- Title
- Towards Central Vulnerability Management By Mobile Phone Operators
- Creator
- Moyo, Thamsanqa, Irwin, Barry V W, Wright, Madeleine
- Date
- 2006
- Type
- text
- Type
- article
- Identifier
- http://hdl.handle.net/10962/428787
- Identifier
- vital:72536
- Identifier
- https://www.researchgate.net/profile/Barry-Ir-win/publication/237107512_Securing_mobile_commerce_interactions_through_secure_mobile_web_services/links/5b9a5898a6fdccd3cb4ff6cf/Securing-mobile-commerce-interactions-through-secure-mobile-web-services.pdf
- Description
- The application of XML-based approaches in passing vulnerability in-formation between vulnerability management devices or software resid-ing on wired networks has been demonstrated. We propose a proof of concept framework for mobile operators that extends this use of XML into the area of vulnerability management on public land mobile net-works. Our proposed framework allows for a pro-active central man-agement of vulnerabilities found on mobile stations such as mobile phones. Despite the relatively limited number of reported vulnerabilities on mobile stations, such a pre-emptive approach from mobile operators is necessary to acquire the confidence of early adopters in Mobile Commerce. Given the diverse collection of devices and software that exist on a public land mobile network, XML-based approaches are best able to providing the inter-operability required for vulnerability manage-ment on such a network. Our proposed framework leverages web ser-vices by using the Open Vulnerability Assessment Language (OVAL) to provide vulnerability descriptions, and by securing these descriptions in SOAP messages conforming to the OASIS Web Services Security (WSS) standard. We contribute in three areas: firstly, through this framework we show that mobile operators can carry out centralized vul-nerability management on their public land mobile networks comprising of a wide variety of devices and software. Secondly, the assurance of integrity, confidentiality and non-repudiation inherently lacking in OVAL vulnerability descriptions is achieved through their encapsulation in SOAP messages conforming to the OASIS WSS standard. Thirdly, SOAP-based web service implementations allow for integration with vulnerability management tools and devices that do not conform to OVAL.
- Format
- 12 pages, pdf
- Language
- English
- Relation
- Information Security for South Africa, Moyo, T., Irwin, B. and Wright, M., Towards Central Vulnerability Management By Mobile Phone Operators. In ISSA (pp. 1-18), Information Security for South Africa volume 2006 number 1 12 2006 2330-9881
- Rights
- Publisher
- Rights
- Use of this resource is governed by the terms and conditions of the IEEE Xplore Terms of Use Statement (https://ieeexplore.ieee.org/Xplorehelp/overview-of-ieee-xplore/terms-of-use)
- Hits: 122
- Visitors: 137
- Downloads: 17
Thumbnail | File | Description | Size | Format | |||
---|---|---|---|---|---|---|---|
View Details | SOURCE1 | Towards Central Vulnerability Management by Mobile Phone Operators.pdf | 249 KB | Adobe Acrobat PDF | View Details |