Towards Enforcing On-The-Fly Policies in BYOD Environments

The Bring Your Own Device (BYOD) paradigm is becoming extremely popular across all kind of organizations. In fact, employees are continually trying to incorporate their personal devices, e.g. smartphones and tablets, into the office to perform some of their work or simply to access the Internet with a device they trust or they are more familiar with. Unfortunately, several security issues may arise from all these external devices accessing the corporate network. To address these issues, in this paper we propose a framework that enforces on-the-fly instantiated policies inside organizations using trusted BYOD technologies. The proposed framework implements a role-based access control system based upon user identity and her current context. To this end, each user receives a specific policy from a server based upon the current role and context. The effective user identity is confirmed using OAuth 2.0, while the device integrity and policy enforcement is ensured by means of a on-device root-of-trust and an enforcer running on each device.