Ecole d'ingénieur et centre de recherche en télécommunications

Secure mobile business applications - Framework, architecture, and implementation

Walter, Thomas;Bussard, Laurent;Roudier, Yves;Haller, Jochen;Kilian-Kehr, Roger;Posegga, Joachim;Robinson, Philip

Information Security Technical Report, Volume 9, Issue 4, special issue on Mobile Security, 2004

Emerging mobile technologies such as PDAs, laptops and smart phones together with wireless networking technologies such as WLAN and UMTS promise to empower mobile employees to become better integrated into their companies' business processes. However, the actual uptake of these technologies is still to come; one hindrance is security of mobile devices and applications. In this contribution we present an indepth analysis of the current situation enterprises are faced with in the mobile arena, both from a security and a management perspective. We argue that the currently predominant model of perimeter security will not scale for future mobile business applications that will require appropriate application-level security mechanisms to be in place. We present a framework offering solutions for the development of secure mobile business applications that takes into account the need for strong security credentials, e.g. based on smart cards. This framework consists of software and abstractions that allow for the separation of the core business logic from the security logic in applications. Security management instruments in the form of enforceable enterprise policies are defined which target the security and trust-related deployment and configuration of mobile devices and business applications. The presented architecture is open, in the sense that the actual mobile business application can span over heterogeneous client devices, forming a so-called federation.

Document Doi Bibtex

Département:Réseaux et Sécurité
Eurecom ref:1751
Copyright: © Elsevier. Personal use of this material is permitted. The definitive version of this paper was published in Information Security Technical Report, Volume 9, Issue 4, special issue on Mobile Security, 2004 and is available at :
Bibtex: @article{EURECOM+1751, doi = {}, year = {2004}, month = {12}, title = {{S}ecure mobile business applications - {F}ramework, architecture, and implementation}, author = {{W}alter, {T}homas and {B}ussard, {L}aurent and {R}oudier, {Y}ves and {H}aller, {J}ochen and {K}ilian-{K}ehr, {R}oger and {P}osegga, {J}oachim and {R}obinson, {P}hilip}, journal = {{I}nformation {S}ecurity {T}echnical {R}eport, {V}olume 9, {I}ssue 4, special issue on {M}obile {S}ecurity, 2004}, url = {} }
Voir aussi: