Common Criteria Security Audit for Mobile Devices
Rissanen, Samuli (2018)
Rissanen, Samuli
Oulun ammattikorkeakoulu
2018
All rights reserved
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2018083014738
https://urn.fi/URN:NBN:fi:amk-2018083014738
Tiivistelmä
The aim of this bachelor’s thesis was to study the requirements set for security auditing of mobile devices by Common Criteria, to determine how the current system fulfills these requirements and to make the needed modifications to fulfill the requirements. This thesis was commissioned by Bittium Oyj.
The requirements set for the security auditing for the mobile devices were studied and a list of all the requirements that needed to be fulfilled were composed. After the requirements were clear, the actual logging system of Android was studied to understand how it has been implemented. The logging system was studied very thoroughly to get the complete picture on how it functions at different levels of the system and how it is currently being utilized in the Android platform.
After the Android logging system has been presented, a few solutions on how audit logging functionality could be implemented and integrated as a part of the Android logging system are presented.
The actual analysis of the system was the last part of this thesis. Analyzing certain components of the system took a significant amount of time as they were very complex, but understanding their operation and functionality was crucial for making a proper analysis. The analysis itself was a surprisingly demanding work, as I had to cover a lot of individual components and had to learn how they function in a very short time.
As was found during the analysis, some requirements were not initially met, but after making the necessary modifications to the responsible components, most of the requirements were met in the end. Due to time restrictions set at the beginning of this thesis, some of the requirements were identified to require a great effort to make the necessary modifications and therefore, they were left out of the scope of the implementation part of this thesis.
The requirements set for the security auditing for the mobile devices were studied and a list of all the requirements that needed to be fulfilled were composed. After the requirements were clear, the actual logging system of Android was studied to understand how it has been implemented. The logging system was studied very thoroughly to get the complete picture on how it functions at different levels of the system and how it is currently being utilized in the Android platform.
After the Android logging system has been presented, a few solutions on how audit logging functionality could be implemented and integrated as a part of the Android logging system are presented.
The actual analysis of the system was the last part of this thesis. Analyzing certain components of the system took a significant amount of time as they were very complex, but understanding their operation and functionality was crucial for making a proper analysis. The analysis itself was a surprisingly demanding work, as I had to cover a lot of individual components and had to learn how they function in a very short time.
As was found during the analysis, some requirements were not initially met, but after making the necessary modifications to the responsible components, most of the requirements were met in the end. Due to time restrictions set at the beginning of this thesis, some of the requirements were identified to require a great effort to make the necessary modifications and therefore, they were left out of the scope of the implementation part of this thesis.