Towards Central Vulnerability Management By Mobile Phone Operators

Moyo, Thamsanqa; Irwin, Barry V W; Wright, Madeleine

Title: Towards Central Vulnerability Management By Mobile Phone Operators
Creator: Moyo, Thamsanqa, Irwin, Barry V W, Wright, Madeleine
Date: 2006
Type: text
Type: article
Identifier: http://hdl.handle.net/10962/428787
Identifier: vital:72536
Identifier: https://www.researchgate.net/profile/Barry-Ir-win/publication/237107512_Securing_mobile_commerce_interactions_through_secure_mobile_web_services/links/5b9a5898a6fdccd3cb4ff6cf/Securing-mobile-commerce-interactions-through-secure-mobile-web-services.pdf
Description: The application of XML-based approaches in passing vulnerability in-formation between vulnerability management devices or software resid-ing on wired networks has been demonstrated. We propose a proof of concept framework for mobile operators that extends this use of XML into the area of vulnerability management on public land mobile net-works. Our proposed framework allows for a pro-active central man-agement of vulnerabilities found on mobile stations such as mobile phones. Despite the relatively limited number of reported vulnerabilities on mobile stations, such a pre-emptive approach from mobile operators is necessary to acquire the confidence of early adopters in Mobile Commerce. Given the diverse collection of devices and software that exist on a public land mobile network, XML-based approaches are best able to providing the inter-operability required for vulnerability manage-ment on such a network. Our proposed framework leverages web ser-vices by using the Open Vulnerability Assessment Language (OVAL) to provide vulnerability descriptions, and by securing these descriptions in SOAP messages conforming to the OASIS Web Services Security (WSS) standard. We contribute in three areas: firstly, through this framework we show that mobile operators can carry out centralized vul-nerability management on their public land mobile networks comprising of a wide variety of devices and software. Secondly, the assurance of integrity, confidentiality and non-repudiation inherently lacking in OVAL vulnerability descriptions is achieved through their encapsulation in SOAP messages conforming to the OASIS WSS standard. Thirdly, SOAP-based web service implementations allow for integration with vulnerability management tools and devices that do not conform to OVAL.
Format: 12 pages, pdf
Language: English
Relation: Information Security for South Africa, Moyo, T., Irwin, B. and Wright, M., Towards Central Vulnerability Management By Mobile Phone Operators. In ISSA (pp. 1-18), Information Security for South Africa volume 2006 number 1 12 2006 2330-9881
Rights: Publisher
Rights: Use of this resource is governed by the terms and conditions of the IEEE Xplore Terms of Use Statement (https://ieeexplore.ieee.org/Xplorehelp/overview-of-ieee-xplore/terms-of-use)

Hits: 91
Visitors: 101
Downloads: 11

Collections

Wright, Madeleine (Mrs)

Irwin, Barry V W (Prof)

RU Department of Computer Science

SDG 09. Industry, Innovation and Infrastructure

		Thumbnail	File	Description	Size	Format
View Details Download			SOURCE1	Towards Central Vulnerability Management by Mobile Phone Operators.pdf	249 KB	Adobe Acrobat PDF	View Details Download