摘要
首先介绍了开放融合环境下的"无边界非受控"的新特点,分析了其新增攻击面,并从安全性和易用性2方面提出了多个评估角度:边界的隔离强度、内部安全机制的有效性、管控粒度及易用性.之后将现有的移动端数据管控方案归纳为两大类场景:个人设备(bring your own device,BYOD)场景和专用终端(corporation owned private enabled,COPE)场景.其中,BYOD场景的方案按照虚拟化隔离技术分为4类:应用沙箱、多用户,容器,虚拟机,COPE场景的方案又分为通用操作系统和专业操作系统2类.最后对这6类移动端数据管控方案进行了横向对比.应用沙箱隔离强度最低、安全性最低,但最容易部署实现,专用操作系统专用终端研制部署成本最高,易用性略差,但安全性也最高.
The paper first introduces the new features of mobile office environment: boundaryless and uncontrollable. Then,several perspectives are proposed to evaluate current mobile security solutions, which include insolation strength, effectiveness of internal security mechanism, control granularity and usability. Current mobile security solutions are classified to 2 categories: BYOD and COPE. In the BYOD scenario,there are 4 types of solutions according to the virtualization technology: application sandbox,multi-account,container,and virtual machine. In the COPE scenario,it is classified to 2 types by the operating system: general operating system and customized operating system. Finally,these 6 types of solutions are compared systematically.Among these solutions,application sandbox has the lowest isolation strength and the lowest security,but has the highest usability and could be deployed with low cost. COPEwith customized OS has the highest RD cost,sacrifices some usability, but has the highest security performance.
作者
邹仕洪
卜东超
孙国峰
赵春雷
Zou Shihong;Bu Dongchao;Sun Guofeng;and Zhao Chunlei(School Of CyberSpace Security,Beijng University of Posts & Telecommunications,Beijng 100876;Beijing Yuanxin Technology,Co.Ltd.,Beijng 100013)
出处
《信息安全研究》
2018年第8期704-710,共7页
Journal of Information Security Research
基金
2018网络空间安全重点专项(2018YFB0803600)
关键词
开放融合
移动安全
数据管控
虚拟化
操作系统
open fusion
open and integrated
mobile
security
data management
virtualization
operating system
