ESARA: A Framework for Enterprise Smartphone Apps Risk Assessment - IFIP Open Digital Library Access content directly
Conference Papers Year : 2019

ESARA: A Framework for Enterprise Smartphone Apps Risk Assessment

Majid Hatamian
  • Function : Author
  • PersonId : 1153502
Kai Rannenberg
  • Function : Author
  • PersonId : 989376


Protecting enterprise’s confidential data and infrastructure against adversaries and unauthorized accesses has been always challenging. This gets even more critical when it comes to smartphones due to their mobile nature which enables them to have access to a wide range of sensitive information that can be misused. The crucial questions here are: How the employees can make sure the smartphone apps that they use are trustworthy? How can the enterprises check and validate the trustworthiness of apps being used within the enterprise network? What about the security and privacy aspects? Are the confidential information such as passwords, important documents, etc. are treated safely? Are the employees’ installed apps monitoring/spying the enterprise environment? To answer these questions, we propose Enterprise Smartphone Apps Risk Assessment (ESARA) as a novel framework to support and enable enterprises to analyze and quantify the potential privacy and security risks associated with their employees’ installed apps. Given an app, ESARA first conducts various analyses to characterize its vulnerabilities. Afterwards, it examines the app’s behavior and overall privacy and security perceptions associated with it by applying natural language processing and machine learning techniques. The experimental results using app behavior and perception analyses indicate that: (1) ESARA is able to examine apps’ behavior for potential invasive activities; and (2) the analyzed privacy and security perceptions by ESARA usually reveal interesting information corresponding to apps’ behavior achieved with high accuracy.
Fichier principal
Vignette du fichier
485650_1_En_12_Chapter.pdf (2.2 Mo) Télécharger le fichier
Origin : Files produced by the author(s)

Dates and versions

hal-03744316 , version 1 (02-08-2022)





Majid Hatamian, Sebastian Pape, Kai Rannenberg. ESARA: A Framework for Enterprise Smartphone Apps Risk Assessment. 34th IFIP International Conference on ICT Systems Security and Privacy Protection (SEC), Jun 2019, Lisbon, Portugal. pp.165-179, ⟨10.1007/978-3-030-22312-0_12⟩. ⟨hal-03744316⟩
32 View
81 Download



Gmail Facebook X LinkedIn More