Today about 90% of employees use their own devices to execute business tasks. Among all these devices, smartphones are the most popular. From one point of view, a company wants to control all business data and the behavior of a user during working hours. From another point of view a company does not want to control users after work and the users want to be sure that they are not under the company's control. The obvious solution in this situation is to give a user a second business phone which has strict security policies. At the same time usually users do not want to have several devices in their pocket. Moreover, a company cannot control the use of personal devices in this situation.

Our system, MOSES, can separate data on a device and can control the behavior of a user when she uses a smartphone in different contexts. Our approach is similar to having several different virtual operating systems on the same device. But we use only one operating system and the same set of application executables. That's why we refer to our system as a lightweight virtualization platform.

To implement MOSES we have modified the Android operating system. Our solution uses Taintdroid to track sensitive data. To infer the context of a smartphone we rely on the CRêPE system.


We created a google-group where you can ask your questions.

We are available for your suggestions: moses@disi.unitn.it