Abstract
Mobile application usage has become widespread and significant as it allows interactions between people and services anywhere and anytime. However, issues related to security have become a major concern among mobile users as insecure applications may lead to security vulnerabilities that make them easily compromised by hackers. Thus, it is important for mobile application developers to validate security requirements of mobile apps at the earliest stage to prevent potential security problems. In this paper, we describe our automated approach and tool, called MobiMEReq that helps to capture and validate the security attributes requirements of mobile apps. We employed the concept of Test Driven Development (TDD) with a model-based testing strategy using Essential Use Cases (EUCs) and Essential User Interface (EUI) models. We also conducted an evaluation to compare the performance and correctness of our tool in various application domains. The results of the study showed that our tool is able to help requirements engineers to easily capture and validate security-related requirements of mobile applications.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Schneider, K., Knauss, E., Houmb, S., Islam, S., Jurjens, J.: Enhancing security requirements engineering by organizational learning. Requirements Eng. 17(1), 35–56 (2011)
Kamalrudin, M., Grundy, J.: Generating essential user interface prototypes to validate requirements. In: Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering, pp. 564–567 (2011)
Paja, E., Dalpiaz, F., Poggianella, M., Roberti, P.: STS-tool: socio-technical security requirements through social commitments. In: Proceeding of the Conference 21st IEEE International Requirements Engineering Conference (RE), pp. 331–332 (2012)
Yusop, N., Kamalrudin, M., Yusof, M.M., Sidek, S.: Challenges in eliciting security attributes for mobile application development. In: Proceeding of the Conference KSII The 7th International Conference on Internet (ICONI), Kuala Lumpur, Malaysia (2015)
Yahya, S., Kamalrudin, M., Safiah, S., Grundy, J.: Capturing security requirements using essential use cases (EUCs). In: First Asia Pacific Requirements Engineering Symposium, APRES 2014, pp. 16–30. Auckland, New Zealand, 28–29 April 2014
Paja, E., Dalpiaz, F., Poggianella, M., Roberti, P.: STS-tool: socio-technical security requirements through social commitments. In: Proceeding of the Conference 21st IEEE International Requirements Engineering Conference (RE), pp. 331–332 (2012)
SANS Institute, Determining the Role of the IA/Security Engineer, InfoSec Reading (2010)
Constantine, L.L., Lockwood, L.A.: Software for Use: A Practical Guide to the Models and Methods of Usage-Centered Design. Pearson Education, Upper Saddle River (1999)
Biddle, R., Noble, J., Tempero, E.: Essential use cases and responsibility in object oriented development. In: Proceeding of the 25th Australasian Computer Science Conference. Australian Computer Society, Inc., Chicago (2002). vol. 24(1), 7–16 (2002)
Constantine, L.L., Lockwood, A.D.L.: Structure and style in use cases for user interface design. In: Object Modeling and User Interface Design: Designing Interactive Systems. Addison-Wesley, Longman Publishing Co. Inc., pp. 245–279 (2001)
Ambler, S.W.: Essential (Low Fidelity) User Interface prototypes (2016). www.agilemodeling.com/artifacts/essentialUI.htm
Constantine, L.L., Lockwood, A.D.L.: Usage-centered software engineering: an agile approach to integrating users, user interfaces, and usability into software engineering practice. In: Proceeding of 25th International Conference on Software Engineering (ICSE 2003). IEEE Computer Society, Portland, Oregon (2003)
Ambler, S.W.: The Object Primer: Agile Model-Driven Development with UML 2.0, 3rd edn. Cambridge University Press, New York (2004)
Kamalrudin, M., Grundy, J., Hosking, J.: Tool support for essential use cases to better capture software requirements. In: Proceeding of IEEE/ACM International Conference on Automated Software Engineering, pp. 327–336 (2010)
Kamalrudin, M.: Automated software tool support for checking the inconsistency of requirements. In: 24th IEEE/ACM International Conference on Automated Software Engineering, ASE 2009. IEEE (2009)
Kamalrudin, M.: Automated support for consistency management and validation of requirements, Ph.D. thesis. The University of Auckland (2011)
Yusop, N., Kamalrudin, M., Sidek, S.: Capturing security requirements of mobile apps using MobiMEReq. In: Proceeding of 3rd Asia Pacific Conference on Advanced Research, Melbourne, Victoria, Australia (2016)
Yusop, N., Kamalrudin, M., Sidek, S.: Security requirements validation for mobile apps: a systematic literature review. Jurnal Teknologi (Sci. Eng.) 77(33), 123–137 (2015)
Kumar, V.S., Kumar, M.: Test case prioritization using fault severity. Int. J. Comput. Sci. Technol. 1, 67–71 (2010)
Novak, V., Perfilieva, I., Mockor, J.: Mathematical Principles of Fuzzy Logic. Kluwer Academic, Dodrecht (1999)
Bhasin, H., Gupta, S., Kathuria, M.: Implementation of regression testing using fuzzy logic. Int. J. Appl. Innov. Eng. Manage. 2(4), (2013)
Rhee, K., Kim, H., Na, H.Y.: Security test methodology for an agent of a mobile device management system. Int. J. Secur. Appl. 6(2), (2012)
Dezfouli, F.N., Deghantanha, A., Mahmood, R., Sani, N.F.M., Shamsuddin, S.: A data-centric model for smartphone security. IJACT 5, 9–17 (2013)
Gilbert, P., Cun, B.: Vision: automated security validation of mobile apps at app markets. In: Proceeding of the 2nd International Workshop on Mobile Cloud Computing and Services (MCS 2011), pp. 21–26, New York, USA (2011)
Singaraju, G., Hoon, B.: Concord: a secure mobile data authorization framework for regulatory compliance. In: Proceeding of the 22nd Large Installation System Administration Conference (LISA 2008), pp. 91–102 (2008)
Ying, L., Dinglong, H., Haiyi, Z., Rau, P.: Users’ perception of mobile information security. Hacker Journals White Papers. Computer Security Knowledge Base Portal (2007)
Kamalrudin, M., Grundy, J., Hosking, J.: Managing consistency between textual requirements. Abstract interactions and essential use cases. In: Proceeding of 2010 IEEE 34th Annual Computer Software and Applications Conference, pp. 327–336 (2010)
Kamalrudin, M., Grundy, J., Hosking, J.: Improving requirements quality using essential use case interaction patterns. In: Proceedings of 2011 International Conference Software Engineering, Honolulu, Hawaii, USA (2011)
Acknowledgement
We would like to thank Universiti Teknikal Malaysia Melaka and Sciencefund grant: 01-01-14-SF0106 and also Ministry of Education (MOE), MyBrain15 for support.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Yusop, N., Kamalrudin, M., Sidek, S., Grundy, J. (2016). Automated Support to Capture and Validate Security Requirements for Mobile Apps. In: Lee, SW., Nakatani, T. (eds) Requirements Engineering Toward Sustainable World . APRES 2016. Communications in Computer and Information Science, vol 671. Springer, Singapore. https://doi.org/10.1007/978-981-10-3256-1_7
Download citation
DOI: https://doi.org/10.1007/978-981-10-3256-1_7
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-3255-4
Online ISBN: 978-981-10-3256-1
eBook Packages: Computer ScienceComputer Science (R0)