Authentication, access control, and audit (3As) are three fundamental mechanisms in enterprise security management for countering various types of looming threats from both insiders and outsiders. There has been a variety of web-based or desktop systems implementing those mechanisms, but little supports the applicability of mobile devices in their security management. In this paper we present an approach to managing various types of enterprise security policies using mobile devices in order to effectively monitor and defend trusted domains. Specifically, we describe a security architecture for designing and implementing a mobile-enabled solution for enterprise security management, whereby various benefits such as the backup of important security policies or credentials, offline administration, immediate response, and monitoring, can be achieved. We also present a proof-of-concept implementation using Microsoft Active Directory.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Jean Bacon , Ken Moody , Walt Yao, Access control and trust in the use of widely distributed services, Software—Practice & Experience, v.33 n.4, p.375-394, 10 April 2003  [doi>10.1002/spe.511]
	2	M. Blaze , J. Feigenbaum , J. Ioannidis , A. Keromytis, The KeyNote Trust-Management System Version 2, RFC Editor, 1999
	3	Distributed Management Task Force, Inc. Common Information Model (CIM)-Infrastructure Specification, version 2.3, 2004.
	4	Gartner. Extranet Access Management Magic Quadrant, Gartner Research Note (ID: M-13-6853), May 2001.
	5	ITU. ITU-T RECOMMENDATION T.128SHARE-APPLICATION SHARING, 1997. ITU-T Q3/16.
	6	ITU. ITU-T Recommendation X.509. Information Technology: Open Systems Interconnection - The Directory: Public-Key And Attribute Certificate Frameworks, 2000. ISO/IEC 9594--8.
	7	Savith Kandala , Ravi Sandhu, Secure role-based workflow models, Proceedings of the fifteenth annual working conference on Database and application security, p.45-58, July 15-18, 2001, Niagara, Ontario, Canada
	8	Axel Kern , Martin Kuhlmann , Andreas Schaad , Jonathan Moffett, Observations on the role life-cycle in the context of enterprise security management, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA  [doi>10.1145/507711.507718]
	9	Gustaf Neumann , Mark Strembeck, A scenario-driven role engineering process for functional RBAC roles, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA  [doi>10.1145/507711.507717]
	10	R. L. Rivest and B. Lampson. SDSI - a simple distributed security infrastructure. Technical report, September 1996.
	11	Haio Roeckle , Gerhard Schimpf , Rupert Weidinger, Process-oriented approach for role-finding to implement role-based security administration in a large industrial organization, Proceedings of the fifth ACM workshop on Role-based access control, p.103-110, July 26-28, 2000, Berlin, Germany  [doi>10.1145/344287.344308]
	12	RSA Security. RSA ClearTrust Advanced User Management Module, 2004.
	13	Ravi Sandhu, Engineering authority and trust in cyberspace: the OM-AM and RBAC way, Proceedings of the fifth ACM workshop on Role-based access control, p.111-119, July 26-28, 2000, Berlin, Germany  [doi>10.1145/344287.344309]
	14	Dongwan Shin , Gail-Joon Ahn , Sangrae Cho , Seunghun Jin, A role-based infrastructure management system: design and implementation: Research Articles, Concurrency and Computation: Practice & Experience, v.16 n.11, p.1121-1141, September 2004  [doi>10.1002/cpe.v16:11]
	15	Dongwan Shin , Gail-Joon Ahn , Sangrae Cho , Seunghun Jin, On modeling system-centric information for role engineering, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy  [doi>10.1145/775412.775434]