Automated support to capture and validate security requirements for mobile apps

Noorrezam Yusop, Massila Kamalrudin, Safiah Sidek, John Grundy

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearch

5 Citations (Scopus)


Mobile application usage has become widespread and significant as it allows interactions between people and services anywhere and anytime. However, issues related to security have become a major concern among mobile users as insecure applications may lead to security vulnerabilities that make them easily compromised by hackers. Thus, it is important for mobile application developers to validate security requirements of mobile apps at the earliest stage to prevent potential security problems. In this paper, we describe our automated approach and tool, called MobiMEReq that helps to capture and validate the security attributes requirements of mobile apps. We employed the concept of Test Driven Development (TDD) with a model-based testing strategy using Essential Use Cases (EUCs) and Essential User Interface (EUI) models. We also conducted an evaluation to compare the performance and correctness of our tool in various application domains. The results of the study showed that our tool is able to help requirements engineers to easily capture and validate security-related requirements of mobile applications.

Original languageEnglish
Title of host publicationRequirements Engineering Toward Sustainable World
Subtitle of host publicationThird Asia-Pacific Symposium, APRES 2016, Nagoya, Japan, November 10-12, 2016, Proceedings
EditorsSeok-Won Lee, Takako Nakatani
Place of PublicationSingapore
Number of pages16
ISBN (Electronic)9789811032561
ISBN (Print)9789811032554
Publication statusPublished - 2016
Externally publishedYes
EventAsia-Pacific Requirements Engineering Symposium 2016 - Nagoya, Japan
Duration: 10 Nov 201612 Nov 2016
Conference number: 3rd

Publication series

NameCommunications in Computer and Information Science
ISSN (Print)1865-0929
ISSN (Electronic)1865-0937


ConferenceAsia-Pacific Requirements Engineering Symposium 2016
Abbreviated titleAPRES 2016
Internet address


  • EUC
  • EUI
  • Mobile apps
  • Model based testing strategy
  • Security attributes
  • Security requirements
  • Test driven development
  • Validation

Cite this