Previous [ 1] [ 2] [ 3] [ 4] [ 5] [ 6] [ 7] [ 8] [ 9] [ 10] [ 11] [ 12] [ 13] [ 14] [ 15] [ 16] [ 17] [ 18] [ 19]

@

Journal of Information Science and Engineering, Vol. 25 No. 6, pp. 1921-1937 (November 2009)

Preventing Information Leakage in Mobile Applications with Object-Oriented Access Control Lists and Security Monitor Encapsulation

SHIOW-YANG WU AND SHIH-CHIEN CHOU
Department of Computer Science and Information Engineering
National Dong Hwa University
Hualien, 974 Taiwan

We propose a model and associated algorithms for information flow control to prevent information leakage in mobile computing environments. The model employs access control lists and encapsulated security monitors under a fully object-oriented framework. We show that our model prevents unauthorized direct access to sensitive information from a mobile user to the server, as well as any attempt on indirect access through intermediate entities. To understand the feasibility of our model, we suggest an event-driven approach and efficient implementation for the realization of the model. A Java-based preliminary implementation and performance evaluation results demonstrate that our model can successfully prevent information leakage with very low overhead.

Keywords: mobile data access, information flow control, access control lists, encapsulated security monitor, information leakage

Full Text () Retrieve PDF document (200911_16.pdf)

Received November 26, 2007; revised March 25 & May 14, 2008; accepted June 12, 2008.
Communicated by Tzong-Chen Wu.