Published 2018
“…Mobile phone usage has continued to rise,and it is becoming more convenient for users to
use mobile applications for booking hotels,conducting online transaction and online payment.In this case,secured applications are required to increase the confidence among mobile users.In order to achieve correct secure application,a correct security requirements needs to be elicited and defined.Additionally,it is also crucial for security requirements of mobile apps to fulfill basic quality attributes such as correct,consistent and complete (3Cs).However,few problems are found in eliciting security requirements for mobile apps.Firstly, most requirements engineers (RE) are identified to have less knowledge and understanding of security requirements attributes,leading to the failure of implementing the 3Cs of security requirements.Secondly,most of the elicitation and the validation of security requirements are conducted at the later stage of the
development and leads to poor quality security requirements implementation which might resulted to project failure.Motivated from these problems,the objectives of this thesis are three-folds; 1) To analyze the security requirements for mobile apps, 2) To propose an approach to elicit and end-to-end validation of security requirement,and 3)To evaluate the efficacy in term of correctness and performance as well as usability of the approach.This thesis proposes a new automated approach to assist the elicitation and validation of security requirements.Here an automated tool support called MobiMEReq is also
developed.For this, we have adopted Test Driven
Development (TDD) methodology with semi-formalized models:i) Essential
Use Cases (
EUCs) and ii) Essential User Interface (EUI).We then divided our approach into two parts:1)Elicitation and 2)End-to-end validation security requirements.Further,we have
developed pattern libraries to assist on the correct elicitation and validation.They are mobile Security attributes pattern library and mobile security pattern library.Then,we have constructed a new
algorithm using fuzzy logic to assist on the prioritization of the test for better performance of validation.Finally,a comprehensive evaluation of the approach,comprising experiments of correctness test and usability test were conducted.Here,we have also evaluated the feedback from the industry experts especially on the usability of the automated approach and tool support.In summary,the findings of the evaluations show that our approach is able to contribute to the body of knowledge of mobile security requirements engineering especially in enhancing the performance and correctness level of security attribute elicitation and its usability for end-to-end elicitation and validation.It is found that the approach able to enhance the correctness level of the elicited security attribute compared to the manual approach,and produce correct generation of test.Then,the results of the usability test by the novice and experts show that the approach is
useful in eliciting and validating security requirements at the early stage of application
development and is able to ease the elicitation and validation process of security requirements of mobile apps.…”
Get full text
Get full text
Get full text
Thesis
