JISE Vol.25 No.6#16

[ 1]

[ 2]

[ 3]

[ 4]

[ 5]

[ 6]

[ 7]

[ 8]

[ 9]

[ 10]

[ 11]

[ 12]

[ 13]

[ 14]

[ 15]

[ 16]

[ 17]

[ 18]

[ 19]

Journal of Information Science and Engineering, Vol. 25 No. 6, pp. 1921-1937 (November 2009)

Preventing Information Leakage in Mobile Applications with Object-Oriented Access Control Lists and Security Monitor Encapsulation

SHIOW-YANG WU AND SHIH-CHIEN CHOU
Department of Computer Science and Information Engineering
National Dong Hwa University
Hualien, 974 Taiwan

We propose a model and associated algorithms for information flow control to prevent information leakage in mobile computing environments. The model employs access control lists and encapsulated security monitors under a fully object-oriented framework. We show that our model prevents unauthorized direct access to sensitive information from a mobile user to the server, as well as any attempt on indirect access through intermediate entities. To understand the feasibility of our model, we suggest an event-driven approach and efficient implementation for the realization of the model. A Java-based preliminary implementation and performance evaluation results demonstrate that our model can successfully prevent information leakage with very low overhead.

Keywords: mobile data access, information flow control, access control lists, encapsulated security monitor, information leakage

Retrieve PDF document (200911_16.pdf)

Received November 26, 2007; revised March 25 & May 14, 2008; accepted June 12, 2008.
Communicated by Tzong-Chen Wu.