Abstract
The mobility of the user and information is a factor that should be taken into account during the design and development of mechanisms protecting the sensitive stored, exchanged and processed information on mobile devices. This paper discusses the security profiles for the user and dispatcher subsystems protecting sensitive information on the mobile device called MobInfoSec. MobInfoSec is a system providing users with secure sensitive documents by using the specialized class SP cryptographic module, which protects directly the trusted system components through implementing ORCON access control rules. Protection Profile defines the security functional requirements for MobInfoSec system executing the encryption/decryption of documents based on addressed access policies. The article includes a general description of MobInfoSec system, including assets, assumptions, threats, policies and functional requirements necessary for the evaluation of security functions developed in accordance with requirements of the standard ISO/IEC 15408 (called the Common Criteria).
Chapter PDF
Similar content being viewed by others
Keywords
References
Chen, Y.-Y., Lee, R.B.: Hardware-Assisted Application-Level Access Control. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds.) ISC 2009. LNCS, vol. 5735, pp. 363–378. Springer, Heidelberg (2009)
Hyla, T., Pejaś, J., El Fray, I., Maćków, W., Chocianowicz, W.: Sensitive Information Protection on Mobile Devices Using General Access Structures. In: ICONS-IARIA, pp. 192–196 (2014)
Pejaś, J., Hyla, T., Kryński, J.: ORCON access control monitored by the initiator: theoretical and practical implementation method. In: National Conference on Cybercrime and Information Security, Warsaw, Poland, 21 pages (2012)
Protection of sensitive information, Polish Act of 5 August 2010, Dz.U. 2010 nr 182 position 1228
Hołyst, B., Pomykała, J.: Cybercrime, information security and cryptology. Prosecution and Law, 30 (2011)
Bishop, M.: Computer Security: Art and Science. Addison Wesley (2002)
Shamir, A.: How to share a secret. Communication of the ACM 22, 612–613 (1979)
Blakley, G.R.: Safeguarding cryptographic keys. In: AFIPS, pp. 313–317 (1979)
Benaloh, J., Leichter, J.: Generalized secret sharing and monotone functions. In: Goldwasser, S. (ed.) Advances in Cryptology - CRYPTO 1988. LNCS, vol. 403, pp. 27–35. Springer, Heidelberg (1990)
Tassa, T.: Hierarchical threshold secret sharing. Journal of Cryptology 20, 237–264 (2007)
Nakielski, B., Pomykała, J.: Simple dynamic threshold decryption based on CRT and RSA. Journal of Telecommunications and Information Technology 2, 70–73 (2009)
ISO/IEC 15408, Information technology — Security techniques — Evaluation criteria for IT security, Part 1: Introduction and general model (2012)
ISO/IEC 15408, Information technology — Security techniques — Evaluation criteria for IT security, Part 2: Security functional requirements (2012)
ISO/IEC 15408, Information technology — Security techniques — Evaluation criteria for IT security, Common Methodology for Information Technology Security Evaluation (2012)
Fortinet’s FortiGuard Labs, Reveals Newest of mobile Malware Trends in Latest Threat Report, http://www.fortinet.com/resource_center/whitepapers/threat-landscape-report-2014.html
F-Secure, Mobile threat report, http://www.f-secure.com/static/doc/labs_global/Research/Mobile_Threat_Report_Q3_2013.pdf
El Fray, I.: Method of determining the trust in the information system based on the process of assessing and treating risk, monograph Informatics, West Pomeranian University of Technology of Szczecin (2013)
El Fray, I.: About some application of risk analysis and evaluation. Kluwer International Series in Engineering and Computer Science 752, 283–292 (2003)
Protection Profile for Mobile Device Fundamentals, NIAP (2013)
Protection Profile for Mobile Device Management, NIAP (2013)
Protection Profile for Network Devices, NIAP (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 IFIP International Federation for Information Processing
About this paper
Cite this paper
El Fray, I., Hyla, T., Chocianowicz, W. (2014). Protection Profile for Secure Sensitive Information System on Mobile Devices. In: Saeed, K., Snášel, V. (eds) Computer Information Systems and Industrial Management. CISIM 2015. Lecture Notes in Computer Science, vol 8838. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-45237-0_58
Download citation
DOI: https://doi.org/10.1007/978-3-662-45237-0_58
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-45236-3
Online ISBN: 978-3-662-45237-0
eBook Packages: Computer ScienceComputer Science (R0)