Risk Based Mobile Access Control (RiBMAC) policy framework

Mobile devices are increasingly being deployed by enterprises, governments, and the military. Protecting sensitive data that will invariably reside on them is critical. Mobile devices cannot be protected by physical security the same way as stationary systems. Therefore, they must deploy strong internal protection mechanisms for access control. Policies for access control must be driven by context and risk in the environmental in which they operate. This is inherently different from traditional policy models that focus on the multi-user access control. We propose the Risk Based Mobile Access Control (RiBMAC) policy framework for mobile device access control. It uses risk factor abstractions to break down the complexity in the specification, management and evaluation of risk based policies. Its agent-centric approach can effectively integrate a large number of onboard sensors and risk assessment components in different hardware and operational configurations. RiBMAC is a simple yet powerful policy framework that is expressive, practical and scalable. RiBMAC, in conjunction with the appropriate enforcement mechanisms, can greatly improve security for tactical mobile devices.