Secure mobile business applications - Framework, architecture, and implementation

Emerging mobile technologies such as PDAs, laptops and smart phones together with wireless networking technologies such as WLAN and UMTS promise to empower mobile employees to become better integrated into their companies' business processes. However, the actual uptake of these technologies is still to come; one hindrance is security of mobile devices and applications. In this contribution we present an indepth analysis of the current situation enterprises are faced with in the mobile arena, both from a security and a management perspective. We argue that the currently predominant model of perimeter security will not scale for future mobile business applications that will require appropriate application-level security mechanisms to be in place. We present a framework offering solutions for the development of secure mobile business applications that takes into account the need for strong security credentials, e.g. based on smart cards. This framework consists of software and abstractions that allow for the separation of the core business logic from the security logic in applications. Security management instruments in the form of enforceable enterprise policies are defined which target the security and trust-related deployment and configuration of mobile devices and business applications. The presented architecture is open, in the sense that the actual mobile business application can span over heterogeneous client devices, forming a so-called federation.