Creating and sharing knowledge for telecommunications

Secure cloud-based mobile apps: attack taxonomy, requirements, mechanisms, tests and automation

Chimuco, F. ; Sequeiros, J. ; Lopes, C. ; Simões, Tiago M. C. ; Freire, M. ; Inácio , P. R. M. I.

Intrnl. Journal of Information Security Vol. 22, Nº 4, pp. 833 - 867, August, 2023.

ISSN (print): 1615-5262
ISSN (online): 1615-5270

Scimago Journal Ranking: 0,88 (in 2023)

Digital Object Identifier: 10.1007/s10207-023-00669-z

Abstract
The adoption and popularization of mobile devices, such as smartphones and tablets, accentuated after the second decade of this century, has been motivated by the growing number of mobile applications, which can solve problems in different areas of contemporary societies. Conversely, the software development industry is motivated by the increasing number and quality of resources that mobile devices possess nowadays (e.g., memory, sensors, processing power or battery). While powerful mobile devices do exist, one of the main driving factors behind the increase of resources is the usage of Cloud technology, which strongly complement mobile computing. As expected, the adoption of measures to mitigate security issues has not accompanied the growth and speed of development for Cloud and Mobile software, to ensure that these are resilient to attacks by design. Aiming to contribute to decrease the gap between software and security engineering, this paper presents a deep approach to attack taxonomy, security mechanisms, and security test specification for the Cloud and Mobile ecosystem of applications. This is also the first time an encompassing and conjoined approach is provided for attack taxonomy and specification of security tests automation tools for this ecosystem.