Internal report (Reports)
Modeling Security and Privacy Requirements for Mobile Applications: a Use Case-driven Approach
Mai, Xuan Phu; Göknil, Arda; Shar, Lwin Khin et al.
2017
 

Files


Full Text
TR_Modeling_Security.pdf
Publisher postprint (812.04 kB)
Download

All documents in ORBilu are protected by a user license.

Send to



Details



Abstract :
[en] Defining and addressing security and privacy requirements in mobile apps is a significant challenge due to the high level of transparency regarding users' (private) information. In this paper, we propose, apply, and assess a modeling method that supports the specification of security and privacy requirements of mobile apps in a structured and analyzable form. Our motivation is that, in many contexts including mobile app development, use cases are common practice for the elicitation and analysis of functional requirements and should also be adapted for describing security requirements. We integrate and adapt an existing approach for modeling security and privacy requirements in terms of security threats, their mitigations, and their relations to use cases in a misuse case diagram. We introduce new security-related templates, i.e., a mitigation template and a misuse case template for specifying mitigation schemes and misuse case specifications in a structured and analyzable manner. Natural language processing can then be used to automatically detect and report inconsistencies among artifacts and between the templates and specifications. Since our approach supports stakeholders in precisely specifying and checking security threats, threat scenarios and their mitigations, it is expected to help with decision making and compliance with standards for improving security. We successfully applied our approach to industrial mobile apps and report lessons learned and results from structured interviews with engineers.
Disciplines :
Computer science
Author, co-author :
Mai, Xuan Phu ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Göknil, Arda ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Shar, Lwin Khin ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Briand, Lionel ;  University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Language :
English
Title :
Modeling Security and Privacy Requirements for Mobile Applications: a Use Case-driven Approach
Publication date :
07 July 2017
Publisher :
SnT, University of Luxembourg
ISBN/EAN :
978-2-87971-160-7
Report number :
TR-SNT-2017-3
Focus Area :
Security, Reliability and Trust
Name of the research project :
EDLAH2
Funders :
FNR - Fonds National de la Recherche [LU]
Available on ORBilu :
since 07 July 2017

Statistics


Number of views
401 (30 by Unilu)
Number of downloads
455 (20 by Unilu)

Bibliography


Similar publications



Contact ORBilu