T-dominance: Prioritized defense deployment for BYOD security

Bring Your Own Device (BYOD) is an enterprise information technology (IT) policy that encourages employees to use their own devices to access sensitive corporate data at work through the enterprise IT infrastructure. Many current BYOD security practices are costly to implement and intrusive to employees, which, to some degree, negate BYOD´s perceived benefits. To address such tension, we propose prioritized defense deployment: Instead of employing the same costly and intrusive security measures on each BYOD smartphone, more stringent threat detection/mitigation mechanisms are deployed on those representative smartphones, each of which represents, security-wise, a group of smartphones in the whole BYOD device pool. To this end, we propose a concept and a distributed algorithm, both named T-dominance, to capture the temporal-spatial pattern in an enterprise environment. We identify a few desirable properties of prioritized defense deployment, and analytically show that T-dominance satisfies such properties. We complement our analysis with simulations on real Wi-Fi association traces.