DOI QR코드

DOI QR Code

Meeting Real Challenges in Eliciting Security Attributes for Mobile Application Development

  • Yusop, Noorrezam (Faculty of Communication and Information Technology, Universiti Teknikal Malaysia Melaka) ;
  • Kamalrudin, Massila (Innovative and Software System and Services Group, Universiti Teknikal Malaysia Melaka) ;
  • Yusof, Mokhtar Mohd (Innovative and Software System and Services Group, Universiti Teknikal Malaysia Melaka) ;
  • Sidek, Safiah (Innovative and Software System and Services Group, Universiti Teknikal Malaysia Melaka)
  • Received : 2016.05.09
  • Accepted : 2016.06.15
  • Published : 2016.10.31

Abstract

There has been a rapid growth in the development of mobile application resulting from its wide usage for online transaction, data storage and exchange of information. However, an important issue that has been overlooked is the lack of emphasis on the security issues at the early stage of the development. In fact, security issues have been kept until the later stage of the implementation of mobile apps. Requirements engineers frequently ignore and incorrectly elicit security related requirements at the early stage of mobile application development. This scenario has led to the failure of developing secure and safe mobile application based on the needs of the users. As such, this paper intends to provide further understanding of the real challenges in extracting security attributes for mobile application faced by novice requirements engineers. For this purpose, two experiments on eliciting security attributes requirements of textual requirements scenario were conducted. The performance related to the correctness and time taken to elicit the security attributes were measured and recorded. It was found that the process of eliciting correct security attributes for mobile application requires effort, knowledge and skills. The findings indicate that an automated tool for correct elicitation security attributes requirement could help to overcome the challenges in eliciting security attributes requirements, especially among novice requirements engineers.

Keywords

References

  1. S.Yahya, M.Kamalrudin, S.Sidek, "The Use of Essential Use Cases (EUCs) to enhance the Process of Capturing Security Requirements for Accurate Secure Software," e-Proceeding of Software Engineering Postgraduates Workshop (SEPoW), pp.21-26, 2013. http://ftmk.utem.edu.my/sepow2013/e-proceeding_SEPoW2013.pdf. Access from September 2015
  2. S.Yahya, M.Kamalrudin, S.Sidek, "A Review on Tool Supports for Security Requirements Engineering," Proceedings of the IEEE Conference on Open Systems, Sarawak, Malaysia, 2013. http://dx.doi.org/10.1109/ICOS.2013.6735072
  3. C. B. Haley, R. C. Laney, J. D. Moffett, and B. Nuseibeh, "Security Requirements Engineering: A Framework for Representation and Analysis," IEEE Trans. Software Eng., pp.133-153, 2008. http://dx.doi.org/10.1109/TSE.2007.70754
  4. G.Ian, "Essential software architecture," pp.1-283, 2006. http://dx.doi.org/10.1007/978-3-642-19176-3
  5. K.Ivo, E.George, C. Leslie, G. Leana, M. Nenad, "A comprehensive exploration of challenges in architecturebased reliability estimation," Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)," Vol 202-227, 2009. http://dx.doi.org/10.1007/978-3-642-10248-6_9
  6. I. Kashmala, "Analytical Survey for Assuring and Maintaining Quality of Mobile Applications," Vol 2, pp. 336-345, 2015. www.ijccse.com/april15/RP_0415_5872.pdf. Access from September 2015.
  7. N. Nan, "Extractive Product Line Requirement," 2009. http://dx.doi.org/10.1109/RE.2008.49
  8. N. Ranjbar, M. Abdinejadi, "Authentication and Authorization for Mobile Devices," 2012. http://hdl.handle.net/2077/30043
  9. "User Authentication in Mobile Access," https://sc1.checkpoint.com/documents/R77/CP_R77_Mobile_Access_WebAdmin/41587.htm, Accessed from September 2015.
  10. P. Vilhan, L. Hudec, "Building Public Key Infrastructure for MANET with Help of B.A.T.M.A.N. Advanced," Modelling Symposium (EMS), 2013 European, Manchester, 20-22 Nov., pp. 566-571, 2013. http://dx.doi.org/10.1109/EMS.2013.94
  11. A.Rekha, P.Anitha, A.S.Subaira, C.Vinothini, "A Survey on Encryption Algorithms for Data Security," IJRET: International Journal of Research in Engineering and Technology, pp.131-134. http://dx.doi.org/10.15623/ijret.2014.0312017
  12. C. E.Loftis, T. X. Chen, J. M Cirella, "Attribute-level encryption of data in public Android databases," (RTI Press publication OP-0016-1309), Research Triangle Park, NC: RTI Press, 2013. http://dx.doi.org/10.3768/rtipress.2013.op.0016.1309
  13. C.L. Chen , W.C.Tsai, "Using a Stored-Value Card to Provide an Added-Value Service of Payment Protocol in VANET," Proceedings of the Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), 2013 Seventh International Conference, Taichung, pp. 660-665, 3-5 July 2013. http://dx.doi.org/10.1109/IMIS.2013.119
  14. E. Paja, F.Dalpiaz, M.Poggianella, P.Roberti, P.Giorgini, "STS-tool: Socio-technical Security Requirements through social commitments," Proceedings of the 20th IEEE International Requirements Engineering Conference (RE), IEEE , pp.331-332, 2012. http://dx.doi.org/10.1109/RE.2012.6345830
  15. M.S.Ware, J.B.Bowles, "Using the Common Criteria to Elicit Security Requirements with Use Cases," Southeast Con, 2006. Proceedings of the IEEE, pp.273-278, March 31 2005-April 2 2005. http://dx.doi.org/10.1109/second.2006.1629363
  16. P. Aho, N. Menz, and T. Raty, "Enhancing generated Java GUI models with valid test data," Proceedings of the 2011 IEEE Conf. on Open Systems (ICOS), Langkawi, Malaysia, pp. 310-315, 25-28 Sep 2011. http://dx.doi.org/10.1109/ICOS.2011.6079253
  17. A. Kull, "Automatic GUI Model Generation: State of the Art," Proceedings of the. 2012 IEEE 23rd Int. Symposium on Software Reliability Engineering Workshops (ISSREW), Dallas, TX, USA, pp. 207-212, 27-30 Nov 2012. http://dx.doi.org/10.1109/ISSREW.2012.23
  18. B.J.Berger, K.Sohr and R.Koschke, "Extracting and Analyzing the Implemented Security Architecture of Business Applications," Proceedings of the 2013 17th European Conference on Software Maintenance and Reengineering, 2013. http://dx.doi.org/10.1109/CSMR.2013.37
  19. N.Yusop, M.Kamalrudin, S.Sidek, "Security Requirements Validation for Mobile Apps: A Systematic Literature Review," Jurnal Teknologi (Science & Engineering), 2015. http://dx.doi.org/10.11113/jt.v77.7017
  20. S.Yahya, M.Kamalrudin, S.Safiah, J.Grundy, "Capturing Security Requirements Using Essential Use Cases (EUCs)," Proceedings of the First Asia Pacific Requirements Engineering Symposium, APRES 2014, New Zealand,April 28-29, pp. 16-30, 2014. http://dx.doi.org/10.1007/978-3-662-43610-3_2