Browse > Article
http://dx.doi.org/10.7472/jksii.2016.17.5.25

Meeting Real Challenges in Eliciting Security Attributes for Mobile Application Development  

Yusop, Noorrezam (Faculty of Communication and Information Technology, Universiti Teknikal Malaysia Melaka)
Kamalrudin, Massila (Innovative and Software System and Services Group, Universiti Teknikal Malaysia Melaka)
Yusof, Mokhtar Mohd (Innovative and Software System and Services Group, Universiti Teknikal Malaysia Melaka)
Sidek, Safiah (Innovative and Software System and Services Group, Universiti Teknikal Malaysia Melaka)
Publication Information
Journal of Internet Computing and Services / v.17, no.5, 2016 , pp. 25-32 More about this Journal
Abstract
There has been a rapid growth in the development of mobile application resulting from its wide usage for online transaction, data storage and exchange of information. However, an important issue that has been overlooked is the lack of emphasis on the security issues at the early stage of the development. In fact, security issues have been kept until the later stage of the implementation of mobile apps. Requirements engineers frequently ignore and incorrectly elicit security related requirements at the early stage of mobile application development. This scenario has led to the failure of developing secure and safe mobile application based on the needs of the users. As such, this paper intends to provide further understanding of the real challenges in extracting security attributes for mobile application faced by novice requirements engineers. For this purpose, two experiments on eliciting security attributes requirements of textual requirements scenario were conducted. The performance related to the correctness and time taken to elicit the security attributes were measured and recorded. It was found that the process of eliciting correct security attributes for mobile application requires effort, knowledge and skills. The findings indicate that an automated tool for correct elicitation security attributes requirement could help to overcome the challenges in eliciting security attributes requirements, especially among novice requirements engineers.
Keywords
Security requirement; security attribute; mobile application development;
Citations & Related Records
연도 인용수 순위
  • Reference
1 S.Yahya, M.Kamalrudin, S.Sidek, "The Use of Essential Use Cases (EUCs) to enhance the Process of Capturing Security Requirements for Accurate Secure Software," e-Proceeding of Software Engineering Postgraduates Workshop (SEPoW), pp.21-26, 2013. http://ftmk.utem.edu.my/sepow2013/e-proceeding_SEPoW2013.pdf. Access from September 2015
2 S.Yahya, M.Kamalrudin, S.Sidek, "A Review on Tool Supports for Security Requirements Engineering," Proceedings of the IEEE Conference on Open Systems, Sarawak, Malaysia, 2013. http://dx.doi.org/10.1109/ICOS.2013.6735072   DOI
3 C. B. Haley, R. C. Laney, J. D. Moffett, and B. Nuseibeh, "Security Requirements Engineering: A Framework for Representation and Analysis," IEEE Trans. Software Eng., pp.133-153, 2008. http://dx.doi.org/10.1109/TSE.2007.70754   DOI
4 G.Ian, "Essential software architecture," pp.1-283, 2006. http://dx.doi.org/10.1007/978-3-642-19176-3   DOI
5 K.Ivo, E.George, C. Leslie, G. Leana, M. Nenad, "A comprehensive exploration of challenges in architecturebased reliability estimation," Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)," Vol 202-227, 2009. http://dx.doi.org/10.1007/978-3-642-10248-6_9   DOI
6 I. Kashmala, "Analytical Survey for Assuring and Maintaining Quality of Mobile Applications," Vol 2, pp. 336-345, 2015. www.ijccse.com/april15/RP_0415_5872.pdf. Access from September 2015.
7 N. Nan, "Extractive Product Line Requirement," 2009. http://dx.doi.org/10.1109/RE.2008.49   DOI
8 N. Ranjbar, M. Abdinejadi, "Authentication and Authorization for Mobile Devices," 2012. http://hdl.handle.net/2077/30043
9 "User Authentication in Mobile Access," https://sc1.checkpoint.com/documents/R77/CP_R77_Mobile_Access_WebAdmin/41587.htm, Accessed from September 2015.
10 P. Vilhan, L. Hudec, "Building Public Key Infrastructure for MANET with Help of B.A.T.M.A.N. Advanced," Modelling Symposium (EMS), 2013 European, Manchester, 20-22 Nov., pp. 566-571, 2013. http://dx.doi.org/10.1109/EMS.2013.94   DOI
11 A.Rekha, P.Anitha, A.S.Subaira, C.Vinothini, "A Survey on Encryption Algorithms for Data Security," IJRET: International Journal of Research in Engineering and Technology, pp.131-134. http://dx.doi.org/10.15623/ijret.2014.0312017   DOI
12 A. Kull, "Automatic GUI Model Generation: State of the Art," Proceedings of the. 2012 IEEE 23rd Int. Symposium on Software Reliability Engineering Workshops (ISSREW), Dallas, TX, USA, pp. 207-212, 27-30 Nov 2012. http://dx.doi.org/10.1109/ISSREW.2012.23   DOI
13 N.Yusop, M.Kamalrudin, S.Sidek, "Security Requirements Validation for Mobile Apps: A Systematic Literature Review," Jurnal Teknologi (Science & Engineering), 2015. http://dx.doi.org/10.11113/jt.v77.7017   DOI
14 S.Yahya, M.Kamalrudin, S.Safiah, J.Grundy, "Capturing Security Requirements Using Essential Use Cases (EUCs)," Proceedings of the First Asia Pacific Requirements Engineering Symposium, APRES 2014, New Zealand,April 28-29, pp. 16-30, 2014. http://dx.doi.org/10.1007/978-3-662-43610-3_2   DOI
15 C. E.Loftis, T. X. Chen, J. M Cirella, "Attribute-level encryption of data in public Android databases," (RTI Press publication OP-0016-1309), Research Triangle Park, NC: RTI Press, 2013. http://dx.doi.org/10.3768/rtipress.2013.op.0016.1309   DOI
16 C.L. Chen , W.C.Tsai, "Using a Stored-Value Card to Provide an Added-Value Service of Payment Protocol in VANET," Proceedings of the Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS), 2013 Seventh International Conference, Taichung, pp. 660-665, 3-5 July 2013. http://dx.doi.org/10.1109/IMIS.2013.119   DOI
17 E. Paja, F.Dalpiaz, M.Poggianella, P.Roberti, P.Giorgini, "STS-tool: Socio-technical Security Requirements through social commitments," Proceedings of the 20th IEEE International Requirements Engineering Conference (RE), IEEE , pp.331-332, 2012. http://dx.doi.org/10.1109/RE.2012.6345830   DOI
18 M.S.Ware, J.B.Bowles, "Using the Common Criteria to Elicit Security Requirements with Use Cases," Southeast Con, 2006. Proceedings of the IEEE, pp.273-278, March 31 2005-April 2 2005. http://dx.doi.org/10.1109/second.2006.1629363   DOI
19 P. Aho, N. Menz, and T. Raty, "Enhancing generated Java GUI models with valid test data," Proceedings of the 2011 IEEE Conf. on Open Systems (ICOS), Langkawi, Malaysia, pp. 310-315, 25-28 Sep 2011. http://dx.doi.org/10.1109/ICOS.2011.6079253   DOI
20 B.J.Berger, K.Sohr and R.Koschke, "Extracting and Analyzing the Implemented Security Architecture of Business Applications," Proceedings of the 2013 17th European Conference on Software Maintenance and Reengineering, 2013. http://dx.doi.org/10.1109/CSMR.2013.37   DOI