The mobile services are based on the technical architecture of Services Oriented Architecture (SOA) and Web services. This research program focuses on the theoretical model with a technical XML-based framework for enforcing and managing a safety policy between the mobile services cluster and mobile devices from the perspective of both organizations and users in this BYOD paradigm. The built models and research results will bring a formal solution to support a secure BYOD paradigm, especially in a mobile services cluster such as Mobile Cloud Computing (MCC), for both organizations and users in Canada.

自带设备（BYOD）是一种新兴的应用分发模型，其鼓励用户使用他们自己的移动的设备（诸如智能电话和平板计算机）来访问组织中的各种在线和移动的服务，例如在工作中通过技术基础设施或网络来支持工作流，只要用户同意遵守组织中的给定安全策略。由于服务可能包含敏感信息甚至组织的商业秘密，安全策略通常以最终用户级别协议（ESTAFF）格式指定安全和隐私规则，例如单点登录（SSO）和轻量级目录访问协议（LDAP）的真实性检查，作为现实的监管措施和评估。Gartner的一份报告预测，2016年，全球超过30%的组织BYOD战略将利用个人应用程序和数据，2017年，一半的组织将要求员工携带自己的移动的设备用于工作目的。最近，BYOD正在被许多传统行业所采用，如航空公司甚至世界各地的玩具制造商。从组织的角度来看，BYOD通常被认为不太安全和不太值得信赖，因为组织可能无法对移动的设备进行与对组织发行的设备一样多的控制。此外，移动终端可用于工作相关活动和私人活动两者，从而导致公司和私人数据两者被访问并存储在同一设备上。从用户的角度来看，当设备与服务交互时，也可能存在关于其私人数据的隐私问题的担忧。在加拿大，《个人信息保护和电子文件法》（PIPEDA）规定了私营部门组织在商业活动过程中如何收集、使用或披露个人信息的基本规则。不遵守这些法律可能导致民事和/或刑事处罚和/或监禁。因此，组织必须遵守PIPEDA，以便在加拿大实施BYOD。这个建议的研究计划提出了一个技术框架的移动的服务集群发布，发现和绑定移动的服务在一个新兴的可移动和可组合的结构。移动的服务基于面向服务的体系结构（SOA）和Web服务的技术架构。本研究计划的重点是理论模型与基于XML的技术框架，从组织和用户的角度在这种BYOD模式中实施和管理移动的服务集群和移动的设备之间的安全策略。构建的模型和研究结果将为加拿大的组织和用户提供正式的解决方案，以支持安全的BYOD模式，特别是在移动的服务集群中，如移动的云计算（MCC）。