ESARA: A Framework for Enterprise Smartphone Apps Risk Assessment

Majid Hatamian, Sebastian Pape, Kai Rannenberg

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1 Citation (Scopus)

Abstract

Protecting enterprise’s confidential data and infrastructure against adversaries and unauthorized accesses has been always challenging. This gets even more critical when it comes to smartphones due to their mobile nature which enables them to have access to a wide range of sensitive information that can be misused. The crucial questions here are: How the employees can make sure the smartphone apps that they use are trustworthy? How can the enterprises check and validate the trustworthiness of apps being used within the enterprise network? What about the security and privacy aspects? Are the confidential information such as passwords, important documents, etc. are treated safely? Are the employees’ installed apps monitoring/spying the enterprise environment? To answer these questions, we propose Enterprise Smartphone Apps Risk Assessment (ESARA) as a novel framework to support and enable enterprises to analyze and quantify the potential privacy and security risks associated with their employees’ installed apps. Given an app, ESARA first conducts various analyses to characterize its vulnerabilities. Afterwards, it examines the app’s behavior and overall privacy and security perceptions associated with it by applying natural language processing and machine learning techniques. The experimental results using app behavior and perception analyses indicate that: (1) ESARA is able to examine apps’ behavior for potential invasive activities; and (2) the analyzed privacy and security perceptions by ESARA usually reveal interesting information corresponding to apps’ behavior achieved with high accuracy.
Original languageEnglish
Title of host publicationICT Systems Security and Privacy Protection
Subtitle of host publication34th IFIP TC 11 International Conference, SEC 2019, Lisbon, Portugal, June 25-27, 2019, Proceedings
EditorsGurpreet Dhillon, Fredrik Karlsson, Karin Hedstrom, André Zúquete
Place of PublicationCham, Switzerland
PublisherSpringer
Pages165-179
Number of pages15
Edition1
ISBN (Electronic)9783030223120
ISBN (Print)9783030223113, 9783030223144
DOIs
Publication statusPublished - 2019
Externally publishedYes
EventInternational Conference on ICT Systems Security and Privacy Protection - Lisbon, Portugal
Duration: 25 Jun 2019 → …
Conference number: 34
https://www.ifipsec.org/2019/

Publication series

NameIFIP Advances in Information and Communication Technology
PublisherSpringer
Volume562
ISSN (Print)1868-4238
ISSN (Electronic)1868-4238

Conference

ConferenceInternational Conference on ICT Systems Security and Privacy Protection
Abbreviated titleSEC 2019
CountryPortugal
CityLisbon
Period25/06/19 → …
Internet address

Fingerprint

Dive into the research topics of 'ESARA: A Framework for Enterprise Smartphone Apps Risk Assessment'. Together they form a unique fingerprint.

Cite this