Automated support to capture and validate security requirements for mobile apps

Noorrezam Yusop, Massila Kamalrudin, Safiah Sidek, John Grundy

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearch

5 Citations (Scopus)

Abstract

Mobile application usage has become widespread and significant as it allows interactions between people and services anywhere and anytime. However, issues related to security have become a major concern among mobile users as insecure applications may lead to security vulnerabilities that make them easily compromised by hackers. Thus, it is important for mobile application developers to validate security requirements of mobile apps at the earliest stage to prevent potential security problems. In this paper, we describe our automated approach and tool, called MobiMEReq that helps to capture and validate the security attributes requirements of mobile apps. We employed the concept of Test Driven Development (TDD) with a model-based testing strategy using Essential Use Cases (EUCs) and Essential User Interface (EUI) models. We also conducted an evaluation to compare the performance and correctness of our tool in various application domains. The results of the study showed that our tool is able to help requirements engineers to easily capture and validate security-related requirements of mobile applications.

Original languageEnglish
Title of host publicationRequirements Engineering Toward Sustainable World
Subtitle of host publicationThird Asia-Pacific Symposium, APRES 2016, Nagoya, Japan, November 10-12, 2016, Proceedings
EditorsSeok-Won Lee, Takako Nakatani
Place of PublicationSingapore
PublisherSpringer
Pages97-112
Number of pages16
ISBN (Electronic)9789811032561
ISBN (Print)9789811032554
DOIs
Publication statusPublished - 2016
Externally publishedYes
EventAsia-Pacific Requirements Engineering Symposium 2016 - Nagoya, Japan
Duration: 10 Nov 201612 Nov 2016
Conference number: 3rd
http://www.apres2016.org/

Publication series

NameCommunications in Computer and Information Science
PublisherSpringer
Volume671
ISSN (Print)1865-0929
ISSN (Electronic)1865-0937

Conference

ConferenceAsia-Pacific Requirements Engineering Symposium 2016
Abbreviated titleAPRES 2016
Country/TerritoryJapan
CityNagoya
Period10/11/1612/11/16
Internet address

Keywords

  • EUC
  • EUI
  • Mobile apps
  • Model based testing strategy
  • Security attributes
  • Security requirements
  • Test driven development
  • Validation

Cite this