Conference paper Open Access

ESARA: A Framework for Enterprise Smartphone Apps Risk Assessment

Hatamian, Majid; Pape, Sebastian; Rannenberg, Kai


JSON-LD (schema.org) Export

{
  "inLanguage": {
    "alternateName": "eng", 
    "@type": "Language", 
    "name": "English"
  }, 
  "description": "<p>Protecting enterprise&rsquo;s confidential data and infrastructure against adversaries and unauthorized accesses has been always challenging. This gets even more critical when it comes to smartphones due to their mobile nature which enables them to have access to a wide range of sensitive information that can be misused. The crucial questions here are: How the employees can make sure the smartphone apps that they use are trustworthy? How can the enterprises check and validate the trustworthiness of apps being used within the enterprise network? What about the security and privacy aspects? Are the confidential information such as passwords, important documents, etc. are treated safely? Are the employees&rsquo; installed apps monitoring/spying the enterprise environment? To answer these questions, we propose Enterprise Smartphone Apps Risk Assessment (ESARA) as a novel framework to support and enable enterprises to analyze and quantify the potential privacy and security risks associated with their employees&rsquo; installed apps. Given an app, ESARA first conducts various analyses to characterize its vulnerabilities. Afterwards, it examines the app&rsquo;s behavior and overall privacy and security perceptions associated with it by applying natural language processing and machine learning techniques. The experimental results using app behavior and perception analyses indicate that: (1) ESARA is able to examine apps&rsquo; behavior for potential invasive activities; and (2) the analyzed privacy and security perceptions by ESARA usually reveal interesting information corresponding to apps&rsquo; behavior achieved with high accuracy.</p>", 
  "license": "https://creativecommons.org/licenses/by/4.0/legalcode", 
  "creator": [
    {
      "affiliation": "Goethe University Frankfurt", 
      "@type": "Person", 
      "name": "Hatamian, Majid"
    }, 
    {
      "affiliation": "Goethe University Frankfurt", 
      "@type": "Person", 
      "name": "Pape, Sebastian"
    }, 
    {
      "affiliation": "Goethe University Frankfurt", 
      "@type": "Person", 
      "name": "Rannenberg, Kai"
    }
  ], 
  "headline": "ESARA: A Framework for Enterprise Smartphone Apps Risk Assessment", 
  "image": "https://zenodo.org/static/img/logos/zenodo-gradient-round.svg", 
  "datePublished": "2019-06-05", 
  "url": "https://zenodo.org/record/3248903", 
  "version": "Accepted", 
  "@type": "ScholarlyArticle", 
  "@context": "https://schema.org/", 
  "identifier": "https://doi.org/10.1007/978-3-030-22312-0_12", 
  "@id": "https://doi.org/10.1007/978-3-030-22312-0_12", 
  "workFeatured": {
    "url": "https://www.ifipsec.org/2019/", 
    "alternateName": "IFIP SEC", 
    "location": "Lisbon, Portugal", 
    "@type": "Event", 
    "name": "34th IFIP International Conference on ICT Systems Security and Privacy Protection"
  }, 
  "name": "ESARA: A Framework for Enterprise Smartphone Apps Risk Assessment"
}
75
173
views
downloads
Views 75
Downloads 173
Data volume 385.7 MB
Unique views 70
Unique downloads 167

Share

Cite as