Naval Postgraduate School
Rapidly deployable mobile security solution
16Mar_Dorney_Miller.pdf (19.57Mb)Abstract
The Navy has seen a significant increase in the presence of mobile and smart devices on its units due to advancements in technology and younger sailors’ desire to be connected at all times. These devices create security threats due to their easily concealable size and their host of connectivity and image related features. The insider threat (intentional or not) now includes the ability to take photos, record conversations, share data wirelessly, and communicate official use and classified information, all more easily than ever before. Current enterprise solutions and associated policy does not address managing personal devices. In fact, management of personal devices is currently outside the Department of Defense (DOD) effort to control Personal Electronic Devices (PED) since the organization does not own the device and therefore has no way to mandate what must or must not be installed on them. The current path to a bring your own device (BYOD) policy is unclear. Security vulnerabilities with these devices have not been addressed in a uniform matter in policy or in practice. It is with these statements in mind that we address how to take the first steps in developing feasible management of personal devices on naval units and potentially throughout the DOD. In this thesis, we provide a thorough evaluation of National Institute for Standards and Technology, Defense Information Systems Agency, and DOD publications to provide a starting point for adapting current policy and to guide the development of our application. We then examine the feasibility of implementable software application solutions to hardware features that pose a threat to security. Specific research addresses why each hardware feature on a mobile device is a security concern, how it is controlled inside the Android Studio API, and how we utilize these controls to lockdown and then unlock said hardware features through a simple proof of concept Android application. Finally, we provide examples of how future work can grow our application into a security-manager controlled program to secure devices and find a path toward making BYOD a reality.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.Related items
Showing items related by title, author, creator and subject.
-
Security concerns in accessing Naval e-Learning with personal mobile devices
(2014-12);The purpose of this study was to investigate the feasibility of using personal mobile devices for Naval e-Learning (NeL). Another objective was to find out which mobile device and which method of authentication offers the ... -
SECURITY ISSUES AND RESULTING SECURITY POLICIES FOR MOBILE DEVICES
(Monterey, California. Naval Postgraduate School, 2013-03);Mobile devices, given their promise of mobility with rich functionality, are being deployed with broadening use cases throughout the United States Department of Defense. All the while, massive quantities of information are ... -
Achieving Better Buying Power for Mobile Open Architecture Software Systems through Diverse Acquisition Scenarios
(Monterey, California. Naval Postgraduate School, 2017-05); UCI-AM-17-041This research seeks to identify, track, and analyze software component costs and cost reduction opportunities within diverse acquisition life cycle scenarios for open architecture systems accommodating Web-based and mobile ...
