针对 BYOD 的网络入口边界安全研究

近年来，云计算业务平台的广泛应用强化了研究人员对于移动设备的依赖性。员工携带自己的设备（Bring Your Own Devices, BYOD）已经成为当前移动办公的主要趋势。针对BYOD环境中的数据泄露和恶意代码等问题，提出了一种跨平台的安全解决方案。该方案应用无客户端网络准入控制方式获取终端属性，并在向量表示法的基础上，为CPU空闲率等特殊属性设计了一种动态数值型评估方式。因此，该方案能够对进入网络的移动智能终端进行准确地可信评估，将终端分别判入可信域、非可信域和隔离域，确保最终进入网络的BYOD设备处于可信状态，以实现网络入口边界安全。实验结果表明本文方案比现有方案在移动智能终端安全状态的评估和防止对数据的非法访问等方面具有更好的效果。

Research on network entry boundary security for BYOD

Recently, the widespread application of cloud computing business platform strengthens the dependence of researchers on mobile devices. Bring Your Own Devices (BYOD) has become the main tendency in mobile office. To solve the problems of data leaking and malicious code in BYOD, a cross-platform security solution is proposed. This solution obtained the terminal attributes by applying the agentless network access control, and designed a dynamic numerical evaluation method based on vector representation for some special terminal attributes, for example, the central processing unit vacancy ratio. Therefore, the solution can accurately assess the mobile intelligent terminals entering the network, and determine these terminals into three different areas, namely trusted area, untrusted area and isolation area to assure that the BYOD devices which enter the network is trusted. It achieves the network entry boundary security. The experiment results show that, comparing to the existing solutions, the solution has better effect in security state evaluation of mobile intelligence terminals and safety protective properties in data illegal access etc.