Abstract
Security management in Android smartphone platforms is a challenge. This challenge can be overcome at least partially by developing systematically risk-driven security objectives and controls for the target system, and determining how to offer sufficient evidence of its security performance via metrics. The target system of our investigation is an Android platform utilised for public safety and security mobile networks. We develop and analyse the security objectives and controls for these systems based on a technological risk analysis. In addition, we investigate how effective and efficient security metrics can be developed for the target system, and describe implementation details of enhanced security controls for authentication, authorisation, and integrity objectives. Our analysis includes implementation details of selected security controls and a discussion of their security effectiveness. It also includes conceptualisation and description of adaptive security for an Android platform which can improve the flexibility and effectiveness of these security controls and end-users confidence in service providers.
Original language | English |
---|---|
Pages (from-to) | 297-324 |
Number of pages | 28 |
Journal | International Journal of Electronic Business |
Volume | 15 |
Issue number | 4 |
DOIs | |
Publication status | Published - Nov 2020 |
MoE publication type | A1 Journal article-refereed |
Keywords
- android
- security objectives
- security metrics
- security effectiveness
- risk analysis