Browse > Article
http://dx.doi.org/10.14400/JDC.2014.12.8.113

A Study on the Security Checklist Improvements to improve the Security in the Mobile Applications Development  

Shin, Jun-Yuop (Cyber Team of Criminal Investigation Section, Kyonggi Regional Police Agency)
Kim, Dong-Soo (Graduate School of Information and Telecommunications, Konkuk University)
Han, Ki-Jun (Dept. of Computer Engineering, Konkuk University)
Kim, Hee-Wan (Division of Computer Engineering, Shamyook University)
Publication Information
Journal of Digital Convergence / v.12, no.8, 2014 , pp. 113-127 More about this Journal
Abstract
The use of mobile devices offers a variety of services to the individuals and companies. On the other hand, security threats and new mobile security threats that exist in IT infrastructure to build the environment for mobile services are present at the same time. Services such as mobile and vaccine management services, such as MDM (Mobile Device Management) has attracted a great deal of interest in order to minimize the threat of security in mobile environment. These solutions can not protect an application that was developed for the mobile service from the threat of vulnerability of mobile application itself. Under these circumstances, in this paper, we proposed mobile application security checklists based on application security review items in order to prevent security accidents that can occur in a mobile service environment. We collected and analyzed Android applications, we performed a total inspection of the applications for verification of the effectiveness of the check items. And we checked that the check items through a survey of experts suitability was verified.
Keywords
Mobile Services; Security Threats; Application Security; Check Lists;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Google, "Designing for Security", Aug. 2010
2 VERACODE:http://www.veracode.com/directory/m obileapp-top-10,
3 National Information Society Agency, Information System Audit Checks Cookbook V3.0, Seoul: Korea Information Agency, 2009.
4 Dwivedi, Himanshu, Mobile Application Security, New York:McGraw-Hill, 2010.
5 Rilly Hassell, Malicious Intent-Exploiting Android Activities to Escalate Privilege, Privateer Labs Research, May, 2011.
6 D. J. Kwon, Separating logical network, the area expansion with the virtual mobile office, Etnews, May 7, 2014.
7 H. S. Hwang, K. H. Lee, A study on the mobile security model for secure smartwork, Review of Korea Institute of Information Security & Cryptology, Vol. 21, No 3, pp.22-34, 2011.
8 Korea Information Agency, Smart Work Guidebook for a Enterprises, Seoul: The Korea Communications Commission, 2011.
9 Aircube, Smart Mobile Solutions Configuration V4, Seoul: Aircuve, 2011.
10 SK Telecom, Smartphone security threat trends and countermeasures, Seoul: SK Telecom, 2011.
11 Symatec, Internet Security Threat Report, California:IBM, 2011.
12 MITRE: http://cwe.mitre.org/
13 ZDNet Korea, IPhone Hacks fake GSM base station?, Meganews, Jan 20, 2011.
14 ZDNet Korea:http://blog.naver.com/PostView. nhn?blogId=rikajunsu&logNo=20121087032
15 Android Police, "Exclusive: Vulnerability In Skype For Android Is Exposing Your Name, Phone Number, Chat Logs, And A Lot More", Apr. 2011
16 J. Y. Lee, D. S. Kim, H. W. Kim, A design of the information security auditing framework of the information system audit, Korea Society of Digital Industry and Information Management, Vol 6, No 2, pp.233-245, 2010.
17 Korea Internet & Security Agency, Android-JAVA Secure Coding Guide, Seoul: Ministry of Security and Public Administration, 2011.
18 Korea Internet & Security Agency, Mobile App Security Vulnerability Verification Guide, Seoul: Ministry of Security and Public Administration, 2011.
19 Fortify, A Taxonomy of Coding Errors that Affect Security, Fortify Lab, 2011.
20 Korea Information Agency, Information Statistical Compilations 2011, Seoul: Korea Information Agency, 2011.
21 D. K. Seo, KT, mobile office business was resilient, Electronic newspaper, Oct 25, 2010.
22 National Information Society Agency, Information Systems Audit Standards Commentary, Seoul: National Information Society Agency, 2009.