Modern mobile platforms deal with data and applications provided by multiple stakeholders (e.g., front-end applications for remote subscriber services, on-board credentials, locally stored data and contents), besides user’s personal information and resources. Applications, their assigned resources and data (workloads) are thought to be isolated from each other, though occasionally are requested to share some information both communicating directly and through common standalone services provided by the device OS. However, ensuring an adequate level of workloads isolation while allowing flexible data sharing and application interoperability is probably one of hardest challenges to the design of mobile platforms architectures and operating systems.
This is particularly true in those architectures supporting the “Bring Your Own Device” (BYOD) paradigm within enterprise applications, where applications and data belonging to the device owner (the employee), third party service providers and the owner’s employer, must coexist. Such a coexistence raises serious security threads but, at the same time, offers plenty of opportunities to take advantage of application interoperability.
This special issue is dedicated to such a twofold challenge raised by BYOD-enabling architectures.
On one hand, the aim is to bring together new ideas in the design of mobile platforms able to ensure the security and trustworthiness of applications during their whole lifecycle (including deployment and updates), and featuring secure and flexible communication and interoperability among applications.
On the other hand, the ambition of this initiative is to gain a comprehensive vision of the current proposals concerning the definition and enforcement of access control mechanisms within mobile devices, paying particular attention to policies driven on inherently “mobile” factors such as geo-location, time and environmental events.
Particular interest is devoted to the security aspects of integration of mobile operators’ devices with corporate’s mission critical assets for the sake of control, diagnostics and maintenance. Enabling operators to connect their own devices to corporate’s industrial equipment (e.g., production machinery, controllers, sensors and embedded systems at large) might pose serious threats to the confidentiality and reliability of the industrial processes.
Suitable topics include, but are not limited, to the following:
- Security of applications distribution, deployment and updates
- Trusted Execution Environments
- Security architectures for embedded and mobile systems
- Enterprise Rights Management (ERM) infrastructures
- Securing BYOD-enabling infrastructures: models and study cases
- Security of cloud-based and mobile storage facilities
- Hardware security of mobile and embedded devices
- Privacy-aware access control
- Temporal, Geographical and event-driven access control
- Secure application interoperation in multi-domain environments
- Internet of Things and M2M security
- Prevention and detection of mobile malware
- Enhanced user authentication mechanisms and protocols
Manuscripts due by: 20 September, 2017
Notification to authors: 30 November, 2017
Final versions due by: 28 February, 2018