An Automated Approach To Elicit And Validate Security Requirements Of Mobile Application

An Automated Approach To Elicit And Validate Security Requirements Of Mobile Application

Mobile phone usage has continued to rise,and it is becoming more convenient for users to use mobile applications for booking hotels,conducting online transaction and online payment.In this case,secured applications are required to increase the confidence among mobile users.In order to achieve correc...

Full description

Saved in:
Bibliographic Details
Main Author: Yusop, Noorrezam
Format: Thesis
Language:English
English
Published: 2018
Subjects:
T Technology (General)
Online Access:http://eprints.utem.edu.my/id/eprint/23354/1/An%20Automated%20Approach%20To%20Elicit%20And%20Validate%20Security%20Requirements%20Of%20Mobile%20Application.pdf
http://eprints.utem.edu.my/id/eprint/23354/2/An%20Automated%20Approach%20To%20Elicit%20And%20Validate%20Security%20Requirements%20Of%20Mobile%20Application.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
id my-utem-ep.23354
record_format uketd_dc
institution Universiti Teknikal Malaysia Melaka
collection UTeM Repository
language English
English
topic T Technology (General)
T Technology (General)
spellingShingle T Technology (General)
T Technology (General)
Yusop, Noorrezam
An Automated Approach To Elicit And Validate Security Requirements Of Mobile Application
description Mobile phone usage has continued to rise,and it is becoming more convenient for users to use mobile applications for booking hotels,conducting online transaction and online payment.In this case,secured applications are required to increase the confidence among mobile users.In order to achieve correct secure application,a correct security requirements needs to be elicited and defined.Additionally,it is also crucial for security requirements of mobile apps to fulfill basic quality attributes such as correct,consistent and complete (3Cs).However,few problems are found in eliciting security requirements for mobile apps.Firstly, most requirements engineers (RE) are identified to have less knowledge and understanding of security requirements attributes,leading to the failure of implementing the 3Cs of security requirements.Secondly,most of the elicitation and the validation of security requirements are conducted at the later stage of the development and leads to poor quality security requirements implementation which might resulted to project failure.Motivated from these problems,the objectives of this thesis are three-folds; 1) To analyze the security requirements for mobile apps, 2) To propose an approach to elicit and end-to-end validation of security requirement,and 3)To evaluate the efficacy in term of correctness and performance as well as usability of the approach.This thesis proposes a new automated approach to assist the elicitation and validation of security requirements.Here an automated tool support called MobiMEReq is also developed.For this, we have adopted Test Driven Development (TDD) methodology with semi-formalized models:i) Essential Use Cases (EUCs) and ii) Essential User Interface (EUI).We then divided our approach into two parts:1)Elicitation and 2)End-to-end validation security requirements.Further,we have developed pattern libraries to assist on the correct elicitation and validation.They are mobile Security attributes pattern library and mobile security pattern library.Then,we have constructed a new algorithm using fuzzy logic to assist on the prioritization of the test for better performance of validation.Finally,a comprehensive evaluation of the approach,comprising experiments of correctness test and usability test were conducted.Here,we have also evaluated the feedback from the industry experts especially on the usability of the automated approach and tool support.In summary,the findings of the evaluations show that our approach is able to contribute to the body of knowledge of mobile security requirements engineering especially in enhancing the performance and correctness level of security attribute elicitation and its usability for end-to-end elicitation and validation.It is found that the approach able to enhance the correctness level of the elicited security attribute compared to the manual approach,and produce correct generation of test.Then,the results of the usability test by the novice and experts show that the approach is useful in eliciting and validating security requirements at the early stage of application development and is able to ease the elicitation and validation process of security requirements of mobile apps.
format Thesis
qualification_name Doctor of Philosophy (PhD.)
qualification_level Doctorate
author Yusop, Noorrezam
author_facet Yusop, Noorrezam
author_sort Yusop, Noorrezam
title An Automated Approach To Elicit And Validate Security Requirements Of Mobile Application
title_short An Automated Approach To Elicit And Validate Security Requirements Of Mobile Application
title_full An Automated Approach To Elicit And Validate Security Requirements Of Mobile Application
title_fullStr An Automated Approach To Elicit And Validate Security Requirements Of Mobile Application
title_full_unstemmed An Automated Approach To Elicit And Validate Security Requirements Of Mobile Application
title_sort automated approach to elicit and validate security requirements of mobile application
granting_institution UTeM
granting_department Faculty Of Information And Communication Technology
publishDate 2018
url http://eprints.utem.edu.my/id/eprint/23354/1/An%20Automated%20Approach%20To%20Elicit%20And%20Validate%20Security%20Requirements%20Of%20Mobile%20Application.pdf
http://eprints.utem.edu.my/id/eprint/23354/2/An%20Automated%20Approach%20To%20Elicit%20And%20Validate%20Security%20Requirements%20Of%20Mobile%20Application.pdf
_version_ 1747834042631323648
spelling my-utem-ep.233542022-02-04T08:08:42Z An Automated Approach To Elicit And Validate Security Requirements Of Mobile Application 2018 Yusop, Noorrezam T Technology (General) TK Electrical engineering. Electronics Nuclear engineering Mobile phone usage has continued to rise,and it is becoming more convenient for users to use mobile applications for booking hotels,conducting online transaction and online payment.In this case,secured applications are required to increase the confidence among mobile users.In order to achieve correct secure application,a correct security requirements needs to be elicited and defined.Additionally,it is also crucial for security requirements of mobile apps to fulfill basic quality attributes such as correct,consistent and complete (3Cs).However,few problems are found in eliciting security requirements for mobile apps.Firstly, most requirements engineers (RE) are identified to have less knowledge and understanding of security requirements attributes,leading to the failure of implementing the 3Cs of security requirements.Secondly,most of the elicitation and the validation of security requirements are conducted at the later stage of the development and leads to poor quality security requirements implementation which might resulted to project failure.Motivated from these problems,the objectives of this thesis are three-folds; 1) To analyze the security requirements for mobile apps, 2) To propose an approach to elicit and end-to-end validation of security requirement,and 3)To evaluate the efficacy in term of correctness and performance as well as usability of the approach.This thesis proposes a new automated approach to assist the elicitation and validation of security requirements.Here an automated tool support called MobiMEReq is also developed.For this, we have adopted Test Driven Development (TDD) methodology with semi-formalized models:i) Essential Use Cases (EUCs) and ii) Essential User Interface (EUI).We then divided our approach into two parts:1)Elicitation and 2)End-to-end validation security requirements.Further,we have developed pattern libraries to assist on the correct elicitation and validation.They are mobile Security attributes pattern library and mobile security pattern library.Then,we have constructed a new algorithm using fuzzy logic to assist on the prioritization of the test for better performance of validation.Finally,a comprehensive evaluation of the approach,comprising experiments of correctness test and usability test were conducted.Here,we have also evaluated the feedback from the industry experts especially on the usability of the automated approach and tool support.In summary,the findings of the evaluations show that our approach is able to contribute to the body of knowledge of mobile security requirements engineering especially in enhancing the performance and correctness level of security attribute elicitation and its usability for end-to-end elicitation and validation.It is found that the approach able to enhance the correctness level of the elicited security attribute compared to the manual approach,and produce correct generation of test.Then,the results of the usability test by the novice and experts show that the approach is useful in eliciting and validating security requirements at the early stage of application development and is able to ease the elicitation and validation process of security requirements of mobile apps. 2018 Thesis http://eprints.utem.edu.my/id/eprint/23354/ http://eprints.utem.edu.my/id/eprint/23354/1/An%20Automated%20Approach%20To%20Elicit%20And%20Validate%20Security%20Requirements%20Of%20Mobile%20Application.pdf text en public http://eprints.utem.edu.my/id/eprint/23354/2/An%20Automated%20Approach%20To%20Elicit%20And%20Validate%20Security%20Requirements%20Of%20Mobile%20Application.pdf text en validuser https://plh.utem.edu.my/cgi-bin/koha/opac-detail.pl?biblionumber=113283 phd doctoral UTeM Faculty Of Information And Communication Technology 1. Acharya, S. and George, C., 2005. Domain Consistency in Requirements Specification. In: Proceedings of the Fifth International Conference on Quality Software (QSIC’05). Melbourne, Victoria, Australia, Australia: IEEE, Computer Society, pp.231–238. 2. Afridi, A.H. and Gul, S., 2008. Method Assisted Requirements Elicitation for Context Aware Computing for the Field Force. In: Proceedings of the International MultiConference of Engineers and Computer Scientists 2008. Hong Kong, pp.19–21. 3. Agarwal, R. and R.Tanniru, M., 2015. Knowledge acquisition using structured interviewing: an empirical investigation. Journal of Management Information Systems, 7 (1), pp.123–140. 4. Ahmed, N. and Matuleviˇ, R., 2014. A Method for Eliciting Security Requirements from the Business Process Models. In: CAiSE Forum, CEUR Workshop Proceedings. pp.57– 64. 5. Aho, P. and Räty, T., 2011. Enhancing Generated Java GUI Models with Valid Test Data. In: 2011 IEEE Conference on Open Systems (ICOS2011), September 25-28 2011, Langkawi , Malaysia. pp.310–315. 6. Amalfitano, D., Fasolino, A.R., Tramontana, P., and Federico, N., 2012. A GUI Crawlingbased technique for Android Mobile Application Testing. In: 2011 IEEE Fourth International Conference on Software Testing, Verification and Validation Workshops203 (ICSTW). Berlin, Germany: IEEE. 7. Ambler, S.W., 2003. Essential (Low Fidelity) User Interface Prototypes [online]. Available at: http://www.agilemodeling.com/artifacts/essentialUI.htm. Ambler, S.W., 2004. The Object Primer: Agile Model-Driven Development with UML 2.0 (3rd ed.). 8. Andreou, A.S., Panayidou, D., Andreou, P., and Pitsillides, A., 2005. Preserving Quality in the Development of Mobile Commerce Services and Applications. In: ACIT Software Engineering, Novosibirsk, Russia. Novosibirsk, Russia, pp.11–16. 9. Applause, 2012. Applause [online]. Available at: https://www.applause.com/ [Accessed 20 Apr 2014]. 10. AppThwack, 2012. AppThwack [online]. Available at: https://appthwack.com/ [Accessed 22 Apr 2014]. 11. Armando, A., Costa, G., Verderame, L., and Merio, A., 2014. Securing the ‘Bring Your Own Device’ Paradigm. IEEE Computer Society. 12. Avancini, A., Ceccato, M., and Kessler, F.B., 2013. Security Testing of the Communication among Android Applications. In: AST ’13 Proceedings of the 8th International Workshop on Automation of Software Test. San Francisco, California — May 18 - 19, 2013: IEEE Press Piscataway, NJ, USA, pp.57–63.204 13. Badhera, U. and Biswas, D., 2003. Test Case Prioritization Using Fuzzy Logic Based On Requirement Prioritizing. International Journal on Computational Sciences & Applications (IJCSA), 3 (2), pp.23–29. 14. Bahill, A.T., Bahill, A.T., and Henderson, S.J., 2005. Requirements Development, Verification, and Validation Exhibited in Famous Failures. Systems Engineering, 8 (January), pp.1–14. 15. Barbara Kitchenham, S.C., 2007. Guidelines for performing Systematic Literature Reviews in Software Engineering. Technical report, EBSE Technical Report EBSE-2007-01. 16. Berry, D.M. and Kamsties, E., 2005a. in Specifications. The Syntactically Dangerous All and Plural in Specification. IEEE software, 22 (February), pp.55–57. 17. Berry, D.M. and Kamsties, E., 2005b. The Syntactically Dangerous All and Plural in Specifications. IEEE software, 22(1), (February), pp.55–57. 18. Bhasin, H., Gupta, S., and Kathuria, M., 2013. Regression Testing Using Fuzzy Logic. International Journal of Computer Science and Information Technologies, 4 (2), pp.378– 380. 19. Biddle, R., Noble, J., and Tempero, E., 2002. Essential Use Cases and Responsibility in Object-Oriented Development. ACSC ’02 Proceedings of the twenty-fifth Australasian conference on Computer science, 3 (1), pp.7–16. 20. Bo, J., Xiang, L., and Xiaopeng, G., 2007. MobileTest : A Tool Supporting Automatic Black Box Test for Software on Smart Mobile Devices. In: Second International Workshop on Automation of Software Test (AST’07). pp.0–6. 21. Capgemini, 2012. Mobile Testing : A Comprehensive Approach. Mobile Testing. 22. Chantree, F. and Hall, W., 2005. Using a Distributional Thesaurus to Resolve Coordination Ambiguities. Technical Report N0 2005/0. 23. Chaudhary, N., Sangwan, O.P., and Singh, Y., 2012. Test Case PrioritizationUsing Fuzzy Logic for GUI based Software. International Journal of Advanced Computer Science and Applications, 3 (12), pp.222–227. 24. Chen, C.. and Tsai, W.., 2013. Using a Stored-Value Card to Provide an Added-Value Service of Payment Protocol in VANET. In: Proceeding of the Innovative Mobile and Internet Services in Ubiquitous Computing (IMIS),2013 Seventh International Conference, 3-5 July 2013, Taichun. pp.660–665. 25. Chen, X., 2010. Extraction and visualization of traceability relationships between documents and source code. In: ASE ’10 Proceedings of the IEEE/ACM international conference on Automated software engineering. Antwerp, Belgium: ACM New York, pp.505–510. 26. Constantine, L.L. and Lockwood, L.A.D., 1999a. Software for use: a practical guide to the models and methods of usage-centered design. ACM Press/Addison-Wesley Publishing Co. New York, NY, USA.206 27. Constantine, L.L. and Lockwood, L.A.D., 1999b. Software for use: a practical guide to the models and methods of usage-centered design. Pearson Education (1999). 28. Constantine, L.L. and Lockwood, L.A.D., 2003. Usage-Centered Software Engineering : An Agile Approach to Integrating Users , User Interfaces , and Usability into Software Engineering Practice 2 . Agile Methods and Usability. In: 25th International Conference on Software Engineering, Portland, Oregon, 2003. pp.746–747. 29. Council, F.C.I.O. and Security, H., 2013. Mobile Security Reference Architecture [online]. Available at: https://s3.amazonaws.com/sitesusa/wpcontent/uploads/sites/1151/2016/10/Mobile-Security-Reference-Architecture.pdf [Accessed 1 Nov 2016]. 30. Crawford, I.., 1997. Marketing Research and Information Systems. Food and Agriculture Organizations. 31. Davis, A., Overmyer, S., Jordan, K., Caruso, J., Dandashi, F., Dinh, A., Kincaid, G., Ledeboer, G., Reynolds, P., and Ta, A., 1993. Identifying and Measuring Quality in a Software Requirements Specification. 32. Daw, Z. and Vetter, M., 2009. Deterministic UML Models for Interconnected Activities and State Machines. In: Model Driven Engineering Languages and Systems , Lecture Notes in Computer Science, vol 5795. Springer, Berlin, Heidelberg, pp.556–570. 33. Delange, J., Pautet, L., and Feiler, P.H., 2009. Validating Safety and Security207 Requirements for Partitioned Architectures. In: F. Kordo and Y. Kermarrec, eds. Reliable Software Technologies – Ada-Europe 2009. Springer, Berlin, Heidelberg, pp.30–43. 34. Denger, C., Berry, D.M., Kaiserslautern, D.-, and Kamsties, E., 2003. Higher Quality Requirements Specifications through Natural Language Patterns. In: Proc. IEEE International Conference on Software-Science, Technology & Engineering, IEEE Computer Society. pp.80. 35. Dezfouli, F.N., Deghantanha, A., Mahmood, R., Sani, N.M., and Shamsuddin, S., 2013. A data-centric model for smartphone security. IJACT, 5 (9), pp.9–17. 36. Do, H., Rothermel, G., and Kinneer, A., 2004. Empirical Studies of Test Case Prioritization in a JUnit Testing Environment. 15th International Symposium on Software Reliability Engineering, ISSRE 2004, pp.113–124. 37. Dye, S.M. and Scarfone, K., 2014. Computer Standards & Interfaces A standard for developing secure mobile applications. Computer Standards & Interfaces, 36 (3), pp.524– 530. 38. Egyed, A. and Grunbacher, P., 2010. Supporting software understanding with automated requirements traceability. International Journal of Software Engineering and Knowledge Engineering, 15, pp.783–810. 39. El-hadary, H. and El-kassas, S., 2014. Capturing security requirements for software systems. Journal of Advanced Research, 5 (4), pp.463–472.208 40. Enck, W., Ongtang, M., and Mcdaniel, P., 2009. On Lightweight Mobile Phone Application Certification ∗ † Categories and Subject Descriptors. In: CCS’09, November 9–13, 2009, Chicago, Illinois, USA. 41. Eriksson, U., 2012. ReQTest: How to Develop a Template for Test Cases [online]. Available at: http://reqtest.com/tutorials/how-to-develop-a-template-for-test-cases [Accessed 10 May 2016]. 42. Evans, G., 2015. Getting from use cases to code, Part 1: Use-Case Analysis [online]. Available at: http://www.ibm.com/developerworks/rational/library/5383.html [Accessed 20 Jun 2015]. 43. Foddy, W., 1993. Constructing questions for interviews and questionnaires. Cambridge University Press. 44. Fogelström, N.D. and Gorschek, T., 2007. Test-case Driven versus Checklist-based Inspections of Software Requirements – An Experimental Evaluation. In: In: Proc. of 10th Workshop on Requirements Engineering (WER’07). 45. Forne´, J., Hinarejos, F., Almena, F., Montenegro, J.A., Lacoste, M., and Dı, D., 2010. Pervasive authentication and authorization infrastructures for mobile users. Computers & Security, 29, pp.501–514. 46. Fraser, M.D., Kumar, K., Vaishnavi, V.K., and Member, S., 1991. Informal and Formal Requirements Specification Languages : Bridging the Gap. IEEE Trans. Softw. Eng, 17209 (5), pp.454–466. 47. Gilbert, P., Cox, L.P., Chun, B.-G., and Jung, J., 2011. Vision : Automated Security Validation of Mobile Apps at App Markets. In: MCS’11, June 28, 2011, Bethesda, Maryland, USA. 48. Giovanni, P. Di, Romano, M., and Ginige, T., 2012. User Centered Scenario Based Approach for Developing Mobile Interfaces for Social Life Networks. In: 2012 First International Workshop on Usability and Accessibility Focused Requirements Engineering (UsARE). Zurich, Switzerland: IEEE, pp.18–24. 49. Grover, J., 2013. Android forensics : Automated Data Collection and Reporting from a Mobile Device. Rochester Institute of Technology. 50. Haley, C.B., Laney, R., and Moffett, J.D., 2008. Security Requirements Engineering : A Framework for Representation and Analysis. IEEE Transactions on Software Engineering, 34 (1), pp.133–153. 51. Hargassner, W., Hofer, T., Klammer, C., and Pichler, J., 2008. A Script-Based Testbed for Mobile Software Frameworks. In: 2008 International Conference on Software Testing, Verification, and Validation. pp.448–457. 52. Heitmeyer, C.L., Jeffords, R.D., and Labaw, B.G., 1996. Automated consistency checking of requirements specifications. ACM Transactions on Software Engineering and Methodology (TOSEM), 5 (3), pp.231–261.210 53. Hickey, A.M. and Davis, A.M., 2003. Elicitation Technique Selection : How Do Experts Do It ? In: Proceedings of the 11th IEEE International Requirements Engineering Conference. IEE. 54. Hosey, J., Drive, S.T., Gamble, R., and Drive, S.T., 2010. Extracting Security Control Requirements. In: CIISRW ‘10,April 21–23, 2010, Oak Ridge, TN, USA. pp.1–4. 55. Hu, C. and Neamtiu, I., 2011. Automating GUI Testing for Android Applications. In: AST 56. 11, May 23-24, 2011, Waikiki, Honolulu, HI, USA. 57. Huang, Y., Peng, K., and Huang, C., 2012. The Journal of Systems and Software A historybased cost-cognizant test case prioritization technique in regression testing. The Journal of Systems & Software, 85 (3), pp.626–637. 58. Ian Gorton, 2006. Essential Software Architecture. Springer Berlin Heidelberg. 59. IBM Terminology, 2016. IBM Terminology [online]. Available at: https://www- 03.ibm.com/ibm/history/reference/glossary_d.html [Accessed 2 May 2016]. 60. Jaalinoja, J. and Oivo, M., 2004. Software Requirements Implementation and Management, (1), pp.1–9. 61. Jackson, M., 2001. Analyzing and structuring software development problems. Longman Publishing Co., Inc. Boston, MA, USA. 62. Jafrin, S., Nandi, D., and Mahmood, S., 2016. Test Case Prioritization based on Fault211 Dependency. International Journal of Computer Science, 4 (April), pp.33–45. 63. Jha, A.K., 2007. A Risk Catalog for Mobile Applications. Florida Institute of Technology. 64. Jing, Y., Ahn, G., Zhao, Z., and Hu, H., 2014. RiskMon : Continuous and Automated Risk Assessment of Mobile Applications. In: CODASPY ’14 Proceedings of the 4th ACM conference on Data and application security and privacy,San Antonio, Texas, USA. San Antonio, Texas, USA: ACM New York, NY, USA, pp.99–110. 65. Kamalrudin, M., 2009. Automated Software Tool Support for Checking the Inconsistency of Requirements. In: Proceeding of the 24th IEEE/ACM International Conference on Automated Software Engineering. IEEE, Computer Society, pp.693–697. 66. Kamalrudin, M., Aiza, M.N., Grundy, J., Hosking, J., and Robinson, M., 2014. Automatic Acceptance Test Case Generation From Essential Use Cases. In: 13th International Conference on Intelligent Software Methodologies, Tools and Techniques (SOMET), Langkawi, Malaysia, September 22-24, 2014. 67. Kamalrudin, M. and Grundy, J., 2011. Generating Essential User Interface Prototypes to Validate Requirements. In: 2011 26th IEEE/ACM International Conference on Automated Software Engineering (ASE). Lawrence, KS, USA: IEEE, pp.564–567. 68. Kamalrudin, M., Grundy, J., and Hosking, J., 2010a. Tool Support for Essential Use Cases to Better Capture Software Requirements. In: Proceeding of the of IEEE/ACM international conference on Automated software engineering. pp.327–336.212 69. Kamalrudin, M., Grundy, J., and Hosking, J., 2010b. Managing consistency between textual requirements, abstract interactions and essential use cases. Proceedings - International Computer Software and Applications Conference, pp.327–336. 70. Kamalrudin, M., Grundy, J., and Hosking, J., 2011. Automated Support for Consistency Management and Validation of Requirements. The University of Auckland. 71. Kashmala, I., 2015. Analytical Survey for Assuring and Maintaining Quality of Mobile Applications,. International Journal of Computer and Communication System Engineering (IJCCSE), 2 (2), pp.336–345. 72. Kendall, K.E. and Kendall, J.E., 2010. Systems Analysis and Design. Prentice Hall Press Upper Saddle River, NJ, USA ©2010. 73. Kitchenham, B., 2004. Procedures for Performing Systematic Reviews. Keele, UK, Keele University, 33 (2004), pp.1–26. 74. Kobashi, T., 2013. Validating Security Design Pattern Applications Using Model Testing. In: 2013 Eighth International Conference on Availability, Reliability and Security (ARES), Regensburg, Germany,2-6 Sept. 2013. IEEE. 75. Kokash, N., 2005. An introduction to heuristic algorithms. University of Trento, Italy. 76. Kotonya, G. and Sommerville, I., 1998. Requirements engineering: processes and techniques. Wiley Publishing.213 77. Krishnan, P. and Zeiser, A., 2011. Applying Security Assurance Techniques to a Mobile Phone Application : An Initial Approach. In: 2011 Fourth International Conference on Software Testing, Verification and Validation Workshops. 78. Krka, I., Edwards, G., Cheung, L., Golubchik, L., and Medvidovic, N., 2009. A Comprehensive Exploration of Challenges in Architecture-Based Reliability Estimation. In: Architecting Dependable Systems VI: Part of the Lecture Notes in Computer Science book series (LNCS, volume 5835). Springer, pp.202–227. 79. Kull, A., 2012. Automatic GUI Model Generation : State of the Art. In: 2012 IEEE 23rd International Symposium on Software Reliability Engineering Workshops Automatic. IEEE Computer Society. 80. Kumar, V., Sujata, and Kumar, M., 2010. Test Case Prioritization Using Fault Severity. International Journal of Computer Science and Technology, 8491, pp.67–71. 81. Lamsweerde, A. Van, 2000. Formal Specification : a Roadmap. In: ICSE ’00 Proceedings of the Conference on The Future of Software Engineering. ACM New York, NY, USA. 82. Lee, H. and Won, D., 2013. Security Requirement of Mobile Application Based Mobile Payment System. In: The 2nd International Conference on Information Science for Industry. pp.312–316. 83. Li, A., Qin, Z., Chen, M., and Liu, J., 2014. ADAutomation : An Activity Diagram Based Automated GUI Testing Framework for Smartphone Applications. In: 2014 Eighth214 International Conference on Software Security and Reliability ADAutomation: IEEE Computer Society, pp.68–77. 84. Liu, S., 1999. Verifying Consistency and Validity of Formal Specifications by Testing. In: FM ’99 Proceedings of the Wold Congress on Formal Methods in the Development of Computing Systems-Volume I. pp.896–914. 85. Liu, Z., 2014. Research on Software Security and Compatibility Test for Mobile Application. In: Innovative Computing 2014 Fourth International Conference on Technology (INTECH). Luton, UK: IEEE, pp.140–145. 86. Loftis, C.., Chen, T.., and Cirella, J.M., 2013. Attribute-level encryption of data in public Android databases. (RTI Press publication OP-0016-1309, Research Triangle Park, NC: RTI Press. 87. Maiden, N.A.M. and Sutcliffe, A., 1993. Bridging the Requirements Gap: Policies, Goals and Domains A.G. In: Proc. Seventh International Workshop on Software Specification and Design 1993. pp.62–65. 88. Marchewka, J.T., 2014. Information Technology Project Management. Fifth Edit. WILEY. 89. Mathur, A.P., 2008. Foundations of Software Testing. Pearson Education in South Asia. 90. Mead, N.R. and Stehney, T., 2005. Security quality requirements engineering (SQUARE) methodology. ACM SIGSOFT Software Engineering Notes, 30 (4), pp.1.215 91. Mirkovic, J., Bryhni, H., and Ruland, C.M., 2011. Secure Solution for Mobile Access to Patient ’ s Health Care Record. In: 2011 13th IEEE International Conference on e-Health Networking Applications and Services (Healthcom). Columbia, USA: IEEE, pp.296–303. 92. Moffett, J.D., Haley, C.B., Nuseibeh, B., and Computing, D.O., 2004. Core Security Requirements Artefacts. Technical Report, (2004/23). 93. Mouratidis, H., 2007. Secure information systems engineering : a manifesto Haralambos 94. Mouratidis. Int. J. Electronic Security and Digital Forensics, 1 (1), pp.27–41. 95. Muthusamy, T. and K, S., 2014. A New Effective Test Case Prioritization for Regression 96. Testingbased on Prioritization Algorithm. International Journal of Applied Information Systems, 4 (7), pp.21–26. 97. Nagowah, L. and Sowamber, G., 2012. A novel approach of automation testing on mobile devices, Computer & Information Science (ICCIS), 2012 International Conference on. In: 2012 International Conference on Computer & Information Science (ICCIS),12-14 June 2012. Kuala Lumpur, Malaysia: IEEE. 98. Nan, N., 2009. Extractive Product Line Requirement,. University of Toronto. 99. Neaga, E.I. and Henshaw, M., 2011. Requirements Elicitation and Validation for Secure IT Enabling Supply Chain Networks [online]. Available at: https://refsq.org/2011/files/2011/03/5_Neaga_supply_chain_networks.pdf [Accessed 27 May 2015].216 100. Noponen, S., 2008. Information Security of Remote File Transfers with Mobile Devices. In: Annual IEEE International Computer Software and Applications Conference. IEEE, Computer Society, pp.973–978. 101. Novák, V., Perfilieva, I., and Močkoř, J., 1999. Mathematical Principles of Fuzzy Logic. Kluwer Academics. 102. Nuseibeh, B., Easterbrook, S., and Russo, A., 2000. Leveraging Inconsistency in Software Development. Journal Computer, 33, pp.24–29. 103. Paja, E., Dalpiaz, F., Poggianella, M., Roberti, P., and Giorgini, P., 2012. STS-Tool : Socio-Technical Security Requirements through Social Commitments. In: Requirements Engineering Conference (RE), 2012 20th IEEE International. Chicago, IL, USA: IEEE. 104. Park, H., Ryu, H., and Baik, J., 2008. Historical Value-Based Approach for Cost-cognizant Test Case Prioritization to Improve the Effectiveness of Regression Testing. In: The Second International Conference on Secure System Integration and Reliability Improvement. pp.39–46. 105. Pfleeger, S.L. and Atlee, J.M., 2010. Software Engineering Theory and Practice Fourth Edition. Pearson. 106. Raju, S. and Uma, G. V., 2012. Factors Oriented Test Case Prioritization Technique in Regression Testing using Genetic Algorithm. European Journal of Scientific Research, 74 (3), pp.389–402.217 107. Ranjbar, N. and Abdinejadi, M., 2012. Authentication and Authorization for Mobile Devices [online]. Available at: https://gupea.ub.gu.se/%0Ahandle/2077/30043. [Accessed 20 Apr 2015]. 108. Rapos, E.J. and Dingel, J., 2012. Incremental Test Case Generation for UML-RT Models Using Symbolic Execution. In: 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation. 109. Reddy, D.V., 2016. An Approach for Fault Detection in Software Testing Through Optimized Test Case Prioritization. International Journal of Applied Engineering Research, 11 (1), pp.57–63. 110. Rekha, A., Anitha, P., Subaira, A.., and Vinothini, C., 2015. A Survey on Encryption Algorithms for Data Security. International Journal of Research in Engineering and Technology, pp.131–134. Requirements, S., 1984. IEEE Guide to Software Requirements Specifications. ANSI/IEEE. 111. Rhee, K., Kim, H., and Na, H.Y., 2012. Security Test Methodology for an Agent of a Mobile Device Management System. International Journal of Security and Its Applications, 6 (2), pp.137–142. 112. Rhmann, W., Zaidi, T., and Saxena, V., 2016. SCIENCEDOMAIN international Test Cases Minimization and Prioritization Based on Requirement , Coverage , Risk Factor and218 Execution Time. British Journal of Mathematics & Computer Science, 14 (1), pp.1–9. 113. Robertson, S. and Robertson, J., 2006. Mastering the Requirements Process, 2nd Edition. Addison-Wesley Professional. 114. Roongruangsuwan, S. and Daengdej, J., 2010. 30_Siripong et. al_PTG-193-214.pdf. Journal of Software Engineering, 4 (3), pp.193–214. 115. Rothermel, G., Untch, R.H., Chu, C., Harrold, M.J., Rothermel, G., and Society, I.C., 2001. Prioritizing Test Cases For Regression Testing Prioritizing Test Cases For Regression Testing. CSE Journal Articals, 27 (10), pp.929–948. 116. Ryser, J. and Glinz, M., 1999. A Scenario-Based Approach to Validating and Testing Software Systems Using Statecharts. In: 12th International Conference on Software and SYstems Engineering and their Application ICSSEA’99, CNAM, Paris, France. 117. Saleh, K. and Al-Zarouni, A., 2004. Capturing Non-Functional Requirements using the User Requirements Notation. In: The 2004 International Research Conference on Innovations in Information Technology. pp.222–230. 118. Salini, P. and Kanmani, S., 2012. Survey and analysis on Security Requirements Engineering q. Computers and Electrical Engineering, 38 (6), pp.1785–1797. 119. Sánchez, A.B., Segura, S., and Ruiz-cortés, A., 2013. A Comparison of Test Case Prioritization Criteria for Software Product Lines ( v 1 . 0 ). Spain.219 120. Santos, A., Macedo, J., Costa, A., and Nicolau, M.J., 2014. Internet of Things and Smart Objects for M-Health Monitoring and Control. Procedia Technology, 16, pp.1351–1360. 121. Schneider, K., 2007. Generating Fast Feedback in Requirements Elicitation. In: Sawyer P., Paech B., Heymans P. (eds) , International Working Conference on Requirements Engineering: Foundation for Software Quality. Springer, Berlin, Heidelberg, pp.160–174. 122. Schneider, K., Knauss, E., Houmb, S., Islam, S., and Jürjens, J., 2011. Enhancing security requirements engineering by organizational learning. Requirements Engineering, 17 (1), pp.35–56. 123. Shahid, M. and Ibrahim, S., 2014. A New Code Based Test Case Prioritization Technique. International Journal of Software Engineering and Its Applications, 8 (6), pp.31–38. 124. Silver, E.A., 2004. An Overview of Heuristic Solution Methods. The Journal of the Operational Research Society, 44 (4), pp.936–956. 125. Singaraju, G. and Kang, B.B., 2008. Concord: A Secure Mobile Data Authorization Framework for Regulatory Compliance. In: Proceedings of the 22nd Large Installation System Administration Conference (LISA ’08). pp.91–102. 126. Singh, A.K., 2001. A Parametric Approach for Security Testing of Internet Applications. In: 3rd Annual International Software Testing Conference. 127. Sommerville, I., 2004. Software Engineering. International computer science series. Pearson/Addison-Wesley.220 128. Sommerville, I., 2011. Software Engineering. Addison-Wesley. 129. Sonia, Singhal, A., and Banati, H., 2011. Fuzzy Logic Approach for Threat Prioritization in Agile Security Framework using DREAD Model. International Journal of Computer Science, 8 (4), pp.182–190. 130. Souag, A., 2012. Towards a new generation of security requirements definition methodology using ontologies. In: Proceedings of 24th International Conference on Advanced Information Systems Engineering (CAiSE 2012), Gdańsk, Poland, June 25-29. pp.1–8. 131. Spataru, A.C., 2010. Agile Development Methods for Mobile Applications. University of Edinburgh. 132. State Machine Diagrams [online], 2010. Available at: http://www.uml-diagrams.org/statemachine-diagrams.html [Accessed 1 Jan 2016]. 133. Stefan, G., Ruhroth, T., and Jens, B., 2014. Maintaining Requirements for Long-Living Software Systems by Incorporating Security Knowledge. In: 2014 IEEE 22nd International Requirements Engineering Conference (RE). pp.103–112. 134. Tetmeyer, A., 2013. A POS Tagging Approach to Capture Security Requirements within an Agile Software Development Process. University of Kansas. 135. Tyagi, M., 2015. An Approach for Test Case Prioritization Based on Three Factors. Information Technology and Computer Science, 4 (March), pp.79–86.221 User Authentication in Mobile [online], 2015. Available at: https://sc1.checkpoint.com/documents/R77/CP_R77_Mobile_Access_WebAdmin/41587 .htm [Accessed 1 Jan 2015]. 136. V., S., K., S., Babu, K.G., and B.V.R.R., N., 2013. © i a e m e. International Journal of Computer Engineering & Technology (IJCET), 4 (3), pp.531–538. 137. Veracode, 2016. Veracode [online]. Available at: https://www.veracode.com/products/static-analysis-sast/static-analysis-tool [Accessed 20 Jun 2016]. 138. Vilhan, P. and Hudec, L., 2013. Building Public Key Infrastructure for MANET with Help of B.A.T.M.A.N. Advanced. In: Proceeding of the Modelling Symposium (EMS), 2013 European, Manchester, 20-22 Nov. pp.566–571. 139. Vivekanandan, K., Bhojan, R., and Ganesan, S., 2014. Cloud Enabled Test Evaluation on Mobile Web Applications. International Journal of Advanced Research in Computer and Communication Engineering, 3 (6), pp.6933–6937. 140. Ware, M.S., Bowles, J.B., and Eastman, C.M., 2006. Using the Common Criteria to Elicit Security Requirements with Use Cases. In: Proceedings of the IEEE, Memphis, TN, USA. Memphis, TN, USA: IEEE, pp.273–278. 141. Weber, S.G., 2013. Enabling End-to-End Secure Communication with Anonymous and Mobile Receivers - an Attribute-Based Messaging Approach. Provable Security, 9th222 International Conference, ProvSec 2015, Kanazawa, Japan. Springer Cham Heidelberg. 142. Wiegers, K. and Beatty, J., 2013. Software requirements. Third Edit. Microsoft Press. 143. Xie, Y., Tang, T., Xu, T., and Zhao, L., 2010. Research on Requirement Management for Complex Systems Oft. In: 2nd International Conference on Computer Engineering and Technology. Computer Engineering and Technology (ICCET), pp.113–116. 144. Yahya, S., Kamalrudin, M., and Sidek, S., 2013. A review on tool supports for security requirements engineering. 2013 IEEE Conference on Open Systems (ICOS), pp.190–194. 145. Yahya, S., Kamalrudin, M., Sidek, S., and Grundy, J., 2014. Cases ( EUCs ). In: Asia Pacific Requirements Engineering Symposium (APRES) 2014. pp.16–30. 146. Yang, H., Willis, A., Roeck, A. De, and Nuseibeh, B., 2010. Automatic Detection of Nocuous Coordination Ambiguities in Natural Language Requirements. In: Proc. IEEE/ACM international conference on Automated software engineering, Antwerp, Belgium, ACM Press. 147. Yin, R.K., 2009. Case Study Research: Design and Methods Fourth Edition. Sage Publication. 148. Ying, L., Dinglong, H., Haiyi, Z., and Rau, P., 2007. Users ’ Perception of Mobile Information Security. Serials Publications, 96 (1–2), pp.19–37. 149. Yusop, N., Kamalrudin, M., Mohd Yusof, M., and Sidek, S., 2016a. Meeting Real223 Challenges in Eliciting Security Attributes for Mobile Application Development. Journal of Internet Computing and Services(JICS), 170 (5), pp.25–32. 150. Yusop, N., Kamalrudin, M., and Sidek, S., 2015. Jurnal Teknologi Security Requirements Validation for Mobile Apps: A Systematic Literature Review. Jurnal Teknologi, 34, pp.123–137. 151. Yusop, N., Kamalrudin, M., Sidek, S., and Grundy, J., 2016b. Automated Support to Capture and Validate Security Requirements for Mobile Apps. Asia Pacific Requirements Engineering Symposium (APRES),Part of the Communications in Computer and Information Science book series (CCIS, volume 671). Springer, Singapore. 152. Zowghi, D., 2003. On the Interplay Between Consistency , Completeness , and Correctness in Requirements Evolution. Elsevier Science, (April 2003), pp.1–37. 153. Zowghi, D. and Coulin, C., 2005. Requirements Elicitation: A Survey of Techniques. In: Engineering and Managing Software Requirements. Berlin, Heidelberg: Springer, Berlin, Heidelberg, pp.19–46.

Similar Items