Published 2018
“…Mobile phone usage has continued to rise,and it is becoming more convenient for users to use mobile applications for booking hotels,conducting online transaction and online payment.In this case,secured applications are required to increase the confidence among mobile users.In order to achieve correct secure application,a correct security requirements needs to be
elicited and defined.Additionally,it is also crucial for security requirements of mobile apps to fulfill
basic quality attributes such as correct,consistent and complete (3Cs).However,few problems are found in
eliciting security requirements for mobile apps.Firstly, most requirements engineers (RE) are identified to have less knowledge and understanding of security requirements attributes,leading to the failure of implementing the 3Cs of security requirements.Secondly,most of the
elicitation and the validation of security requirements are conducted at the later stage of the development and leads to poor quality security requirements implementation which might resulted to project failure.Motivated from these problems,the objectives of this thesis are three-folds; 1) To analyze the security requirements for mobile apps, 2) To propose an approach to
elicit and end-to-end validation of security requirement,and 3)To evaluate the efficacy in term of correctness and performance as well as usability of the approach.This thesis proposes a new automated approach to assist the
elicitation and validation of security requirements.Here an automated tool support called MobiMEReq is also developed.For this, we have adopted Test Driven Development (TDD) methodology with semi-formalized models:i) Essential Use Cases (EUCs) and ii) Essential User Interface (EUI).We then divided our approach into two parts:1)
Elicitation and 2)End-to-end validation security requirements.Further,we have developed pattern libraries to assist on the correct
elicitation and validation.They are mobile Security attributes pattern library and mobile security pattern library.Then,we have constructed a new
algorithm using fuzzy logic to assist on the prioritization of the test for better performance of validation.Finally,a comprehensive evaluation of the approach,comprising experiments of correctness test and usability test were conducted.Here,we have also evaluated the feedback from the industry experts especially on the usability of the automated approach and tool support.In summary,the findings of the evaluations show that our approach is able to contribute to the body of knowledge of mobile security requirements engineering especially in enhancing the performance and correctness level of security attribute
elicitation and its usability for end-to-end
elicitation and validation.It is found that the approach able to enhance the correctness level of the
elicited security attribute compared to the manual approach,and produce correct generation of test.Then,the results of the usability test by the novice and experts show that the approach is useful in
eliciting and validating security requirements at the early stage of application development and is able to ease the
elicitation and validation
process of security requirements of mobile apps.…”
Get full text
Get full text
Get full text
Get full text
Thesis
