Skip to main content
SpringerLink
Log in
Book cover

International Conference on Security and Privacy in Mobile Information and Communication Systems

MobiSec 2012: Security and Privacy in Mobile Information and Communication Systems pp 12–23Cite as

A Guidance Model for Architecting Secure Mobile Applications

  • Conference paper

Abstract

In addition to fast technological advances in the area of mobile devices and its broad adoption in todays developed societies, mobile applications do not only address the consumer electronics market but are also increasingly being used in a business and industry context. Thus, we see a demand for research developing software systems comprising mobile devices with special respect to security concerns. In this paper we want to address this demand from an architectural point of view and make use of the concept of architectural decisions. We present a guidance model that supports on the one hand this decision-making process during architecting mobile applications. On the other hand the presented guidance model serves as a tool to evaluate existing architectures. The guidance model has been created based on an adapted version of Zimmermann’s SOAD framework, which is used for in the context of service-oriented architectures. The guidance model itself consists of a set of interrelated architectural decisions for recurring design situations. The application of the guidance model is demonstrated along a real-world scenario. The guidance model also takes into account that security concerns are changing and therefore provides an extension mechanism which is presented in this paper.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Nekoo, A.H., Vakili, K.: A Practical Course on Mobile-Software Engineering: Mobile Solutions Laboratory. In: Conferene on Software Engineering Advances (2009)

    Google Scholar 

  2. Hu, W., Chen, T., Shi, Q., Lou, X.: Smartphone Software Development Course Design Based on Android. In: IEEE Computer and Information Technology, CIT (2010)

    Google Scholar 

  3. Rana O.F.: Software engineering for mobile environments. In: IEEE Seminar on Mobile Agents - Where Are They Going? (Ref. No. 2001/150) (2001)

    Google Scholar 

  4. Dannenberg, R.B.: Software architecture: The next step. In: Oquendo, F., Warboys, B.C., Morrison, R. (eds.) EWSA 2004. LNCS, vol. 3047, pp. 194–199. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  5. Jansen, A., Bosch, J.: Software architecture as a set of architectural design decisions. In: Proceedings of the 5th IEEE/IFIP Working Conference on Software Architecture (WICSA), pp. 109–119. IEEE Computer Society (2005)

    Google Scholar 

  6. Van Der Ven, J., Jansen, A., Nijhuis, J., Bosch, J.: Design Decisions: The Bridge between Rationale and Architecture. In: Rationale Management in Software Engineering, pp. 329–348. Springer, Heidelberg (2006)

    Google Scholar 

  7. Zimmermann, O.: An Architectural Decision Modeling Framework for Service-Oriented Architecture Design. PhD Thesis, Univ. of Stuttgart (2009)

    Google Scholar 

  8. Zimmermann, O.: Architectural Decisions as Reusable Design Assets. IEEE Software 28(1), 64–69 (2011)

    Article  Google Scholar 

  9. Masak, D.: Digitale Ökosysteme: Serviceorientierung bei dynamisch vernetzten Unternehmen. Springer, Heidelberg (2009)

    Google Scholar 

  10. Fuchß, T.: Mobile Computing - Grundlagen und Konzepte für mobile Anwendungen; mit 29 Aufgaben (2009)

    Google Scholar 

  11. Dwivedi, H., Clark, C., Thiel, D.V.: Mobile application security. McGraw-Hill, New York (2010)

    Google Scholar 

  12. Heyman, T., Scandariato, R., Joosen, W.: Security in Context: Analysis and Refinement of Software Architectures. In: Computer Software and Applications Conference, COMPSAC (2010)

    Google Scholar 

  13. Alkussayer, A., Allen, W.H.: A scenario-based framework for the security evaluation of software architecture. In: Computer Science and Information Technology, ICCSIT (2010)

    Google Scholar 

  14. Dai, L.: Security Variability Design and Analysis in an Aspect Oriented Software Architecture. In: Secure Software Integration and Reliability Improvement (2009)

    Google Scholar 

  15. Zimmermann, O.: Service-Oriented Analysis and Design a.k.a. SOA Decision Modeling, SOAD (2011), http://soadecisions.org/soad.htm

  16. Zimmermann, O., Kopp, P., Pappe, S.: Industrial Case Study: Architectural Knowledge in an SOA Infrastructure Reference Architecture. In: Ali Babar, M., Dingsøyr, T., Lago, P., van Vliet, H. (eds.) Software Architecture Knowledge Management, pp. 217–241. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  17. Bundesamt für Sicherheit in der Informationstechnik (BSI), IT-Grundschutz-Kataloge, https://www.bsi.bund.de/ContentBSI/grundschutz/kataloge/kataloge.html

  18. Eckert C.: IT-Sicherheit. Oldenbourg-Verlag, München (2009)

    Google Scholar 

  19. Steel, C., Nagappan, R., Lai, R.: Core Security Patterns, 4th edn. Pearson Education (2009)

    Google Scholar 

  20. Viega, J., McGraw, G.: Building Secure Software. Addison-Wesley (2002)

    Google Scholar 

  21. Schuhmacher, M.: Security Engineering with Patterns. Springer, Heidelberg (2003)

    Book  Google Scholar 

  22. Open Web Application Security Project (OWASP): Development Guide, https://www.owasp.org/index.php/OWASP_Guide_Project

  23. Anderson, R.: Security Engineering. Wiley (2001)

    Google Scholar 

  24. Ali Babar, M., Dingsøyr, T., Lago, P., van Vliet, H. (eds.): Software Architecture Knowledge Management. Theory and Practice. Springer, Heidelberg (2009)

    MATH  Google Scholar 

  25. Zimmermann, O., Zdun, U., Gschwind, T., Leymann, F.: Combining Pattern Languages and Reusable Architectural Decision Models into a Comprehensive and Comprehensible Design Method. In: Seventh Working IEEE/IFIP Conference on Software Architecture (WICSA 2008), pp. 157–166 (2008)

    Google Scholar 

  26. Sorensen, K.E.: Session patterns. In: Pattern Languages of Programs Conference, PLoP (2002)

    Google Scholar 

  27. Weiss, M., Mouratidis, H.: Selecting security patterns that fulfill security requirements. In: Requirements Engineering Conference, RE (2008)

    Google Scholar 

  28. Yoder, J., Barcalow, J.: Architectural patterns for enabling application security. In: Pattern Languages of Programs Conference (1997)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. paluno – The Ruhr Institute for Software Technology, University of Duisburg-Essen, Universitätsstr. 9, 45141, Essen, Germany

    Widura Schwittek, André Diermann & Stefan Eicker

Authors
  1. Widura Schwittek
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. André Diermann
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Stefan Eicker
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Novalyst IT AG, Robert-Bosch Str. 38, 61184, Karben, Germany

    Andreas U. Schmidt

  2. Department of Computer Science, University of Auckland, Private Bag 92019, 1142, Auckland, New Zealand

    Giovanni Russello

  3. Goethe University Frankfurt, Grüneburgplatz 1, 60629, Frankfurt/M., Germany

    Ioannis Krontiris

  4. Central Research Institute Huawei Technologies, Building Q22, Room 2-A15R Beiqinglu Huanbaoyuan No.156, Haidian District, 100095, Beijing, China

    Shiguo Lian

Rights and permissions

Reprints and permissions

Copyright information

© 2012 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering

About this paper

Cite this paper

Schwittek, W., Diermann, A., Eicker, S. (2012). A Guidance Model for Architecting Secure Mobile Applications. In: Schmidt, A.U., Russello, G., Krontiris, I., Lian, S. (eds) Security and Privacy in Mobile Information and Communication Systems. MobiSec 2012. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 107. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33392-7_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-33392-7_2

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-33391-0

  • Online ISBN: 978-3-642-33392-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation