Topic Lecture Name
Student Skype Name
Student Mobile No.
Security in Mobile Devices
Propose and Test a Threat Modelling Methodology for a Mobile Device Management System (for Smart Business)
Keywords for this Topic
Mobile device management system · Threat modelling · Security requirement · Smartphone · Tablet PC
Theoretical and Survey
Background Information and Current Solution
Recently, the use of smart phones and tablet PCs in business has increased as a result of their mobility, but the spread of mobile devices increases the risk of information leakage from their loss or misuse. Therefore, many enterprises are adopting mobile device management (MDM) systems to enhance the security of both company- and employee-owned mobile devices.
Enterprises are developing and adopting mobile device management systems. However, if a mobile device management system is exploited, mobile devices and the data they contain will be compromised.
The identification of threat agents, assets, and adverse actions that exploit vulnerabilities is the key to defining a threat.
Threat modelling process consists of the following steps: (1) characterization of the system and analysis of the technical background; (2) identification of assets; and (3) definition of threats.
The problem in the current /existing solutions
The developers do not consider all possible threats against an MDM system. That led to not provide sufficient security to prevent all threats and could compromise the mobile devices (Smartphone, tablets, ... etc).
Important of solving this problem
it is important to perform extensive threat modeling to develop realistic and meaningful security requirements and functionalities.
The Main Objectives of this research
To enhance the security of mobile devices
What are the Main Factors in this Work
Collect all internal and external security factors through doing you the literature review.
Collect the three groups of SECURITY STANDARDS:
1. Organizational Administrative : ( 1.1. Workforce Security , 1.2. Information Access Management, 1.3. Security Awareness & Training , 1.4. Security Incident Procedures , 1.5. Contingency Plan , 1.6. Evaluation , 1.7. Business Associate Contracts & Other Arrangement, ... etc).
2. Physical : (2.1. Facility Access Controls , 2.2. Workstation Use, 2.3. Workstation Security, 2.4. Device & Media Controls, ... etc)
3. Technical: ( 3.1. Access Control , 3.2. Audit Controls, 3.3. Integrity , 3.4. Person or Entity Authentication, 3.5. Transmission Security, ... etc ).
The questions need to be addressed in this research
RQ1: What Threat Modelling Methodologies are available for Mobile devices (for smart business)?. characterization of the system and analysis of the technical background - identification of threat agents - identification of assets and their values - identification of vulnerabilities and adverse actions - definition of threats.
RQ2. What approach or technique is used in Mobile Device Management System? .
RQ3. At which the stages in the Mobile Device Management System in which the approaches or techniques are emphasized
RQ4. Security approaches are mechanism or procedures that are integrated during the development of a Mobile Device Management System using some systematic and well defined methods. What security problems are the approach or technique solving?
RQ5. What security tool or mechanism is used to determine the threats or vulnerabilities?. Means; What are the tools and mechanism used to detect vulnerabilities?
Main: What is the most appropriate Threat Modelling Methodology that gives meaningful confidence in mitigating security vulnerabilities in the Mobile Device Management System (Smart business)?
Guidelines to work on this project
(The Process of this Work STEP BY STEP)
provides a detailed understanding of an MDM system - identifies the threat components— threat agents, assets, and adverse actions. Based on these components - defines all possible threats to an MDM system.
1. Do Literature review to answer all 5 above questions.
2. Analyse each solution based on different factors. Present all possible threats against a mobile device management system by analysing and identifying threat agents, assets, and adverse actions. This work will be used for developing security requirements such as a protection profile and design a secure system defines all possible threats
3. Select the best solution from your collection, and find what is the limitation of it
4. Find the compatibilities among all collected solutions.
5. Propose New solution
6. Justify the proposed model by conduct survey.
7. Analyse the survey data, and proposed enhanced solution based on analysis result
Proposed Universal Threat Modelling Methodology
Threat modelling of a mobile device management system for secure smart work
Sample of survey in organization: