1
Agenda 1. voorstelling projectuitvoerders 2. overzicht van tetra project SecureApps
3. voorstelling leden gebruikersgroep 4. QR based out-of-band communicatie 5. planning komende periode 6. discussie
2
2
3
TeTra = Technologie Transfer – Technologie verkenning – Technologie vertaling – Technologie verspreiding
TeTra projecten: algemene werking
TeTra financiering – 92,5 % door IWT – 7,5 % door gebruikerscommissie
Bijeenkomst gebruikerscommissie (viermaandelijks) – voortgangsverslag (technisch, beheer, valorisatie - 1 week voor GC) – verslag van de GC (1 week na GC) – “reglement van orde” (bij aanvang van project) – “schuldvordering” (tijdens eerste maanden van project)
3
4
“Reglement van Orde” – Doelstellingen van TeTra
TeTra projecten: algemene werking
(1) bedrijven en social profit organisaties toegang bieden tot technologische ontwikkelingen 2) impuls aan opwaardering en valorisatie van technologisch onderzoek aan Vlaamse instellingen van hoger onderwijs – Reglement van orde (belangrijkste artikels) (art.1) Consortium is verantwoordelijk voor uitvoering project (art.2) Gebruikerscommissie ondersteunt instelling van hoger onderwijs (art.3) Gebruikerscommissie telt minstens 4 KMO’s (art.6) Gebruikerscommissie komt om de 4 maanden bijeen (art.8) Geen specifieke toepassingen op maat van 1 lid van GC (art.9) naam vermelden bij gebruik van projectresultaten (art.10-14) IPR regelgeving (art.15) gebruikerscommissie staat in voor 47,5% van financiering
5
Project sheet • Title – SecureApps – Advanced Tech’s for Secure Smartphone and Tablet Apps
• Coordinator – MSEC, KAHO Sint-Lieven, Belgium
• Other applicants – Distrinet, KU.Leuven, Belgium
• Sector – mobile app and security developers – eHealth and commercial sector
6
Project Summary Technologies WP2 Platform Security Technologies
WP1 Requirements Analysis
WP3 Storage and Backup Technologies
WP4 Code Analysis Technologies
WP5: Context Aware Security Policy Specification
Realisation
WP6: Applications eHealthApps
salesApps
WP8: Dissemination WP9: Project Management
Reconfiguration
WP7 Evaluation & validation
7
Project Summary Technologies WP2 Platform Security Technologies
• analysis security architecture • Benefits and platform constraints
WP3 Storage and Backup Technologies
• Tamperproof modules for secure storage • Integration of cloud solutions • Activation of credentials
WP4 Code Analysis Technologies
• Static code analysis • Runtime monitoring
8
Project Summary WP5: Context Aware Security Policy Specification
Realisation
Reconfiguration
9
Project Summary WP6: Applications eHealthApps
salesApps
10 EVALUATION OF TECHNOLOGIES
AVG
1.What expertise is relevant for your company?
Design and implementation guidelines for developing secure mobile applications.
4,86
Evaluation and analysis of security measures in current mobile platforms (OS support).
3,71
Evaluation of existing software components and technologies for building secure applications.
3,71
Implementation of new software components for building secure applications.
3,29
Evaluation of code analysis tools and technologies.
2,29
2. Secure Design and Implementation Analysis and evaluation of security risks and weaknesses in mobile environments.
3,71
Guidelines for the design of secure smartphone/tablet applications.
4,71
3. Evaluation and analysis of platform specific security features. Android
4,71
iOS
4,00
Windows Phone
3,14
4. Local technologies for building secure applications Solutions on the mobile device
3,86
Solutions using a tamperproof module
3,29
Hybrid solutions
3,86
5. Remote technologies for building secure applications Integration with existing server technologies (trusted/private)
3,71
Integration with existing cloud technologies (untrusted/public)
3,71
6. Evaluation of software components and technologies for building secure applications Secure storage of data
4,29
Authentication mechanisms
4,43
Communication technologies
4,00
Backup and recovery technologies
3,57
Monitoring technologies
3,00
Setup and (re)configuration
3,14
7. Evaluation of Code Analysis Tools Evaluation of static code analysis tools
2,71
Evaluation of dynamic code analysis tools
2,71
Evaluation of tools for quality control of apps
2,57
11 CONTEXT AWARENESS 8. Contextual Triggers that lead to specific security decisions Current Purpose: Business versus Leisure
3,00
Current Location and Motion (sensor information)
4,33
Type of connectivity (secure/insecure, internal/external, ...)
4,17
Current User
3,17
Running applications (e.g., don't start app X if app Y is running)
3,17
9.Security Measures enforced by Contextual Triggers. Login/Logout procedures
4,67
(de)Activation of services/applications
3,33
Blocking information release
3,67
Availability of data and credentials
4,17
Backup and wiping
3,67
Automatic (re)configuration
2,67
10. Realisation of security policies Large number of policies on a single platform
2,57
Smaller number of policies on two platforms
4,14
Small number of policies on multiple platforms (i.e., more than two)
3,57
PROTOTYPES AND DEMONSTRATION 11. Which application domains should be selected for the demonstrator? Sales Apps
3,14
eHealth Apps
3,71
12. Which hardware platforms should be selected for the demonstrator? Tablet
3,43
Smartphone
4,14
Tamperproof modules (secure micro SD)
3,29
13. Which operating system should be selected for the demonstrator? Android
4,43
iOS
3,86
Windows Phone
3,14
14. Development Strategy Fast prototyping of software components
3,50
Reusable software components and middleware
4,33
12
Current Master thesises •
Arne De Smedt - Systeem voor aanwezigheidsregistratie op scholen (ism Pronoia)
•
Lennart Goossens – Selectief vrijgeven van persoonlijke attributen op PDAs
•
Karel Dewitte – Integratie van OpenID op mobiele toestellen
•
Sam Van Den Berghe – NCF comm. tussen terminals en smartphones (ism DramCo)
•
Robrecht De Langhe - beheer van digitale sleutels op mobiele toestellen
•
Benjamin De Clercq - gecontroleerd vrijgeven van informatie op smartphones
•
R. Dobbelaere – Een iOS/Android Applicatie voor beheer van conference systemen (ism Televic)
•
Jeroen D'Haene - Context aware veiligheidsbeleid op smartphones en tablets
•
Bert Schelstraete - Het dichttimmeren van Android voor industrieel gebruik
13
Agenda 1. voorstelling projectuitvoerders 2. overzicht van tetra project SecureApps
3. voorstelling leden gebruikersgroep 4. QR based out-of-band communicatie 5. planning komende periode 6. discussie
14
User group SecureApps 1. Mobile app developers
2. Partners with expertise in security
3. Application domains
