Browse > Article
http://dx.doi.org/10.22937/IJCSNS.2021.21.5.30

A Proposed Framework for the Automated Authorization Testing of Mobile Applications  

Alghamdi, Ahmed Mohammed (Department of Software Engineering, College of Computer Science and Engineering, University of Jeddah)
Almarhabi, Khalid (Department of Computer Science, College of Computing in Al-Qunfudah, Umm Al-Qura University)
Publication Information
International Journal of Computer Science & Network Security / v.21, no.5, 2021 , pp. 217-221 More about this Journal
Abstract
Recent studies have indicated that mobile markets harbor applications (apps) that are either malicious or vulnerable, compromising millions of devices. Some studies indicate that 96% of companies' employees have used at least one malicious app. Some app stores do not employ security quality attributes regarding authorization, which is the function of specifying access rights to access control resources. However, well-defined access control policies can prevent mobile apps from being malicious. The problem is that those who oversee app market sites lack the mechanisms necessary to assess mobile app security. Because thousands of apps are constantly being added to or updated on mobile app market sites, these security testing mechanisms must be automated. This paper, therefore, introduces a new mechanism for testing mobile app security, using white-box testing in a way that is compatible with Bring Your Own Device (BYOD) working environments. This framework will benefit end-users, organizations that oversee app markets, and employers who implement the BYOD trend.
Keywords
Authorization; BYOD; Mobile Applications; Testing;
Citations & Related Records
연도 인용수 순위
  • Reference
1 B. N. Puspika, B. Hendradjaya, and W. Danar Sunindyo, "Towards an automated test sequence generation for mobile application using colored Petri Net," in 2015 International Conference on Electrical Engineering and Informatics (ICEEI), 2015, pp. 445-449, doi: 10.1109/ICEEI.2015.7352542.   DOI
2 C. Wang, J. Pang, R. Zhao, and X. Liu, "Using API Sequence and Bayes Algorithm to Detect Suspicious Behavior," in 2009 International Conference on Communication Software and Networks, 2009, pp. 544-548, doi: 10.1109/ICCSN.2009.60.   DOI
3 K. Almarhabi, K. Jambi, F. Eassa, and O. Batarfi, "Survey on access control and management issues in cloud and BYOD environment," Int. J. Comput. Sci. Mob. Comput., vol. 6, no. 12, pp. 44-54, 2017.
4 S. Charkaoui, Z. Adraoui, and E. H. Benlahmar, "Cross-platform mobile development approaches," in 2014 Third IEEE International Colloquium in Information Science and Technology (CIST), 2014, pp. 188-191, doi: 10.1109/CIST.2014.7016616.   DOI
5 A. Shabtai, Y. Fledel, U. Kanonov, Y. Elovici, S. Doley et al., "Google Android: A Comprehensive Security Assessment," IEEE Secur. Priv. Mag., vol. 8, no. 2, pp. 35-44, Mar. 2010, doi: 10.1109/MSP.2010.2.   DOI
6 OWASP, "The Open Web Application Security Project (OWASP)," 2020. [Online]. Available: https://owasp.org/about/.
7 OWASP, "OWASP Top Ten," 2020. [Online]. Available: https://owasp.org/www-project-top-ten/.
8 N. Zahadat, P. Blessner, T. Blackburn, and B. A. Olson, "BYOD security engineering: A framework and its analysis," Comput. Secur., vol. 55, pp. 81-99, 2015, doi: 10.1016/j.cose.2015.06.011.   DOI
9 R. Wahbe, S. Lucco, T. E. Anderson, and S. L. Graham, "Efficient software-based fault isolation," in Proceedings of the fourteenth ACM symposium on Operating systems principles - SOSP '93, 1993, pp. 203-216, doi: 10.1145/168619.168635.   DOI
10 N. Serrano, J. Hernantes, and G. Gallardo, "Mobile Web Apps," IEEE Softw., vol. 30, no. 5, pp. 22-27, 2013, doi: 10.1109/MS.2013.111.   DOI
11 M. Finneran, "Mobile security gaps abound," Information Week, 2012.
12 V. Prevelakis and D. Spinellis, "Sandboxing Applications," in Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, 2001, pp. 119-126.
13 Android Developers, "Application Sandbox," Google, 2021. [Online]. Available: https://source.android.com/security/appsandbox?hl=en.
14 R. Mahmood, N. Esfahani, T. Kacem, N. Mirzaei, S. Malek et al., "A whitebox approach for automated security testing of Android applications on the cloud," in 2012 7th International Workshop on Automation of Software Test (AST), 2012, pp. 22-28, doi: 10.1109/IWAST.2012.6228986.   DOI
15 A. B. Garba, J. Armarego, D. Murray, and W. Kenworthy, "Review of the information security and privacy challenges in Bring Your Own Device (BYOD) environments," J. Inf. Priv. Secur., vol. 11, no. 1, pp. 38-54, 2015, doi: 10.1080/15536548.2015.1010985.   DOI
16 K. Almarhabi, K. Jambi, F. Eassa, and O. Batarfi, "An Evaluation of the Proposed Framework for Access Control in the Cloud and BYOD Environment," Int. J. Adv. Comput. Sci. Appl., vol. 18, no. 2, pp. 144-152, 2018, doi: 10.14569/IJACSA.2018.091026.   DOI
17 P. K. Gajar, A. Ghosh, and S. Rai, "BRING YOUR OWN DEVICE (BYOD): SECURITY RISKS AND MITIGATING STRATEGIES," J. Glob. Res. Comput. Sci., vol. 4, no. 4, pp. 62-70, 2013.
18 C. M. Prathibhan, A. Malini, N. Venkatesh, and K. Sundarakantham, "An automated testing framework for testing Android mobile applications in the cloud," in 2014 IEEE International Conference on Advanced Communications, Control and Computing Technologies, 2014, pp. 1216-1219, doi: 10.1109/ICACCCT.2014.7019292.   DOI
19 P. Beaucamps, I. Gnaedig, and J.-Y. Marion, "Behavior Abstraction in Malware Analysis," 2010, pp. 168-182.
20 Q. Do, G. Yang, M. Che, D. Hui, and J. Ridgeway, "Regression Test Selection for Android Applications," in 2016 IEEE/ACM International Conference on Mobile Software Engineering and Systems (MOBILESoft), 2016, pp. 27-28, doi: 10.1109/MobileSoft.2016.023.
21 Android Developers, "Android developer guides," Google, 2021. [Online]. Available: https://developer.android.com/docs.
22 R. S. Sandhu and P. Samarati, "Access control: principle and practice," IEEE Commun. Mag., vol. 32, no. 9, pp. 40-48, Sep. 1994, doi: 10.1109/35.312842.   DOI