Personal trusted devices for web services: Revisiting multilevel security
|Autoren|| Edgar Weippl|
|Titel||Personal trusted devices for web services: Revisiting multilevel security|
|Journal||Mobile Networks and Applications, The Journal of Special Issues on Mobility of Systems, Users, Data and Computing|
In this paper we revisit the concept of mandatory access control and investigate its potential with personal digital assistants (PDA). Only if applications are clearly separated and Trojans cannot leak personal information can these PDAs become personal trusted devices. Limited processing power and memory can be overcome by using Web services instead of full-fledged applications a trend also in non-mobile computing. Web services, however, introduce additional security risks, some of them specific for mobile users. We propose an identification scheme that can be effectively used to protect privacy and show how this system builds upon a light-weight version of mandatory access control.