Risk-driven security metrics for an Android smartphone application

Reijo Savola, Markku Kylänpää, Habtamu Abie

    Research output: Contribution to journalArticleScientificpeer-review

    Abstract

    Security management in Android smartphone platforms is a challenge. This challenge can be overcome at least partially by developing systematically risk-driven security objectives and controls for the target system, and determining how to offer sufficient evidence of its security performance via metrics. The target system of our investigation is an Android platform utilised for public safety and security mobile networks. We develop and analyse the security objectives and controls for these systems based on a technological risk analysis. In addition, we investigate how effective and efficient security metrics can be developed for the target system, and describe implementation details of enhanced security controls for authentication, authorisation, and integrity objectives. Our analysis includes implementation details of selected security controls and a discussion of their security effectiveness. It also includes conceptualisation and description of adaptive security for an Android platform which can improve the flexibility and effectiveness of these security controls and end-users confidence in service providers.
    Original languageEnglish
    Pages (from-to)297-324
    Number of pages28
    JournalInternational Journal of Electronic Business
    Volume15
    Issue number4
    DOIs
    Publication statusPublished - Nov 2020
    MoE publication typeA1 Journal article-refereed

    Keywords

    • android
    • security objectives
    • security metrics
    • security effectiveness
    • risk analysis

    Fingerprint

    Dive into the research topics of 'Risk-driven security metrics for an Android smartphone application'. Together they form a unique fingerprint.

    Cite this