隨著行動裝置的迅速崛起,愈來愈多企業實施BYOD(Bring Your Own Device)政策,讓員工使用個人行動裝置來投入工作,以節省硬體採購成本並提升員工工作效率。但企業也面臨新的資訊安全風險,例如員工利用行動裝置的便利性而竊取企業機密資料等。因此如何制訂與實施BYOD安全政策 便成為一項重要的資訊安全議題。為解決此問題,本論文提出企業實施BYOD安全政策管理之平台(SDroid),以提供管理人員制訂Install-time與Run-time安全政策的操作介面。我們也在手機端提供SDroid Agent以即時分析員工安裝的App是否符合安全政策的規範,如此企業不需額外建立App store或App黑白名單。我們以實驗證明SDroid確實能制定安全政策,並正確地實施於員工的Android行動裝置中,確保員工使用的App皆符合企業安全政策的規範。
With the rapid rise of mobile devices, more and more enterprises develop BYOD (Bring Your Own Device) policy to allow employees use personal devices to work for saving cost and raise productivity. But new information security risks also occur, so how to develop and implement the BYOD security policy has become an important information security issues. To resolve this problem, this paper presents an enterprise BYOD security policy management platform (SDroid) to provide interface for both Install-time and Run-time security policy management. We also provide SDroid Agent to be installed in employee’s mobile device. This agent will check whether the App complied with the company’s security policy, so enterprise needn’t to additionally set up App store or App black/white list. Our experiment shows that SDroid is useful in developing security policies, and ensure that employees install the APP which is in compliance with corporate security policies.