SECURITY REQUIREMENTS VALIDATION FOR MOBILE APPS: A SYSTEMATIC LITERATURE REVIEW

Noorrezam Yusop; Massila Kamalrudin; Safiah Sidek

doi:10.11113/jt.v77.7017

Authors

Noorrezam Yusop Centre for Advanced Computing Technology(C-ACT), Faculty of Information and Communication Technology, Universiti Teknikal Malaysia Melaka
Massila Kamalrudin Centre for Advanced Computing Technology(C-ACT), Faculty of Information and Communication Technology, Universiti Teknikal Malaysia Melaka
Safiah Sidek Centre for Advanced Computing Technology(C-ACT), Faculty of Information and Communication Technology, Universiti Teknikal Malaysia Melaka

DOI:

https://doi.org/10.11113/jt.v77.7017

Keywords:

Security requirements, security attribute, mobile application and validation

Abstract

Security requirements are important to increase the confidence of mobile users to perform many online transactions, such as banking, booking and payment via mobile devices.Â Objective: This study aims to identify the attributes of security requirements for mobile applications (mobile apps) and the existing tools, techniques and approaches used in security requirements. The gaps and limitations for each approach are also discussed. Method: We conducted a systematic literature review to identify and analyse related literatures on validation of security requirements for mobile apps. We identified 68 studies that provide relevant information on security requirements for mobile apps. Result:Â There were two main findings: (1) the attributes of security requirements that are relevant for mobile apps are authentication, confidentiality, authorization, access controlÂ Â and integrity; (2) Mobile security testing methods for validating security requirements of mobile apps were also identified. Finally, the gaps and limitation of each approach requirements in relation to mobile apps were also discussed. Conclusions: The main challenge of security requirements is to identify the most appropriate security attributes and security testing technique to validate security requirements for mobile apps. As such, requirements engineers should consider the challenges posed by security requirements such as testing when validating and developing security requirements for mobile apps testing technique. Further, correct security requirements for security attributes of security requirements need to be considered at the early stage of development of the mobile apps development.Â

Â

References

SQE Training. Software Quality. 2014. http://www.sqetraining.com/consulting-services/software-quality.

Oracle. 2013. Fushion Middleware Access Management. Oracle Mobile and Social Access Management.

Reuter. M and E.Field. 2012. Tableue for the Enterprise: An overview for IT.

Kitchenham, B. A., E. Mendes, G. H. Travassos. 2007. A Systematic Review of Cross- vs. Within-Company Cost Estimation Studies. IEEE Trans on SE. 33(5): 316-329

Kitchenham, B. A., and S. Charters. 2007. Procedures for Performing Systematic Literature Review in Software Engineering. EBSE Technical Report version 2.3. EBSE-2007.

Dyba. T, T.Dingsoyr, G.Hanssen. 2007. Applying Systematic Reviews To Diverse Study Types: An Experience Report. First International Symposium on Empirical Software Engineering and Measurement (ESEM 2007).

Kitchenham, B. A. 2004. Procedure For Performing Systematic Reviews. Technical Report, Keele University and NICTA.

Mirkovic. J, H. Bryhni, C. M. Ruland. 2011. Secure Solution for Mobile Access to Patientâ€™s Health Care Record, e-Health Networking Applications and Services (Healthcom). 13th IEEE International Conference on 13-15 June 2011, Columbia. MO. 296 â€“ 303.

Sathish Babu. B and P. Venkataram. 2008. A Dynamic Authentication Scheme for Mobile Transactions. International Journal Network Security.

Ranjbar N., M. Abdinejadi. 2012. Authentication and Authorization for Mobile Devices. https://gupea.ub.gu.se/ handle/2077/30043.

Product of the Federal CIO Council. 2013. Mobile Security Reference Architecture v1.0. Mobile Security Reference Architecture.

Noponen. S and K. Karppinen. 2008. Information Security of Remote File Transfers with Mobile Devices. Annual IEEE International Computer Software and Applications Conference.

Souppaya M. and K. Scarfone. 2013. Guidelines for Managing the Security of Mobile Devices in the Enterprise. National Institute of Standards and Technology, NIST SP 800-124 Revision 1, NIST.

Gupta. K. K. and R. Gupta. 2013. Analysis of End-to-End SOA Security Protocols with Mobile Devices. IEEE 14th International Conference on Mobile Data Managemen. 116-170.

Naumenko A., S. Srirama, V. Terziyan and M. Jarke. 2006. Semantic Authorization of Mobile Web Services Semantic Authorization of Mobile Web Services. JTAER / Journal of Theoretical and Applied Electronic Commerce Research. 1(3): 1-15.

Liu. Z, Y. Hu and L. Chi. 2014. Research on Software Security and Compability Test for Mobile Application. 1(3): 140-145.

Capgemini. 2014. Taking Mobile Security to the Next Level. https://www.capgemini.com/resource-file access/resource/pdf/mobile_security_pov_final.pdf.

Gilbert. P and B. Cun. 2011. Vision: Automated Security Validation of Mobile Apps at App Market. Proceedings of the second international workshop on Mobile cloud computing and services. ACM. 21-26.

Amalfitano. D, A. R. Fasolino, P. Tramontana, and N. Federico. 2011. A GUI Crawling-Based Technique For Android Mobile Application Testing. Proceedings of the 2011 IEEE Fourth International Conference on Software Testing, Verification and Validation Workshops, ICSTW â€Ÿ11, IEEE Computer Society (2011). 252â€“261.

Apptwack. 2014. https://appthwack.com/overview.

Veracode. 2011. State Of Software Security Report. The Intractable Problem Insecure Software. 4.

Perfecto Mobile. 2013. http://perfectomobile.com.

Mee. S. 2012. Testing Mobile Web Applications for W3C Best Practice Compliance.