“…but please remember, you can access or modify the strictly confidential data in this app only in very secure locations…OK?”

“Yeah sure!…ehm, but what do you mean exactly? Well nevermind, I have to go, see you!”

“Well…”

Welcome to another post (here the first post) with use cases for ProtectMe, a research prototype developed at the SAP Product Security Research group.

What happens if you need your users to access and manipulate sensitive data in your ERP, and they should also respect your company’s policy to protect the confidentiality of such critical information? How to provide users with convenient tools for their business operation that at the same time enforce corporate policy terms?

In the following videos, ProtectMe is used to control two mobile apps, respectively usingMBO and OData to retrieve business information. The scope of ProtectMe is however broader and can be integrated within the business logic of any application.

The policy conditions have been simplified in these use cases, and essentially comprise a list of geographic locations where data manipulations are allowed. However, ProtectMe is integrated out-of-the-box a number of mobile device components like bluetooth and WIFI network adapters, GPS, alarm and so on, thus supporting more use cases. And the engine used by ProtectMe supports the definition of complex conditions using data coming from the different components.

The apps in the videos are rather simple, but as you can see, ProtectMe is smoothly integrated in the user experience, thus it does not represent an obstacle for business users during their activities.

ProtectMe providing usage control to MBOs

ProtectMe and OData resources

More details on ProtectMe can be found at the following links:

or simply by contacting Francesco DI CERBO, Laurent GOMEZ or Slim TRABELSI from SAP ACES Product Security Research group.

Special Thanks to Stuart SHORT for the precious help.

To report this post you need to login first.

Be the first to leave a comment

You must be Logged on to comment or reply to a post.

Leave a Reply