Secure cloud-based mobile apps: attack taxonomy, requirements, mechanisms, tests and automation

The adoption and popularization of mobile devices, such as smartphones and tablets, accentuated after the second decade of this century, has been motivated by the growing number of mobile applications, which can solve problems in different areas of contemporary societies. Conversely, the software de...

Full description

Saved in:
Bibliographic Details
Published in:International journal of information security 2023-08, Vol.22 (4), p.833-867
Main Authors: Chimuco, Francisco T., Sequeiros, João B. F., Lopes, Carolina Galvão, Simões, Tiago M. C., Freire, Mário M., Inácio, Pedro R. M.
Format: Article
Language:English
Subjects:
Applications programs
Automation
Cloud computing
Coding and Information Theory
Communications Engineering
Computer Communication Networks
Computer Science
Cryptology
Cybersecurity
Electronic devices
Industrial development
Management of Computing and Information Systems
Mobile computing
Networks
Operating Systems
Regular Contribution
Smartphones
Software
Software development
Software engineering
Specifications
Tablet computers
Taxonomy
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The adoption and popularization of mobile devices, such as smartphones and tablets, accentuated after the second decade of this century, has been motivated by the growing number of mobile applications, which can solve problems in different areas of contemporary societies. Conversely, the software development industry is motivated by the increasing number and quality of resources that mobile devices possess nowadays (e.g., memory, sensors, processing power or battery). While powerful mobile devices do exist, one of the main driving factors behind the increase of resources is the usage of Cloud technology, which strongly complement mobile computing. As expected, the adoption of measures to mitigate security issues has not accompanied the growth and speed of development for Cloud and Mobile software, to ensure that these are resilient to attacks by design. Aiming to contribute to decrease the gap between software and security engineering, this paper presents a deep approach to attack taxonomy, security mechanisms, and security test specification for the Cloud and Mobile ecosystem of applications. This is also the first time an encompassing and conjoined approach is provided for attack taxonomy and specification of security tests automation tools for this ecosystem.
ISSN:1615-5262
1615-5270
DOI:10.1007/s10207-023-00669-z