This important report has been professionally converted for accurate flowing-text e-book format reproduction. The Navy has seen a significant increase in the presence of mobile and smart devices on its units due to advancements in technology and younger sailors' desire to be connected at all times. These devices create security threats due to their easily concealable size and their host of connectivity and image related features. The insider threat (intentional or not) now includes the ability to take photos, record conversations, share data wirelessly, and communicate official use and classified information, all more easily than ever before.
Current enterprise solutions and associated policy does not address managing personal devices. In fact, management of personal devices is currently outside the Department of Defense (DOD) effort to control Personal Electronic Devices (PED) since the organization does not own the device and therefore has no way to mandate what must or must not be installed on them. The current path to a bring your own device (BYOD) policy is unclear. Security vulnerabilities with these devices have not been addressed in a uniform matter in policy or in practice. It is with these statements in mind that we address how to take the first steps in developing feasible management of personal devices on naval units and potentially throughout the DOD.
In this study, we provide a thorough evaluation of National Institute for Standards and Technology, Defense Information Systems Agency, and DOD publications to provide a starting point for adapting current policy and to guide the development of our application. We then examine the feasibility of implementable software application solutions to hardware features that pose a threat to security. Specific research addresses why each hardware feature on a mobile device is a security concern, how it is controlled inside the Android Studio API, and how we utilize these controls to lockdown and then unlock said hardware features through a simple proof of concept Android application. Finally, we provide examples of how future work can grow our application into a security-manager controlled program to secure devices and find a path toward making BYOD a reality.
Current enterprise solutions and associated policy does not address managing personal devices. In fact, management of personal devices is currently outside the Department of Defense (DOD) effort to control Personal Electronic Devices (PED) since the organization does not own the device and therefore has no way to mandate what must or must not be installed on them. The current path to a bring your own device (BYOD) policy is unclear. Security vulnerabilities with these devices have not been addressed in a uniform matter in policy or in practice. It is with these statements in mind that we address how to take the first steps in developing feasible management of personal devices on naval units and potentially throughout the DOD.
In this study, we provide a thorough evaluation of National Institute for Standards and Technology, Defense Information Systems Agency, and DOD publications to provide a starting point for adapting current policy and to guide the development of our application. We then examine the feasibility of implementable software application solutions to hardware features that pose a threat to security. Specific research addresses why each hardware feature on a mobile device is a security concern, how it is controlled inside the Android Studio API, and how we utilize these controls to lockdown and then unlock said hardware features through a simple proof of concept Android application. Finally, we provide examples of how future work can grow our application into a security-manager controlled program to secure devices and find a path toward making BYOD a reality.
