Secure development model for mobile applications

• Autorzy: Majchrzycka A. , Poniszewska-Marańda A.

Identyfikatory

DOI

10.1515/bpasts-2016-0055

• Języki publikacji: EN

Abstrakty

EN

The development of mobile applications plays an increasingly important role in everyday lives of a visibly growing number of smartphone and tablet users. This trend contributes to changes in corporate management techniques, which now turn towards establishing new standards of data management and extending the functionalities of existing systems to enable the users to benefit from the newest technological advances by creating mobile applications. The paper presents a review of existing solutions for one of the most popular mobile platforms, Apple’s iOS, and proposes secure development model as a tool to overcome existing threats faced by mobile application developers.

Słowa kluczowe

EN

mobile application development; security of mobile applications; IOS platform; Android platform

PL

rozwój aplikacji mobilnych; bezpieczeństwo aplikacji mobilnych; platforma IOS; platforma Android

• Wydawca: Polska Akademia Nauk, Wydział IV Nauk Technicznych
• Czasopismo: Bulletin of the Polish Academy of Sciences. Technical Sciences
• Rocznik: 2016
• Tom: Vol. 64, nr 3
• Strony: 495--503
• Opis fizyczny: Bibliogr. 21 poz., rys.

Twórcy

autor

Majchrzycka A.

• Institute of Information Technology, Technical University of Lodz, 215 Wólczańska St., 90–924 Łódź, Poland

autor

Poniszewska-Marańda A.

• Institute of Information Technology, Technical University of Lodz, 215 Wólczańska St., 90–924 Łódź, Poland

Bibliografia

• [1] A. Porter Felt, M. Finifter, E. Chin, S. Hanna, and D. Wagner, “A survey of mobile malware in the wild”, Proc. 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, 3–14 (2011).
• [2] M. P. Souppaya and K. A. Scarfone, “Guidelines for managing the security of mobile devices in the enterprise”, NIST (2013).
• [3] Y. Zhou and X. Jiang, “Dissecting Android malware: Characterization and evolution”, Proc. 33rd IEEE Symposium on Security and Privacy (2012).
• [4] Y. Agarwal and M. Hall, “ProtectMyPrivacy: Detecting and mitigating privacy leaks on iOS devices using crowdsourcing”, Proc. 1th Annual International Conference on Mobile Systems, Applications, and Services, 97–110 (2013).
• [5] T. Werthmann, R. Hund, L. Davi, A. Sadeghi, and T. Holz, “PSiOS: Bring your own privacy and security to iOS devices”, Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, 13–24 (2013).
• [6] M. Egele, C. Kruegel, E. Kirda, and G. Vigna, “PiOS: Detecting privacy leaks in iOS applications”, Proceedings of the Network and Distributed System Security Symposium (2011).
• [7] T. Vidas, D. Votipka, and N. Christin, “All your droid belong to us: A survey of current Android attacks”, Proc. 5th USENIX Workshop on Offensive Technologies (2011).
• [8] N. Seriot, iPhone Privacy, Black Hat DC, Arlington, 2010.
• [9] W. Enck, M. Ongtang, and P. McDaniel, “Understanding Android security”, IEEE Security & Privacy 7 (1), 50–57 (2009).
• [10] M. Ongtang, S. McLaughlin, W. Enck, and P. McDaniel, “Semantically Rich Application-Centric Security in Android”, Proceedings of the 2009 Annual Computer Security Applications Conference, 340–349 (2009).
• [11] W. Enck, D. Octeau, P. McDaniel, and S. Chaudhuri, “A study of Android application security”, Proc. 20th USENIX Security Symposium (2011).
• [12] W. M. Fitzgerald, U. Neville, and S. N. Foley, “MASON: Mobile autonomic security for network access controls”, Journal of Information Security and Applications 18 (1), 14–29 (2013).
• [13] S. Khan, M. Nauman, A. T. Othman, and S. Musa, “How secure is your smartphone: an analysis of smartphone security mechanisms”, Proc. International Conference on Cyber Security, Cyber Warfare and Digital Forensic, 76–81 (2012).
• [14] J. Zdziarski, Hacking and Securing iOS Applications, O’Reilly Media, 2012.
• [15] M. Alhamed, K. Amir, M. Omari, and W. Le, “Comparing privacy control methods for smartphone platforms”, Proc. Engineering of Mobile-Enabled Systems (2013).
• [16] L. Kastenson, Security of Mobile Devices, 2013.
• [17] M. Elkhodr and S. Shehrestani and K. Kourouche, “A proposal to improve the security of mobile banking applications”, Proc. 10th International Conference on ICT and Knowledge Engineering (2012).
• [18] D. Floyd, “Mobile application security systems (MASS)”, Bell Labs Technical Journal 11 (3) (2006).
• [19] A. Zaheer, F. Lishoy, A. Tansir, C. Lobodzinski, D. Audsin, and J. Peng, “Enhancing the security of mobile applications by using TEE and (U)SIM”, Proc. 10th International Conference on Ubiquitous Intelligence and Computing (2013).
• [20] X. Feng, Y. Wu, and X. Yan, “Mobile application protection solution based on 3G security architecture and OpenID”, Proc. 7th International Conference on Software Security and Reliability Companion (2013).
• [21] A. Michalska and A. Poniszewska-Marańda, “Security risks and their prevention capabilities in mobile application development”, Information Systems in Management, WULS Press 4 (2), 123–134 (2015).