Enforcing Enterprise Mobile Application Security Policy with Plugin Framework

Abstract

The prevalent use of mobile applications in enterprise computing requires more stringent yet flexible enforcement of security policies on the mobile devices. Existing enforcement mechanisms such as mobile device management system focus on the management of device features and cannot cover the diverse security policies of enterprise applications precisely. We address the challenge by proposing a novel security policy enforcement system based on Plugin framework. The system provides fine-grained security policy enforcement at each library call site in an application. With root privilege (targeting company-owned devices), fine-grained enforcement can be applied to any application. Without root privilege (targeting BYOD devices), fine-grained enforcement can be applied to the applications installed via the enforcement system.