Mobile Device Management
對於攜入個人智慧行動裝置(Bring Your Own Device)於軍事管制區，目前國防部已著手導入行動裝置管理(Mobile Device Management)第三方解決方案來處理其所造成的資安隱憂。但由於管制區內的人事物有其敏感性，若僅仰賴第三方解決方案，恐形成一極大的國安漏洞。因此在本研究中我們對Android智慧行動裝置安全管控各項功能之實作可行性進行評估進而掌握其背後所需的關鍵技術，包括如裝置資訊取得、裝置控制、管控系統自體防護以及架構設計等。本研究的成果可立即作為國防部於初期導入第三方MDM解決方案的採購評量參考，而針對中長期須自行開發MDM系統的目標，本研究所發展的諸項關鍵技術也將具有極高的參考價值。
FUSION: A Unified Application Model for Virtual Mobile InfrastructureWe proposed a unified application model for virtual mobile infrastructure called FUSION. FUSION bridges the gap between the remote VMI server and the client-side mobile device via supporting bi-directional IPC(inter-process communication) and loosely synchronized file system. FUSION classifies IPC events into two types: IPC events without accessing local resources and IPC events accessing local resource. For IPC events without accessing local resources, FUSION simply hooks the IPC events, forwards them to the remote peer and replays them in the remote environment. For complex IPC events involving with accessing files located in the local device, FUSION will analyze each individual IPC event and transmit the corresponding files to the remote peer with respect to each IPC event. Once the remote application completes its job and the user tries to disconnect with the remote peer, FUSION will synchronize those files back to the local side. The synchronization makes the file changes updated by the remote application visible to the local side. Base on our experimental results, FUSION incurs less than 1% overhead on the system. For simple IPC events without local resource access, FUSION can transmit those IPC events to the remote peer under various network conditions in less than 1200ms. For complex IPC events involving local resource access, FUSION can also serialize and transmit the files efficiently.
Software Defined Networking (SDN) allows the construction of virtual networks on top of a datacenter network infrastructure. However, the flexibility also increases the chance of inconsistencies in the network configurations caused by component failures, software bugs, or human errors. The inconsistencies may result in service outage or security policy violation. We propose a model-based verification system to check the consistency of a virtual network. The system models the requirements as logic constraints and extracts the configuration states of a virtual network. The configuration states are checked against the logic constraints by using a SMT solver. The prototype system successfully detects various inconsistencies injected to the testbed and incurs reasonable amount of overheads.