Personal trusted devices for web services: Revisiting multilevel security

Authors Edgar Weippl
Wolfgang Essmayr
Title Personal trusted devices for web services: Revisiting multilevel security
Type article
Journal Mobile Networks and Applications, The Journal of Special Issues on Mobility of Systems, Users, Data and Computing
Number 2
Volume M8
ISSN 1383-469X
Month April
Year 2003
Pages 151-157
SCCH ID# 176
Abstract

In this paper we revisit the concept of mandatory access control and investigate its potential with personal digital assistants (PDA). Only if applications are clearly separated and Trojans cannot leak personal information can these PDAs become personal trusted devices. Limited processing power and memory can be overcome by using Web services instead of full-fledged applications a trend also in non-mobile computing. Web services, however, introduce additional security risks, some of them specific for mobile users. We propose an identification scheme that can be effectively used to protect privacy and show how this system builds upon a light-weight version of mandatory access control.