Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
MTZ-Fachkongress

Antriebe und Energiesysteme von morgen


Austausch von Automobil- und Energiewirtschaft

Am 14./15. Mai geht es in Chemnitz um die Mobilitätswende durch Elektro- und Wasserstofffahrzeuge.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Ensuring Traceability in Modeling Requirement Using Ontology Based Approach Kapitel lesen Erstes Kapitel lesen

2016 | OriginalPaper | Buchkapitel

Automated Support to Capture and Validate Security Requirements for Mobile Apps

verfasst von : Noorrezam Yusop, Massila Kamalrudin, Safiah Sidek, John Grundy

Erschienen in: Requirements Engineering Toward Sustainable World

Verlag: Springer Singapore

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Mobile application usage has become widespread and significant as it allows interactions between people and services anywhere and anytime. However, issues related to security have become a major concern among mobile users as insecure applications may lead to security vulnerabilities that make them easily compromised by hackers. Thus, it is important for mobile application developers to validate security requirements of mobile apps at the earliest stage to prevent potential security problems. In this paper, we describe our automated approach and tool, called MobiMEReq that helps to capture and validate the security attributes requirements of mobile apps. We employed the concept of Test Driven Development (TDD) with a model-based testing strategy using Essential Use Cases (EUCs) and Essential User Interface (EUI) models. We also conducted an evaluation to compare the performance and correctness of our tool in various application domains. The results of the study showed that our tool is able to help requirements engineers to easily capture and validate security-related requirements of mobile applications.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel 2-dip-dfs: Algorithm to Detect Conflict Between Two Goal Selection Criteria
Nächstes Kapitel A Template-Based Test-Authoring Tool to Write Quality Tests for Requirements Validation
Fußnoten
Literatur
1.
Schneider, K., Knauss, E., Houmb, S., Islam, S., Jurjens, J.: Enhancing security requirements engineering by organizational learning. Requirements Eng. 17(1), 35–56 (2011)CrossRef
2.
Kamalrudin, M., Grundy, J.: Generating essential user interface prototypes to validate requirements. In: Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering, pp. 564–567 (2011)
3.
Paja, E., Dalpiaz, F., Poggianella, M., Roberti, P.: STS-tool: socio-technical security requirements through social commitments. In: Proceeding of the Conference 21st IEEE International Requirements Engineering Conference (RE), pp. 331–332 (2012)
4.
Yusop, N., Kamalrudin, M., Yusof, M.M., Sidek, S.: Challenges in eliciting security attributes for mobile application development. In: Proceeding of the Conference KSII The 7th International Conference on Internet (ICONI), Kuala Lumpur, Malaysia (2015)
5.
Yahya, S., Kamalrudin, M., Safiah, S., Grundy, J.: Capturing security requirements using essential use cases (EUCs). In: First Asia Pacific Requirements Engineering Symposium, APRES 2014, pp. 16–30. Auckland, New Zealand, 28–29 April 2014
6.
Paja, E., Dalpiaz, F., Poggianella, M., Roberti, P.: STS-tool: socio-technical security requirements through social commitments. In: Proceeding of the Conference 21st IEEE International Requirements Engineering Conference (RE), pp. 331–332 (2012)
7.
SANS Institute, Determining the Role of the IA/Security Engineer, InfoSec Reading (2010)
8.
Constantine, L.L., Lockwood, L.A.: Software for Use: A Practical Guide to the Models and Methods of Usage-Centered Design. Pearson Education, Upper Saddle River (1999)
9.
Biddle, R., Noble, J., Tempero, E.: Essential use cases and responsibility in object oriented development. In: Proceeding of the 25th Australasian Computer Science Conference. Australian Computer Society, Inc., Chicago (2002). vol. 24(1), 7–16 (2002)
10.
Constantine, L.L., Lockwood, A.D.L.: Structure and style in use cases for user interface design. In: Object Modeling and User Interface Design: Designing Interactive Systems. Addison-Wesley, Longman Publishing Co. Inc., pp. 245–279 (2001)
11.
12.
Constantine, L.L., Lockwood, A.D.L.: Usage-centered software engineering: an agile approach to integrating users, user interfaces, and usability into software engineering practice. In: Proceeding of 25th International Conference on Software Engineering (ICSE 2003). IEEE Computer Society, Portland, Oregon (2003)
13.
Ambler, S.W.: The Object Primer: Agile Model-Driven Development with UML 2.0, 3rd edn. Cambridge University Press, New York (2004)CrossRef
14.
Kamalrudin, M., Grundy, J., Hosking, J.: Tool support for essential use cases to better capture software requirements. In: Proceeding of IEEE/ACM International Conference on Automated Software Engineering, pp. 327–336 (2010)
15.
Kamalrudin, M.: Automated software tool support for checking the inconsistency of requirements. In: 24th IEEE/ACM International Conference on Automated Software Engineering, ASE 2009. IEEE (2009)
16.
Kamalrudin, M.: Automated support for consistency management and validation of requirements, Ph.D. thesis. The University of Auckland (2011)
17.
Yusop, N., Kamalrudin, M., Sidek, S.: Capturing security requirements of mobile apps using MobiMEReq. In: Proceeding of 3rd Asia Pacific Conference on Advanced Research, Melbourne, Victoria, Australia (2016)
18.
Yusop, N., Kamalrudin, M., Sidek, S.: Security requirements validation for mobile apps: a systematic literature review. Jurnal Teknologi (Sci. Eng.) 77(33), 123–137 (2015)
19.
Kumar, V.S., Kumar, M.: Test case prioritization using fault severity. Int. J. Comput. Sci. Technol. 1, 67–71 (2010)
20.
Novak, V., Perfilieva, I., Mockor, J.: Mathematical Principles of Fuzzy Logic. Kluwer Academic, Dodrecht (1999)CrossRefMATH
21.
Bhasin, H., Gupta, S., Kathuria, M.: Implementation of regression testing using fuzzy logic. Int. J. Appl. Innov. Eng. Manage. 2(4), (2013)
22.
Rhee, K., Kim, H., Na, H.Y.: Security test methodology for an agent of a mobile device management system. Int. J. Secur. Appl. 6(2), (2012)
23.
Dezfouli, F.N., Deghantanha, A., Mahmood, R., Sani, N.F.M., Shamsuddin, S.: A data-centric model for smartphone security. IJACT 5, 9–17 (2013)
24.
Gilbert, P., Cun, B.: Vision: automated security validation of mobile apps at app markets. In: Proceeding of the 2nd International Workshop on Mobile Cloud Computing and Services (MCS 2011), pp. 21–26, New York, USA (2011)
25.
Singaraju, G., Hoon, B.: Concord: a secure mobile data authorization framework for regulatory compliance. In: Proceeding of the 22nd Large Installation System Administration Conference (LISA 2008), pp. 91–102 (2008)
26.
Ying, L., Dinglong, H., Haiyi, Z., Rau, P.: Users’ perception of mobile information security. Hacker Journals White Papers. Computer Security Knowledge Base Portal (2007)
27.
Kamalrudin, M., Grundy, J., Hosking, J.: Managing consistency between textual requirements. Abstract interactions and essential use cases. In: Proceeding of 2010 IEEE 34th Annual Computer Software and Applications Conference, pp. 327–336 (2010)
28.
Kamalrudin, M., Grundy, J., Hosking, J.: Improving requirements quality using essential use case interaction patterns. In: Proceedings of 2011 International Conference Software Engineering, Honolulu, Hawaii, USA (2011)
Metadaten
Titel
Automated Support to Capture and Validate Security Requirements for Mobile Apps
verfasst von
Noorrezam Yusop
Massila Kamalrudin
Safiah Sidek
John Grundy
Copyright-Jahr
2016
Verlag
Springer Singapore
Buch
Requirements Engineering Toward Sustainable World

Print ISBN: 978-981-10-3255-4

Electronic ISBN: 978-981-10-3256-1

Copyright-Jahr: 2016

DOI
https://doi.org/10.1007/978-981-10-3256-1_7

Premium Partner

    Bildnachweise