University of Bahrain
Scientific Journals

An Approach for Systematically Analyzing and Specifying Security Requirements for the Converged Web-Mobile Applications

Show simple item record Nyambo, Devotha Yonah, Zaipuna Tarimo, Charles 2018-07-09T06:04:34Z 2018-07-09T06:04:34Z 2014
dc.identifier.issn 2210-142X
dc.description.abstract As the use of web and mobile applications is becoming pervasive for service delivery and user mobility support, enterprises are now increasingly fighting against a huge number of emerging security threats which interfere with the process of service delivery. As an attempt to help the enterprises in dealing with the emerging security threats in the converged service delivery architecture, this paper presents a methodology for security threat analysis and security requirements specification in web/mobile applications development. The presented methodology is based on a case study Livestock Data Center (LDC) system, which is being developed and it allows both web and mobile interfaces as service delivery channels. Hence the system serves as a representative of other similar setups of service delivery. In addition to the processes of analysis and security specification, the methodology involves threat modeling as well. There are several threat models in the literature. The STRIDE threats model is one among the existing threats models that is used to identify security threats that needs to be addressed in systems such as the LDC system. The STRIDE threats model has been used to identify the likely security threats to our case study. On applying the STRIDE threats model the following threats were identified as prominent: sensitive data exposure, weak server side controls, client side injection, and weak authentication and authorization. The identified security threats were compared to existing threats in traditional web and mobile applications separately in order to figure out the changes when the two computing platforms come together. The findings from our case study have shown that the proposed methodology for security threat analysis and security design can be useful in security requirements specifications in the converged web-mobile applications during development, and can be generally used to assist developers of other similar systems. en_US
dc.language.iso en_US en_US
dc.publisher University of Bahrain en_US
dc.rights Attribution-NonCommercial-ShareAlike 4.0 International *
dc.rights.uri *
dc.subject web and mobile applications security en_US
dc.subject STRIDE en_US
dc.subject Livestock Data Center en_US
dc.subject security requirements en_US
dc.title An Approach for Systematically Analyzing and Specifying Security Requirements for the Converged Web-Mobile Applications en_US
dc.type Article en_US
dc.volume 03
dc.issue 03
dc.source.title International Journal of Computing and Digital Systems
dc.abbreviatedsourcetitle IJCDS

Files in this item

The following license files are associated with this item:

This item appears in the following Issue(s)

Show simple item record

Attribution-NonCommercial-ShareAlike 4.0 International Except where otherwise noted, this item's license is described as Attribution-NonCommercial-ShareAlike 4.0 International

All Journals

Advanced Search


Administrator Account