Towards SDN-Defined Programmable BYOD (Bring Your Own Device) Security

An emerging trend in corporate network administration is BYOD (Bring Your Own Device). Although with many advantages, the paradigm shift presents new challenges in security to enterprise networks. While existing solutions such as Mobile Device Management (MDM) focus mainly on controlling and protecting device data, they fall short in providing a holistic network protection system. New innovation is needed in providing administrators with sophisticated network policies and control capabilities over the devices and mobile applications (apps). In this paper, we present PBS (Programmable BYOD Security), a new security solution to enable fine-grained, applicationlevel network security programmability for the purpose of network management and policy enforcement on mobile apps and devices. Our work is motivated by another emerging and powerful concept, SDN (Software-Defined Networking). With a novel abstraction of mobile device elements (e.g., apps and network interfaces on the device) into conventional SDN network elements, PBS intends to provide network-wide, context-aware, app-specific policy enforcement at run-time without introducing much overhead on a resource-constrained mobile device, and without the actual deployment of SDN switches in enterprise networks. We implement a prototype system of PBS, with a controller component that runs a BYOD policy program on existing SDN controllers and a client component, PBS-DROID, for Android devices. Our evaluation shows that PBS is an effective and practical solution for BYOD security.