Avaliação do impacto de segurança de dispositivos móveis via abordagem fuzzy

Abstract

Smartphones and tablets are commonly used equipment for personal purposes as well as for work-oriented activities. The number of companies that adopt the policy of allowing their users to use their own equipment to carry out personal and work activities is increasing. This policy, called Bring Your Own Device (BYOD), offers advantages such as reduced costs in the acquisition of equipment by the company, increased mobility and productivity. However, the adoption of BYOD offers risks because these devices may have operating system¿s customizable configurations that are too permissive and also they may store highly relevant information. In this way, the customizable settings of the mobile device¿s operating system can directly impact on the security of the equipment and as a consequence, digital threats such as malware, data theft and financial loss might occur. In this work it is proposed the collection and evaluation of the parameters of the operating system¿s customizable configurations allied to the quantification of the data stored by the user in the mobile device. In this way, it is possible to evaluate the security impact offered by the equipment and thus, qualify it to access corporate information whose relevance is compatible with the degree of security impact presented by the device. To validate the proposal, the Fuzzy BYOD (FBYOD) application was developed. This application uses fuzzy logic as the main component for the analysis of equipment. FBYOD has been evaluated in a non-simulated corporate environment where mobile devices run Android operating system and are compliant with BYOD policy. The results obtained demonstrate the effectiveness of the proposal and also reveal that users neglect important aspects of security and that in addition, above-average amounts of files, which is reported in the literature, are stored in the devices.