Abstract— BYOD (Bring Your Own Device) is part of the larger trend of IT Customization, in which employee-owned devices such as smart phones, tablets and laptops are allowed to be brought into the enterprise to perform work related computing. BYOD scenario is bound to security vulnerabilities as the enterprise does not exercise complete control over the consumer hardware and software. In this paper, a combination of Trust-Based Access Control (TBAC) strategy and fuzzy-expert system was used to enhance the information security using a multi-factors trust base access control mechanism. Fuzzy trust model was developed and implemented using MATLAB 8.3.0, we describe trust from three factors: behavior, reputation, and recommendation to compute …show more content…
This operational phenomenon allows employees and gives them freedom of choice the best device for their office work, thus will increase business benefits by allowing the employee access independently from time and location. Mansfield-Devine (2012). With mobile devices increasingly embedded into all parts of our personal lives, IT companies are finding that their employees increasingly would like to use their own personal mobile devices to carry out work (often alongside corporate-provided devices), and many corporate IT teams already support this and rest are reaching out to IT support team to have this implementation. Morrow …show more content…
This can also be expressed by using numerical values such as 1 for trusted and 0 for untrusted (Isaac Agudo, 2008). Trust can be viewed in relations to cooperation, commodity and reputation, direct and recommended trust; the perspective of which comes applicable to our context (BYOD network).While recommended trust usually involves a party that has not been directly interacted with in the past, and there is no base for trust, direct trust is kind of trust developed directly with an agent, usually as a result of past experiences. Here direct trust model involves a prior registration of employees' mobile devices as part of the criteria for initial decision on trust concerning nodes joining the network for the first time however there is also the possibility of an unregistered device legitimately accessing the network, whose case is already noted for further recommendations. Figure 3 illustrates how direct trust can be extended among agents who are involved in interactions. As shown, A2 trusts A3 and A4, while A4 trusts A1. A1 has no trust relationship with A2 and A3 before, but as can be seen from the diagram, they now share recommended trust relationship. A4 recommended A1 for A2, whileA2 further recommends it to A3.