Reference : Modeling Security and Privacy Requirements for Mobile Applications: a Use Case-driven...
Reports : Internal report
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/31653
Modeling Security and Privacy Requirements for Mobile Applications: a Use Case-driven Approach
English
Mai, Xuan Phu mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Göknil, Arda mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Shar, Lwin Khin mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Briand, Lionel mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
7-Jul-2017
SnT, University of Luxembourg
978-2-87971-160-7
TR-SNT-2017-3
[en] Defining and addressing security and privacy requirements in mobile apps is a significant challenge due to the high level of transparency regarding users' (private) information. In this paper, we propose, apply, and assess a modeling method that supports the specification of security and privacy requirements of mobile apps in a structured and analyzable form. Our motivation is that, in many contexts including mobile app development, use cases are common practice for the elicitation and analysis of functional requirements and should also be adapted for describing security requirements.
We integrate and adapt an existing approach for modeling security and privacy requirements in terms of security threats, their mitigations, and their relations to use cases in a misuse case diagram. We introduce new security-related templates, i.e., a mitigation template and a misuse case template for specifying mitigation schemes and misuse case specifications in a structured and analyzable manner. Natural language processing can then be used to automatically detect and report inconsistencies among artifacts and between the templates and specifications. Since our approach supports stakeholders in precisely specifying and checking security threats, threat scenarios and their mitigations, it is expected to help with decision making and compliance with standards for improving security. We successfully applied our approach to industrial mobile apps and report lessons learned and results from structured interviews with engineers.
Fonds National de la Recherche - FnR
Researchers ; Professionals ; Students ; General public ; Others
http://hdl.handle.net/10993/31653

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
TR_Modeling_Security.pdfPublisher postprint793.01 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.