An Automated Approach To Elicit And Validate Security Requirements Of Mobile Application

Yusop, Noorrezam (2018) An Automated Approach To Elicit And Validate Security Requirements Of Mobile Application. Doctoral thesis, UTeM.

[img] Text (24 Pages)
An Automated Approach To Elicit And Validate Security Requirements Of Mobile Application.pdf - Submitted Version

Download (886kB)

Abstract

Mobile phone usage has continued to rise,and it is becoming more convenient for users to use mobile applications for booking hotels,conducting online transaction and online payment.In this case,secured applications are required to increase the confidence among mobile users.In order to achieve correct secure application,a correct security requirements needs to be elicited and defined.Additionally,it is also crucial for security requirements of mobile apps to fulfill basic quality attributes such as correct,consistent and complete (3Cs).However,few problems are found in eliciting security requirements for mobile apps.Firstly, most requirements engineers (RE) are identified to have less knowledge and understanding of security requirements attributes,leading to the failure of implementing the 3Cs of security requirements.Secondly,most of the elicitation and the validation of security requirements are conducted at the later stage of the development and leads to poor quality security requirements implementation which might resulted to project failure.Motivated from these problems,the objectives of this thesis are three-folds; 1) To analyze the security requirements for mobile apps, 2) To propose an approach to elicit and end-to-end validation of security requirement,and 3)To evaluate the efficacy in term of correctness and performance as well as usability of the approach.This thesis proposes a new automated approach to assist the elicitation and validation of security requirements.Here an automated tool support called MobiMEReq is also developed.For this, we have adopted Test Driven Development (TDD) methodology with semi-formalized models:i) Essential Use Cases (EUCs) and ii) Essential User Interface (EUI).We then divided our approach into two parts:1)Elicitation and 2)End-to-end validation security requirements.Further,we have developed pattern libraries to assist on the correct elicitation and validation.They are mobile Security attributes pattern library and mobile security pattern library.Then,we have constructed a new algorithm using fuzzy logic to assist on the prioritization of the test for better performance of validation.Finally,a comprehensive evaluation of the approach,comprising experiments of correctness test and usability test were conducted.Here,we have also evaluated the feedback from the industry experts especially on the usability of the automated approach and tool support.In summary,the findings of the evaluations show that our approach is able to contribute to the body of knowledge of mobile security requirements engineering especially in enhancing the performance and correctness level of security attribute elicitation and its usability for end-to-end elicitation and validation.It is found that the approach able to enhance the correctness level of the elicited security attribute compared to the manual approach,and produce correct generation of test.Then,the results of the usability test by the novice and experts show that the approach is useful in eliciting and validating security requirements at the early stage of application development and is able to ease the elicitation and validation process of security requirements of mobile apps.

Item Type: Thesis (Doctoral)
Uncontrolled Keywords: Mobile computing, Security measures, Mobile communication systems, Security measures, Mobile Application
Subjects: T Technology > T Technology (General)
T Technology > TK Electrical engineering. Electronics Nuclear engineering
Divisions: Library > Tesis > FTMK
Depositing User: Mohd. Nazir Taib
Date Deposited: 04 Sep 2019 03:33
Last Modified: 17 Sep 2020 14:27
URI: http://eprints.utem.edu.my/id/eprint/23354
Statistic Details: View Download Statistic

Actions (login required)

View Item View Item