SECURITY ISSUES AND RESULTING SECURITY POLICIES FOR MOBILE DEVICES

Abstract

Mobile devices, given their promise of mobility with rich functionality, are being deployed with broadening use cases throughout the United States Department of Defense. All the while, massive quantities of information are stored and accessed by these devices without there being a comprehensive and specialized security policy dedicated to protecting that information. The importance of having a security policy grows as these devices start providing new capabilities and replacing many information systems we currently have deployed. Since the same device will be used in many different contexts, each with potentially different security policies, the devices will have to be able to adapt to those contexts. The security policy(ies) enforced by the device will have to adapt accordingly. We investigate potential mobile computing security policies to balance this request for context aware functionality with the information assurance required of these government devices. We investigate the security issues raised in the use of these devices and provide example security policies that address some of these issues.