Your search keyword '"Application security"' showing total 1,197 results

1. A Risk Assessment Framework for Mobile Apps in Mobile Cloud Computing Environments.

Author

Ogwara, Noah Oghenefego, Petrova, Krassie, Yang, Mee Loong, and MacDonell, Stephen G.

Subjects

MACHINE learning, THIRD-party software, DISEASE risk factors, MOBILE apps, DATA security

Abstract

Mobile devices (MDs) are used by mobile cloud computing (MCC) customers and by other users because of their portability, robust connectivity, and ability to house and operate third-party applications (apps). However, the apps installed on an MD may pose data security risks to the MD owner and to other MCC users, especially when the requested permissions include access to sensitive data (e.g., user's location and contacts). Calculating the risk score of an app or quantifying its potential harmfulness based on user input or on data gathered while the app is actually running may not provide reliable and sufficiently accurate results to avoid harmful consequences. This study develops and evaluates a risk assessment framework for Android-based MDs that does not depend on user input or on actual app behavior. Rather, an app risk evaluator assigns a risk category to each resident app based on the app's classification (benign or malicious) and the app's risk score. The app classifier (a trained machine learning model) evaluates the permissions and intents requested by the app. The app risk score is calculated by applying a probabilistic function based on the app's use of a set of selected dangerous permissions. The results from testing of the framework on an MD with real-life resident apps indicated that the proposed security solution was effective and feasible. [ABSTRACT FROM AUTHOR]

Published

2024

2. Possibilities of Using Fuzz Testing in Smart Cities Applications

Author

Almer, Lubomir, Horalek, Josef, Svoboda, Tomas, Akan, Ozgur, Editorial Board Member, Bellavista, Paolo, Editorial Board Member, Cao, Jiannong, Editorial Board Member, Coulson, Geoffrey, Editorial Board Member, Dressler, Falko, Editorial Board Member, Ferrari, Domenico, Editorial Board Member, Gerla, Mario, Editorial Board Member, Kobayashi, Hisashi, Editorial Board Member, Palazzo, Sergio, Editorial Board Member, Sahni, Sartaj, Editorial Board Member, Shen, Xuemin, Editorial Board Member, Stan, Mircea, Editorial Board Member, Jia, Xiaohua, Editorial Board Member, Zomaya, Albert Y., Editorial Board Member, Cong Vinh, Phan, editor, and Mahfooz Ul Haque, Hafiz, editor

Published

2024

3. GenAI Application Level Security

Author

Huang, Ken, Huang, Grace, Dawson, Adam, Wu, Daniel, Huang, Ken, editor, Wang, Yang, editor, Goertzel, Ben, editor, Li, Yale, editor, Wright, Sean, editor, and Ponnapalli, Jyoti, editor

Published

2024

4. Blockchain-Based Application Security Versus Centralized and Distributed Data Management Systems – A Comparative Study

Author

Mandal, Subhadeep, Kar, Arpan Kumar, Gupta, Shivam, Rannenberg, Kai, Editor-in-Chief, Soares Barbosa, Luís, Editorial Board Member, Carette, Jacques, Editorial Board Member, Tatnall, Arthur, Editorial Board Member, Neuhold, Erich J., Editorial Board Member, Stiller, Burkhard, Editorial Board Member, Stettner, Lukasz, Editorial Board Member, Pries-Heje, Jan, Editorial Board Member, Kreps, David, Editorial Board Member, Rettberg, Achim, Editorial Board Member, Furnell, Steven, Editorial Board Member, Mercier-Laurent, Eunika, Editorial Board Member, Winckler, Marco, Editorial Board Member, Malaka, Rainer, Editorial Board Member, Sharma, Sujeet K., editor, Dwivedi, Yogesh K., editor, Metri, Bhimaraya, editor, Lal, Banita, editor, and Elbanna, Amany, editor

Published

2024

5. Automated Extension-Based Penetration Testing for Web Vulnerabilities.

Author

Alhogail, Areej and Alkahtani, Manal

Subjects

PENETRATION testing (Computer security), WEB-based user interfaces

Abstract

Depending on manual solutions for finding security vulnerabilities in web applications is time-consuming, error-prone, and requires high levels of expertise. This paper proposes a model for an automated extension-based penetration testing for web vulnerabilities that is compatible with any web application. It consists of three stages that start with information gathering, followed by a vulnerability assessment process to test for exploit. The results are then automatically generated as a report at the conclusion. To examine the model, a tool is developed based on the suggested model. Results demonstrate that the proposed technique has effectively and promptly identified application's vulnerabilities. [ABSTRACT FROM AUTHOR]

Published

2024

6. AN EMPIRICAL EXAMINATION OF THE ECONOMICS OF MOBILE APPLICATION SECURITY.

Author

Sanyal, Pallab, Menon, Nirup, and Siponen, Mikko

Abstract

The growth of mobile devices coupled with advances in mobile technologies has resulted in the development and widespread use of a variety of mobile applications (apps). Mobile apps have been developed for social networking, banking, receiving daily news, maintaining fitness, and job-related tasks. The security of apps is an important concern. However, in some cases, app developers may be less interested in investing in the security of apps, if users are unwilling to pay for the added security. In this paper, we empirically examine whether consumers are less willing to pay for security features than for usability features. In addition, we examine whether a third-party certification of security features makes customers more willing to pay for security. Furthermore, we investigate the impact of risk perceptions on the willingness to pay for security. To explore these issues, we conducted a scenario-based experiment on mobile app users. Results from our analyses show that consumers are indeed less likely to pay for security features than usability features. However, the likelihood of paying for security features can be significantly increased by third-party certification of the features. Based on our analysis, we offer insights to producers of mobile apps to monetize the enhanced security features of their apps. [ABSTRACT FROM AUTHOR]

Published

2021

7. Multi-view convolutional neural networks for cybersecurity applications

Author

Millar, Stuart, Martinez del Rincon, Jesus, and Miller, Paul

Subjects

Cybersecurity, application security, malware detection, machine learning, deep learning, convolutional neural networks, multi-view learning

Abstract

The ever-growing influence of technology in society and business creates major vulnerabilities that can be exploited through cyberattacks. Cybersecurity therefore is of fundamental importance to defend against malicious actors who regularly target ubiquitous technologies like Android OS and web applications. In theory, defensive solutions using artificial intelligence, machine learning and neural networks can offer a significant degree of automation. However, false positive rates of these systems remain a problem, whilst there are issues translating state-of-the-art lab research into the real-world, not least the difficulty in evaluation with a scarcity of representative data that is often proprietary and highly-sensitive. To help solve these challenges, this thesis presents three multi-view convolutional neural networks to advance the fields of Android malware detection and web application security.

Published

2022

8. A Risk Assessment Framework for Mobile Apps in Mobile Cloud Computing Environments

Author

Noah Oghenefego Ogwara, Krassie Petrova, Mee Loong Yang, and Stephen G. MacDonell

Subjects

mobile cloud computing, security threats, risk assessment, mobile device, mobile application, application security, Information technology, T58.5-58.64

Abstract

Mobile devices (MDs) are used by mobile cloud computing (MCC) customers and by other users because of their portability, robust connectivity, and ability to house and operate third-party applications (apps). However, the apps installed on an MD may pose data security risks to the MD owner and to other MCC users, especially when the requested permissions include access to sensitive data (e.g., user’s location and contacts). Calculating the risk score of an app or quantifying its potential harmfulness based on user input or on data gathered while the app is actually running may not provide reliable and sufficiently accurate results to avoid harmful consequences. This study develops and evaluates a risk assessment framework for Android-based MDs that does not depend on user input or on actual app behavior. Rather, an app risk evaluator assigns a risk category to each resident app based on the app’s classification (benign or malicious) and the app’s risk score. The app classifier (a trained machine learning model) evaluates the permissions and intents requested by the app. The app risk score is calculated by applying a probabilistic function based on the app’s use of a set of selected dangerous permissions. The results from testing of the framework on an MD with real-life resident apps indicated that the proposed security solution was effective and feasible.

Published

2024

9. Access Control for XML Big Data Applications

Author

De la Rosa Algarin, Alberto, Demurjian, Steven A., Jackson, Eric, Meyers, Robert A., Editor-in-Chief, Lin, Tsau-Young, editor, Liau, Churn-Jung, editor, and Kacprzyk, Janusz, editor

Published

2023

10. Security of Input for Authentication in Extended Reality Environments

Author

Andrade, Tiago Martins, Roscoe, Jonathan Francis, Smith-Creasey, Max, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Yang, Xin-She, editor, Sherratt, R. Simon, editor, Dey, Nilanjan, editor, and Joshi, Amit, editor

Published

2023

11. Improvisation of Information System Security Posture Through Continuous Vulnerability Assessment

Author

Chahal, Navdeep S., Abrol, Preeti, Khosla, P. K., Kacprzyk, Janusz, Series Editor, Pal, Nikhil R., Advisory Editor, Bello Perez, Rafael, Advisory Editor, Corchado, Emilio S., Advisory Editor, Hagras, Hani, Advisory Editor, Kóczy, László T., Advisory Editor, Kreinovich, Vladik, Advisory Editor, Lin, Chin-Teng, Advisory Editor, Lu, Jie, Advisory Editor, Melin, Patricia, Advisory Editor, Nedjah, Nadia, Advisory Editor, Nguyen, Ngoc Thanh, Advisory Editor, Wang, Jun, Advisory Editor, Noor, Arti, editor, Saroha, Kriti, editor, Pricop, Emil, editor, Sen, Abhijit, editor, and Trivedi, Gaurav, editor

Published

2023

12. An adaptive randomized and secured approach against adversarial attacks.

Author

Dhamija, Lovi and Garg, Urvashi

Subjects

*DEEP learning, *ARTIFICIAL neural networks, *MACHINE learning, *GENERATIVE adversarial networks, *ALGORITHMS, *CLASSIFICATION algorithms

Abstract

With the rising trends and use of machine learning algorithms for classification and regression tasks, deep learning has been widely accepted in the Cyber and as well as non-Cyber Domain. Recent researches have shown that machine learning classifiers such as Deep Neural Networks (DNN) can be used to improve the detection against adversarial samples as well as to detect malware in the cyber security domain. However, a recent study in deep learning has found that DNN classifiers are highly vulnerable and can be evaded simply by either performing small modifications in the training model or training data. The work proposed a randomized defensive mechanism with the use of generative adversarial networks to construct more adversaries and then defend against them. Interestingly, we encountered some open challenges highlighting common difficulties faced by defensive mechanisms. We provide a general overview of adversarial attacks and proposed an Adaptive Randomized Algorithm to enhance the robustness of models. Moreover, this work aimed to ensure the security and transferability of deep learning classifiers. [ABSTRACT FROM AUTHOR]

Published

2023

13. Securing Relational Databases against Security Vulnerabilities: A Case of Microsoft SQL Server and PostgreSQL.

Author

Kilavo, Hassan, Mrutu, Salehe I., and Dudu, Robert G.

Subjects

*RELATIONAL databases, *DATABASE security, *SQL, *WEB-based user interfaces, *DATA security failures

Abstract

This study evaluates mechanisms to secure relational databases against security vulnerabilities and utilized PostgreSQL and Microsoft SQL Server due to data breach incidences reported across the world. Emulation experiments with documentary review were employed to collect necessary study data. Identification of security features and vulnerabilities that are found to affect the data tier of the web applications were examined. The findings from the study have shown that Microsoft SQL Server is more security feature-rich in terms of Confidentiality, Integrity, and Availability compared to PostgreSQL and Microsoft SQL Server is more resilient to security attacks in its default behavior compared to PostgreSQL. [ABSTRACT FROM AUTHOR]

Published

2023

14. Intelligent Detection of Cryptographic Misuse in Android Applications Based on Program Slicing andTransformer-Based Classifier.

Author

Wang, Lizhen, Wang, Jizhi, Sui, Tongtong, Kong, Lingrui, and Zhao, Yue

Subjects

ACTIVE learning, DATA security

Abstract

The utilization of cryptography in applications has assumed paramount importance with the escalating security standards for Android applications. The adept utilization of cryptographic APIs can significantly enhance application security; however, in practice, software developers frequently misuse these APIs due to their inadequate grasp of cryptography. A study reveals that a staggering 88% of Android applications exhibit some form of cryptographic misuse. Although certain tools have been proposed to detect such misuse, most of them rely on manually devised rules which are susceptible to errors and require researchers possessing an exhaustive comprehension of cryptography. In this study, we propose a research methodology founded on a neural network model to pinpoint code related to cryptography by employing program slices as a dataset. We subsequently employ active learning, rooted in clustering, to select the portion of the data harboring security issues for annotation in accordance with the Android cryptography usage guidelines. Ultimately, we feed the dataset into a transformer and multilayer perceptron (MLP) to derive the classification outcome. Comparative experiments are also conducted to assess the model's efficacy in comparison to other existing approaches. Furthermore, planned combination tests utilizing supplementary techniques aim to validate the model's generalizability. [ABSTRACT FROM AUTHOR]

Published

2023

15. Open Source Solutions for Vulnerability Assessment: A Comparative Analysis

Author

Dinis Barroqueiro Cruz, Joao Rafael Almeida, and Jose Luis Oliveira

Subjects

Application security, static application security testing, dynamic application security testing, software composition analysis, vulnerability assessment, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

As software applications continue to become more complex and attractive to cyber-attackers, enhancing resilience against cyber threats becomes essential. Aiming to provide more robust solutions, different approaches were proposed for vulnerability detection in different stages of the application life-cycle. This article explores three main approaches to application security: Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA). The analysis conducted in this work is focused on open-source solutions while considering commercial solutions to show contrast in the approaches taken and to better illustrate the different options available. It proposes a baseline comparison model to help evaluate and select the best solutions, using comparison criteria that are based on community standards. This work also identifies future opportunities for application security, highlighting some of the key challenges that still need to be addressed in order to fully protect against emerging threats, and proposes a workflow that combines the identified tools to be used for vulnerability assessments.

Published

2023

16. SDGen: A Scalable, Reproducible and Flexible Approach to Generate Real World Cyber Security Datasets

Author

Koay, Abigail M. Y., Xie, Miao, Ko, Ryan K. L., Sterner, Charles, Choi, Taejun, Dong, Naipeng, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Prates, Raquel Oliveira, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Wang, Guojun, editor, Choo, Kim-Kwang Raymond, editor, Ko, Ryan K. L., editor, Xu, Yang, editor, and Crispo, Bruno, editor

Published

2022

17. Identifying Key Activities, Artifacts and Roles in Agile Engineering of Secure Software with Hierarchical Clustering.

Author

Mihelič, Anže, Hovelja, Tomaž, and Vrhovec, Simon

Subjects

SOFTWARE engineers, HIERARCHICAL clustering (Cluster analysis), SOFTWARE engineering, COMPUTER software security, COMPUTER software development, REQUIREMENTS engineering

Abstract

Different activities, artifacts, and roles can be found in the literature on the agile engineering of secure software (AESS). The purpose of this paper is to consolidate them and thus identify key activities, artifacts, and roles that can be employed in AESS. To gain initial sets of activities, artifacts, and roles, the literature was first extensively reviewed. Activities, artifacts, and roles were then cross-evaluated with similarity matrices. Finally, similarity matrices were converted into distance matrices, enabling the use of Ward's hierarchical clustering method for consolidating activities, artifacts, and roles into clusters. Clusters of activities, artifacts, and roles were then named as key activities, artifacts, and roles. We identified seven key activities (i.e., security auditing, security analysis and testing, security training, security prioritization and monitoring, risk management, security planning and threat modeling; and security requirements engineering), five key artifacts (i.e., security requirement artifacts, security repositories, security reports, security tags, and security policies), and four key roles (i.e., security guru, security developer, penetration tester, and security team) in AESS. The identified key activities, artifacts, and roles can be used by software development teams to improve their software engineering processes in terms of software security. [ABSTRACT FROM AUTHOR]

Published

2023

18. SECURE SOFTWARE DEVELOPMENT LIFECYCLE: A CASE FOR ADOPTION IN SOFTWARE SMES.

Author

Umeugo, Wisdom

Subjects

COMPUTER software development, COMPUTER software security, COMPUTER software, VALUE (Economics), ECONOMIC activity

Abstract

Software is widely deployed and used for managing critical daily domestic, social, and economic activities. Due to software’s economic value, software is a high-value target of malicious actors and a primary source of many information security vulnerabilities. Software must be engineered to be secure because of its value. Traditional approaches to software security treat software as an addon and have been proven inadequate at producing secure software. Practicing the secure software development lifecycle (SSDLC) is recommended in academic literature. Software SMEs must adopt and practice the SSDLC for increased security of published software. This paper explores the SSDLC and makes a case for its adoption with the goal of informing security decision-makers of Software SMEs. [ABSTRACT FROM AUTHOR]

Published

2023

19. Securing Healthcare Data with Healthcare Cloud and Blockchain

Author

Ranjan, Rohit, Shekhar, Shashi, Kacprzyk, Janusz, Series Editor, Pal, Nikhil R., Advisory Editor, Bello Perez, Rafael, Advisory Editor, Corchado, Emilio S., Advisory Editor, Hagras, Hani, Advisory Editor, Kóczy, László T., Advisory Editor, Kreinovich, Vladik, Advisory Editor, Lin, Chin-Teng, Advisory Editor, Lu, Jie, Advisory Editor, Melin, Patricia, Advisory Editor, Nedjah, Nadia, Advisory Editor, Nguyen, Ngoc Thanh, Advisory Editor, Wang, Jun, Advisory Editor, Hassanien, Aboul Ella, editor, Bhattacharyya, Siddhartha, editor, Chakrabati, Satyajit, editor, Bhattacharya, Abhishek, editor, and Dutta, Soumi, editor

Published

2021

20. Security Concerns in MMO Games—Analysis of a Potent Application Layer DDoS Threat.

Author

Gavrić, Nikola and Bojović, Živko

Subjects

*MASSIVELY multiplayer online role-playing games, *DENIAL of service attacks, *HTTP (Computer network protocol), *GRAPH theory, *INTERNET protocols

Abstract

The application layer in the Internet protocol suite offers a significant degree of freedom regarding the orchestration of distributed denial-of-service attacks due to many different and unstandardized protocols. The primary focus of defending against application-layer distributed denial-of-service attacks has traditionally been Hypertext Transfer Protocols oriented while observing individual users' actions independently from one another. In this paper, we present and analyze a novel application-layer DDoS attack in massively multiplayer online games that utilize the cooperative efforts of the attackers to deplete the server's or players' bandwidth. The attack exploits in-game dependencies between players to cause a massive spike in bandwidth while the attackers' traffic remains legitimate. We introduce a multiplayer-relations graph to model user behavior on a game server. Additionally, we demonstrate the attack's devastating capabilities on an emulated World of Warcraft server. Lastly, we discuss flaws of the existing defense mechanisms and possible approaches for the detection of these attacks using graph theory and multiplayer-relations graphs. [ABSTRACT FROM AUTHOR]

Published

2022

21. Enterprise Security with Endpoint Agents

Author

Foltz, Kevin, Simpson, William R., van der Aalst, Wil, Series Editor, Mylopoulos, John, Series Editor, Rosemann, Michael, Series Editor, Shaw, Michael J., Series Editor, Szyperski, Clemens, Series Editor, Filipe, Joaquim, editor, Śmiałek, Michał, editor, Brodsky, Alexander, editor, and Hammoudi, Slimane, editor

Published

2020

22. Security Landscape for Private Cloud

Author

Manakattu, Sheeja Shaji, Murugesh, Shivakumar, Hirekurabar, Rajashekhar Ningappa, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Smys, S., editor, Bestak, Robert, editor, and Rocha, Álvaro, editor

Published

2020

23. Assessment of National Crime Reporting System: Detailed Analysis of the Mobile Application

Author

Dawson, Maurice, Taveras, Pedro, Detel, Clément, Kacprzyk, Janusz, Series Editor, Pal, Nikhil R., Advisory Editor, Bello Perez, Rafael, Advisory Editor, Corchado, Emilio S., Advisory Editor, Hagras, Hani, Advisory Editor, Kóczy, László T., Advisory Editor, Kreinovich, Vladik, Advisory Editor, Lin, Chin-Teng, Advisory Editor, Lu, Jie, Advisory Editor, Melin, Patricia, Advisory Editor, Nedjah, Nadia, Advisory Editor, Nguyen, Ngoc Thanh, Advisory Editor, Wang, Jun, Advisory Editor, and Latifi, Shahram, editor

Published

2020

24. Backstabber’s Knife Collection: A Review of Open Source Software Supply Chain Attacks

Author

Ohm, Marc, Plate, Henrik, Sykosch, Arnold, Meier, Michael, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Maurice, Clémentine, editor, Bilge, Leyla, editor, Stringhini, Gianluca, editor, and Neves, Nuno, editor

Published

2020

25. Hubungan Kualitas Informasi dan Keamanan Situs terhadap Niat Pembelian Ulang Pengguna Mobile Commerce Shopee dengan Kepuasan Konsumen sebagai Mediator.

Author

Angelia Sembiring, Redina Gabry and Sugiharto Elgeka, Honey Wahyuni

Abstract

The basic requirements of online shopping applications include providing quality information and application security for its users. Technological innovations are currently using mobile phones or called mobile commerce (M-Commerce) for access to online shopping. Shopee as one of the leading M-Commerce strives to provide a variety of access to information and increase the level of application security to maintain user satisfaction. Satisfaction with the services provided by M-Commerce can trigger user repeat purchases. This study aims to examine the relationship between information quality or application security on Shopee users' repurchase intentions with a mediator of consumer satisfaction. Survey quantitative research method with 272 Shopee consumer subjects selected using an accidental sampling technique. The data were analyzed using the Process Hayes model 4. The results showed that consumer satisfaction mediated the relationship between information quality and repurchase intention (β = 0.0596; CI = 0.03, 0.09). Meanwhile, the consumer satisfaction mediator mediates the relationship between application security and repurchase intention (β = 0.2408; CI = 0.16, 0.34). It can be concluded that feelings of satisfaction with relevant information services and application security can shape consumer intentions to buy the same application. [ABSTRACT FROM AUTHOR]

Published

2022

26. Detection of SSL/TLS Implementation Errors in Android Applications

Author

Kaya Emre CİBALIK and Cemal KOÇAK

Subjects

android, application security, ssl/tls, mobile security, Engineering (General). Civil engineering (General), TA1-2040, Science, Science (General), Q1-390

Abstract

Security Socket Layer (SSL) / Transport Layer Security (TLS) protocols are utilized to secure network communication (e.g., transmitting user data). Failing to properly implement SSL/TLS configuration during the app development results in security risks. The weak implementations include trusting all host names, trusting all certificates, ignoring certificate verification errors, even lack of SSL public key pinning usage. These unsecured implementations may cause ManIn-The-Middle (MITM) attacks. The major aim of this research is to detect configuration errors of SSL/TLS implementation in Android apps. It consists of the common use of existing open source tools in the static analysis phase and the combination of manual method in the dynamic analysis phase. During the static analysis phase, dynamic analysis of the findings obtained by scanning four types of vulnerabilities is used to verify the abuse status of SSL/TLS by testing. The dynamic analysis is essential for eliminating false positives generated at the static analysis stage. We analyze 109 apps from Google Play Store and the experimental results show that 45 (41.28%) apps contain potential security errors in the application of SSL/TLS. We verify that 19 (17.43%) out of 109 apps are vulnerable to MITM attacks.

Published

2021

27. Privacy Rating of Mobile Applications Based on Crowdsourcing and Machine Learning.

Author

Pan, Bin, Guo, Hongxia, You, Xing, and Xu, Li

Subjects

MACHINE learning, CROWDSOURCING, PRIVACY, 5G networks, DATA analysis, ACQUISITION of data, MOBILE apps, METADATA

Abstract

With the advent of the 5G network era, the convenience of mobile smartphones has become increasingly prominent, the use of mobile applications has become wider, and the number of mobile applications has increased. However, the privacy of mobile applications and the security of users' private information are worrying. This article aims to study the ratings of data and machine learning on the privacy security of mobile applications and uses the experiments in this article to conduct data collection, data analysis, and summary research. This paper experimentally establishes a machine learning model to realize the prediction of privacy scores of Android applications. The establishment of this model is based on the intent of using sensitive permissions in the application and related metadata. It is to create a regression function that can implement the mapping of applications to score. Experimental data shows that the feature vector prediction model can uniquely be used to represent the actual usage and scheme of a system's specific permissions for the application. [ABSTRACT FROM AUTHOR]

Published

2022

28. A Review on Web Application Vulnerability Assessment and Penetration Testing.

Author

Ravindran, Urshila and Potukuchi, Raghu Vamsi

Subjects

DATA security, CYBERTERRORISM, SECURITIES analysts, CONFORMANCE testing, WEB-based user interfaces

Abstract

With the increase in the number of internet users, web applications, user data there is an increase in the number of hackers all over the world. It is becoming challenging for organizations to ensure the security of the data of their employees and their customers around the world. Any cyber-attack on the organization will drastically affect the reputation of the organization as well as the loss of trust from the users or customers. Customers will not invest in these organizations who have encountered a cyber threat or attack. Hence, enabling regular security testing and checks by the penetration testers or security analysts help in preparing the organization from any security threat by testing network and applications. Even after performing the Vulnerability Assessment and Penetration Testing (VAPT) of the applications, it is extremely necessary to follow up the security patches to mitigate all the existing flaws and security vulnerabilities in the web applications under the organization. To this end, this paper presents the common web application security vulnerabilities, prior requirements for performing any security assessment of the web application along with the do's and don'ts of the assessment in accordance with each vulnerability. This paper also discusses various types of security testing and how VAPT is essential in every organization. [ABSTRACT FROM AUTHOR]

Published

2022

29. Security versus Compliance: An Empirical Study of the Impact of Industry Standards Compliance on Application Security.

Author

Stewart, Harrison

Subjects

MANAGEMENT information systems, INFORMATION resources management, CUSTOMER relationship management, EMPIRICAL research, CUSTOMER relationship management software, SECURITY systems

Abstract

The integration of security aspects into software development is an open topic, especially in highly regulated industries where standards are accompanied by a high degree of complexity. The research question of this paper relates to the misconception of industry standards compliance and security in the field of software development. Cyber attackers are constantly inventing new tools to penetrate systems and exploit even the most minor flaws, and adherence to an industry standard is not a solution. In this study, an empirical investigation is conducted over a six-month period to observe various customer relationship management (CRM) systems. To analyze and anticipate the vulnerabilities of various CRMs, penetration testing methodologies and cross-project prediction approaches are employed. Classification using multiple machine learning approaches is utilized in the study to increase the discovery of vulnerable components in each CRM. The Student t -test is also used to assess if the mean values of the two CRM datasets are substantially different from each other in order to evaluate the efficacy of overall security and its features. The results show that security best practices during application development have a significant influence on applications created in regulated environments. The action research approach used to validate this study provided positive results and its feasibility in practice to optimize security throughout the application development. This study adds to the literature on information security management systems (ISMS) and best practices in application development in terms of creating and implementing opportunities based on broader information security management measures. [ABSTRACT FROM AUTHOR]

Published

2022

30. Touchscreen Behavioural Biometrics Authentication in Self-contained Mobile Applications Design

Author

Kałużny, Piotr, van der Aalst, Wil, Series Editor, Mylopoulos, John, Series Editor, Rosemann, Michael, Series Editor, Shaw, Michael J., Series Editor, Szyperski, Clemens, Series Editor, Abramowicz, Witold, editor, and Corchuelo, Rafael, editor

Published

2019

31. Measuring Application Security

Author

Horn, Christopher, D‘Amico, Anita, Kacprzyk, Janusz, Series Editor, Pal, Nikhil R., Advisory Editor, Bello Perez, Rafael, Advisory Editor, Corchado, Emilio S., Advisory Editor, Hagras, Hani, Advisory Editor, Kóczy, László T., Advisory Editor, Kreinovich, Vladik, Advisory Editor, Lin, Chin-Teng, Advisory Editor, Lu, Jie, Advisory Editor, Melin, Patricia, Advisory Editor, Nedjah, Nadia, Advisory Editor, Nguyen, Ngoc Thanh, Advisory Editor, Wang, Jun, Advisory Editor, Ahram, Tareq Z., editor, and Nicholson, Denise, editor

Published

2019

32. User behaviour analysis using data analytics and machine learning to predict malicious user versus legitimate user

Author

Rohit Ranjan and Shashi Shekhar Kumar

Subjects

Application security, Big data analytics, Machine learning, Random forest, Behavioral analysis, Prediction, Electronic computers. Computer science, QA75.5-76.95

Abstract

Research-based on user behavior analysis for authentication is the motivation for this research. We move ahead using a behavioral approach to identify malicious users and legitimate users. In this paper, we have explained how we have applied big data analytics to application-layer logs and predicted malicious users by employing a Machine Learning algorithm based on certain metrics explained later in the paper. Machine Learning would present a list of IP addresses or user identification tokens (UIT),deduced from live data which would be performing a malicious activity or are suspected of malicious activity based on their browsing behavior. We have created an e-commerce web application and induced vulnerabilities intentionally for this purpose. We have hosted our setup on LAMP [1] stack based on AWS cloud [2]. This method has a huge potential as any organization can imply this to monitor probable attackers thus narrowing down on their efforts to safeguard their infrastructure. The idea is based on the fact that the browsing pattern, as well as the access pattern of a genuine user,varies widely with that of a hacker. These patterns would be used to sort out the incoming traffic from and list out IP addresses and UIT that are the most probable cases of hack attempts.

Published

2022

33. 25 Years in Application Security: Looking Back, Looking Forward.

Author

Shostack, Adam, Massacci, Fabio, Bodden, Eric, and Sabetta, Antonino

Abstract

The author looks at 25 years of industrial application security through a lens of a code review document released in 1996, examines the progress that's been made and what those trends imply for the future. [ABSTRACT FROM AUTHOR]

Published

2022

34. АНАЛІЗ МЕТОДОЛОГІЇ DEVSECOPS В ПРОЦЕСАХ РОЗРОБКИ ПРОГРАМНОГО ЗАБЕЗПЕЧЕННЯ

Author

Andrii Oleksandrovich Hapon, Volodymyr Mykolayovych Fedorchenko, Andrii Oleksandrovich Polyakov, Valeriy Yuriyovich Volovshchykov, and Viktor Alexeevich Guzhva

Subjects

devsecops, application security, infrastructure security, sdlc, bsimm, opensamm, Technology

Abstract

Предметом дослідження в статті є методологія розробки і захисту програмного забезпечення в рамках DevSecOps. Дана методологія змінила підхід до забезпечення безпеки з реактивного на проактивний, а також підкреслює важливість забезпечення безпеки на всіх рівнях організації. DevSecOps означає забезпечення безпеки в розробці додатків від самих ранніх етапів до самого кінця, а також включає в себе ав томатизацію деяких шлюзів безпеки, щоб запобігти уповільнення робочого процесу DevOps. Необхідно підтримувати короткі і часто повторювані цикли розробки програмного продукту, а також інтегрувати заходи безпеки. Вибір правильних інструментів для безперервної інтеграції безпеки може допомогти в досягненні цих цілей. Сучасні інструменти автоматизації допомогли організаціям впровадити більш гнучкі методи розробки, а також зіграли свою роль в розробці нових заходів безпеки. Для ефективного захисту DevOps потрібні не тільки нові інструменти, а й зміни в самій організації процесів DevOps, щоб швидше інтегрувати роботу груп фахівців з безпеки з іншими спеціалістами, що призведе до покращення якості продукту. Стаття присвячена детальному аналізу сучасних підходів і методологій систематизації розробки та захисту програмного забезпечення, серед яких SDLC, BSIMM і OpenSAMM. Мета роботи – класифікація підходів до побудови процесів DevSecOps, а також розгляд методологій систематизації існуючих засобів захисту програмного забезпечення, що забезпечують взаємодію команди розробників і фахівців із захисту інформації в рамках одного життєвого циклу розробки. У статті вирішуються наступні завдання: розгляд і аналіз підходів побудови процесів DevSecOps і розгляд методологій систематизації засобів захисту програмного забезпечення. Отримані наступні результати: проаналізовано необхідні складові для побудови DevSecOps процесів. Висновки: проведений аналіз дозволяє класифікувати процес розробки і захисту програмного забезпечення за допомогою методології DevSecOps.

Published

2020

35. The Mediating Role of Trust in the Relationship Between Corporate Image, Security, Word of Mouth and Loyalty in M-Banking Using among the Millennial Generation in Indonesia

Author

Purwanto Edi, Deviny July, and Mutahar Ahmed M.

Subjects

loyalty, corporate image, application security, word of mouth, trust, Business, HF5001-6182

Abstract

Millennials have a lifestyle that is different from previous generations. Millennial Generation lives and grows together with rapid technological growth and currently dominates the population in Indonesia. The purpose of this study is to empirically determine the factors that influence the millennial generation’s loyalty to mobile banking applications. Elements used to analyze the millennial generation’s loyalty are corporate image, application security, word of mouth (WoM), and trust. Data collected through questionnaires from a sample of 395mobile banking users in Indonesia. The study uses structural equation modeling (SEM) to test the hypotheses with Amos 24 as the analysis tool. The results of the study proved that all predictions are proven significant. The trust in mobile banking mediates the effects of corporate image, application security, and word of mouth on millennial’s loyalty. The respondent of the research was millennial mobile banking users in Indonesia. Therefore, the model should be replicated among other mobile banking users in other countries. Banks have to maintain an excellent corporate image and get a positive transmission because, in this digitalization era, information can spread very quickly between friends, relatives, family, or through the internet, digital media, and social media. Banking also needs to include a guaranteed level of application security in the mobile banking application provided to gain the trust of users and be able to foster and increase their loyalty. However, there are still other factors that can influence millennial’s loyalty to a mobile banking application.

Published

2020

36. Cloud-Native Application Security: Risks, Opportunities, and Challenges in Securing the Evolving Attack Surface.

Author

Chernyshev, Maxim, Baig, Zubair, and Zeadally, Sherali

Subjects

*DATA security failures, *SECURITY management, *COMPUTER security

Abstract

Insecure cloud-native applications (CNAs) will continue to experience security compromises including data breaches due to their dynamic, complex, and varied threat landscape. We review current application security techniques, examine their benefits and shortcomings in the context of CNAs, and point out future research opportunities. [ABSTRACT FROM AUTHOR]

Published

2021

37. Secure Cloud Infrastructure: A Survey on Issues, Current Solutions, and Open Challenges.

Author

Alghofaili, Yara, Albattah, Albatul, Alrajeh, Noura, Rassam, Murad A., and Al-rimy, Bander Ali Saleh

Subjects

COMMUNICATION infrastructure, COMPUTER systems, CLOUD computing, DATA security, BUSINESS models, COMPUTER network security, EMAIL security

Abstract

Cloud computing is currently becoming a well-known buzzword in which business titans, such as Microsoft, Amazon, and Google, among others, are at the forefront in developing and providing sophisticated cloud computing systems to their users in a cost-effective manner. Security is the biggest concern for cloud computing and is a major obstacle to users adopting cloud computing systems. Maintaining the security of cloud computing is important, especially for the infrastructure. Several research works have been conducted in the cloud infrastructure security area; however, some gaps have not been completely addressed, while new challenges continue to arise. This paper presents a comprehensive survey of the security issues at different cloud infrastructure levels (e.g., application, network, host, and data). It investigates the most prominent issues that may affect the cloud computing business model with regard to infrastructure. It further discusses the current solutions proposed in the literature to mitigate the different security issues at each level. To assist in solving the issues, the challenges that are still unsolved are summarized. Based on the exploration of the current challenges, some cloud features such as flexibility, elasticity and the multi-tenancy are found to pose new challenges at each infrastructure level. More specifically, the multi-tenancy is found to have the most impact at all infrastructure levels, as it can lead to several security problems such as unavailability, abuse, data loss and privacy breach. This survey concludes by giving some recommendations for future research. [ABSTRACT FROM AUTHOR]

Published

2021

38. MDA Approach for Application Security Integration with Automatic Code Generation from Communication Diagram

Author

Abdellatif, Lasbahani, Chhiba, Mostafa, Tabyaoui, Abdelmoumen, Mjihil, Oussama, Kacprzyk, Janusz, Series editor, Pal, Nikhil R., Advisory editor, Bello Perez, Rafael, Advisory editor, Corchado, Emilio S., Advisory editor, Hagras, Hani, Advisory editor, Kóczy, László T., Advisory editor, Kreinovich, Vladik, Advisory editor, Lin, Chin-Teng, Advisory editor, Lu, Jie, Advisory editor, Melin, Patricia, Advisory editor, Nedjah, Nadia, Advisory editor, Nguyen, Ngoc Thanh, Advisory editor, Wang, Jun, Advisory editor, and Noreddine, Gherabi, editor

Published

2018

39. PartiSan: Fast and Flexible Sanitization via Run-Time Partitioning

Author

Lettner, Julian, Song, Dokyung, Park, Taemin, Larsen, Per, Volckaert, Stijn, Franz, Michael, Hutchison, David, Series Editor, Kanade, Takeo, Series Editor, Kittler, Josef, Series Editor, Kleinberg, Jon M., Series Editor, Mattern, Friedemann, Series Editor, Mitchell, John C., Series Editor, Naor, Moni, Series Editor, Pandu Rangan, C., Series Editor, Steffen, Bernhard, Series Editor, Terzopoulos, Demetri, Series Editor, Tygar, Doug, Series Editor, Weikum, Gerhard, Series Editor, Bailey, Michael, editor, Holz, Thorsten, editor, Stamatogiannakis, Manolis, editor, and Ioannidis, Sotiris, editor

Published

2018

40. Security Concerns in MMO Games—Analysis of a Potent Application Layer DDoS Threat

Author

Nikola Gavrić and Živko Bojović

Subjects

distributed denial-of-service attacks, application security, graph theory, gaming, massively multiplayer online games, application-layer DDoS, Chemical technology, TP1-1185

Abstract

The application layer in the Internet protocol suite offers a significant degree of freedom regarding the orchestration of distributed denial-of-service attacks due to many different and unstandardized protocols. The primary focus of defending against application-layer distributed denial-of-service attacks has traditionally been Hypertext Transfer Protocols oriented while observing individual users’ actions independently from one another. In this paper, we present and analyze a novel application-layer DDoS attack in massively multiplayer online games that utilize the cooperative efforts of the attackers to deplete the server’s or players’ bandwidth. The attack exploits in-game dependencies between players to cause a massive spike in bandwidth while the attackers’ traffic remains legitimate. We introduce a multiplayer-relations graph to model user behavior on a game server. Additionally, we demonstrate the attack’s devastating capabilities on an emulated World of Warcraft server. Lastly, we discuss flaws of the existing defense mechanisms and possible approaches for the detection of these attacks using graph theory and multiplayer-relations graphs.

Published

2022

41. Event Tracing for Application Security Monitoring in Linux.

Author

Whitter-Jones, Jack, Griffiths, Mark, and Davies, Ross

Abstract

The modern corporate landscape is one that encourages the deployment of intrusion detection and incident response as a core part of an organisation’s security strategy. With the growing sophistication of cybercrime, organisations are looking at more ways to provide early indicators and contextual understanding to their security analysts to aid in mitigating security breaches. This paper presents the use of event tracing for intrusion detection within the Linux operating system via the Extended Berkley Packet Filter and gives an evaluation of its effectiveness. Within the research, one primary aim and one secondary aim is established. The primary aim of the research is to evaluate the use of event tracing to provide intrusion detection capabilities within the Linux operating system, with a further evaluation on how event tracing could compliment current monitoring techniques, e.g., Log collection. The secondary aim of this research is to discuss the possibilities of using event tracing within the emerging and embedded technologies market. To provide answers to these aims the research involves an experimental method to evaluate how event tracing can be used to detect two web-based attacks: SQL injection and path traversal. The results of the experiment present three key findings. Firstly, the use of event tracing within the Linux operating system can provide clear indicators of SQL Injection and web traversal attacks. Secondly, event tracing can introduce another way of interacting with running applications to provide forensic data, while maintaining confidentiality and integrity. Finally, event tracing can complement traditional logging techniques to supply further context and indicators relating to web-based attacks. Future work will target intrusive behaviour through the adoption of event tracing to supply indicators of attack and compromise within the emerging and embedded technologies market. Such work within the field could help advance the security community in monitoring very ad-hoc security practices. [ABSTRACT FROM AUTHOR]

Published

2020

42. Measuring the Sustainable-Security of Web Applications Through a Fuzzy-Based Integrated Approach of AHP and TOPSIS

Author

Alka Agrawal, Mamdouh Alenezi, Rajeev Kumar, and Raees Ahmad Khan

Subjects

Sustainable software, design sustainability, application security, sustainable-security, fuzzy AHP, fuzzy TOPSIS, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Ensuring sustainable-security of web applications for minimizing security breaches and enhancing users' trust and satisfaction is the foremost priority of all security experts and web developers. However, sustainable-security is multidimensional, emergent, and an irreducible concept. Also, designing sustainable-security of web application is a complex process because it is a multi-attribute approach which is based on the users' needs and organization's policies. In this context, the decision making process could be an effective means to quantitatively evaluate sustainable-security of web application design. In this research study, the authors have used a technique that involves integrating Fuzzy Analytic Hierarchy Process (Fuzzy AHP) and Fuzzy Technique for Order of Preference by Similarity to Ideal Solution (Fuzzy TOPSIS) approaches for the assessment of sustainable-security of web applications. The efficacy of this technique has then been tested on a web application designed specifically to cater to the requisites of an academic institution, Babasaheb Bhimrao Ambedkar University in India. Given the sensitivity of web application, this paper has used different versions of a University web application. The results thus obtained and the approach employed in this study would definitely aid the future researchers and developers in designing web applications with higher sustainable-security.

Published

2019

43. Using the ISO/IEC 27034 as Reference to Develop an Application Security Control Library

Author

Siqueira, Alexssander A., Reinehr, Sheila, Malucelli, Andreia, Diniz Junqueira Barbosa, Simone, Series editor, Chen, Phoebe, Series editor, Du, Xiaoyong, Series editor, Filipe, Joaquim, Series editor, Kotenko, Igor, Series editor, Liu, Ting, Series editor, Sivalingam, Krishna M., Series editor, Washio, Takashi, Series editor, Stolfa, Jakub, editor, Stolfa, Svatopluk, editor, O'Connor, Rory V., editor, and Messnarz, Richard, editor

Published

2017

44. Detection of SSL/TLS Implementation Errors in Android Applications.

Author

CİBALIK, Kaya Emre and KOÇAK, Cemal

Subjects

CELL phones, STATISTICS, DYNAMICS

Abstract

Security Socket Layer (SSL) / Transport Layer Security (TLS) protocols are utilized to secure network communication (e.g., transmitting user data). Failing to properly implement SSL/TLS configuration during the app development results in security risks. The weak implementations include trusting all host names, trusting all certificates, ignoring certificate verification errors, even lack of SSL public key pinning usage. These unsecured implementations may cause Man-In-The-Middle (MITM) attacks. The major aim of this research is to detect configuration errors of SSL/TLS implementation in Android apps. It consists of the common use of existing open source tools in the static analysis phase and the combination of manual method in the dynamic analysis phase. During the static analysis phase, dynamic analysis of the findings obtained by scanning four types of vulnerabilities is used to verify the abuse status of SSL/TLS by testing. The dynamic analysis is essential for eliminating false positives generated at the static analysis stage. We analyze 109 apps from Google Play Store and the experimental results show that 45 (41.28%) apps contain potential security errors in the application of SSL/TLS. We verify that 19 (17.43%) out of 109 apps are vulnerable to MITM attacks. [ABSTRACT FROM AUTHOR]

Published

2021

45. CASE STUDY: SECURITY OF SYSTEM FOR REMOTE MANAGEMENT OF WINDOWS.

Author

Dervišević, Tarik, Baraković, Sabina, and Husić, Jasmina Baraković

Subjects

SECURITY systems, DISCLOSURE, COMPUTER network security

Abstract

Copyright of B&H Electrical Engineering is the property of Sciendo and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2020

46. Security and Privacy Analysis of Mobile Health Applications: The Alarming State of Practice

Author

Achilleas Papageorgiou, Michael Strigkos, Eugenia Politou, Efthimios Alepis, Agusti Solanas, and Constantinos Patsakis

Subjects

Communication system security, mobile security, application security, data privacy, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Recent advances in hardware and telecommunications have enabled the development of low cost mobile devices equipped with a variety of sensors. As a result, new functionalities, empowered by emerging mobile platforms, allow millions of applications to take advantage of vast amounts of data. Following this trend, mobile health applications collect users health-related information to help them better comprehend their health status and to promote their overall wellbeing. Nevertheless, health-related information is by nature and by law deemed sensitive and, therefore, its adequate protection is of substantial importance. In this paper we provide an in-depth security and privacy analysis of some of the most popular freeware mobile health applications. We have performed both static and dynamic analysis of selected mobile health applications, along with tailored testing of each application's functionalities. Long term analyses of the life cycle of the reviewed apps and our general data protection regulation compliance auditing procedure are unique features of the present paper. Our findings reveal that the majority of the analyzed applications do not follow well-known practices and guidelines, not even legal restrictions imposed by contemporary data protection regulations, thus jeopardizing the privacy of millions of users.

Published

2018

47. Educational modules and research surveys on critical cybersecurity topics.

Author

Wang, Lixin, Yang, Jianhua, and Wan, Peng-Jun

Subjects

*COMPUTER networks, *INTERNET security, *EDUCATION research, *HIGHER education, *COMPUTER systems, *COMPUTER crime prevention, *CYBER intelligence (Computer security), *VIRTUAL classrooms

Abstract

Cybersecurity comprised all the technologies and practices that protect data as well as computer and network systems. In this article, we develop four course modules on critical cybersecurity topics that can be adopted in college-level cybersecurity courses in which these topics are covered. Our goal for developing these course modules with the hands-on labs is to increase students' understanding and hands-on experiences on these critical topics that support cyber skills development for college students. The hands-on labs are designed to enhance students' engagement and provide them hands-on experiences with real-world cyber activities to augment their cyber education of both foundational and advanced skills. We also conduct research surveys on the most-recent significant research in these critical cybersecurity fields. These cybersecurity course modules with the labs are also designed to help college/university professors enhance and update their cybersecurity course content, activities, hands-on lab exercises, and pedagogical methods, as well as emphasize the cyber skills to meet today's pressing cybersecurity education needs for college students. Our proposed cybersecurity modules with hands-on labs will also help building the nation's cybersecurity workforce. [ABSTRACT FROM AUTHOR]

Published

2020

48. 国家电网边缘计算应用安全风险评估研究.

Author

郭昊, 何小芸, 孙学洁, 陈红松, 刘周斌, and 颉靖

Abstract

According to a series of the national cyber security level protection and risk assessment standards and the characteristics of electric power information systems, a risk assessment model for application security of state grid edge computing is proposed. Then, the vulnerability scanning tools AW VS and AppScan are used to target security vulnerability evaluation and risk assessment experiments on the open source web application target software BWAPP that integrates the latest security vulnerabilities. Finally，the fuzzy analytic hierarchy method is used to comprehensively evaluate the security of Web application security. Based on the test results of the application security, the security assessment data are compiled to realize the verification of the application security risk assessment of the state grid edge computing. [ABSTRACT FROM AUTHOR]

Published

2020

49. Integrating security and privacy in software development.

Author

Baldassarre, Maria Teresa, Barletta, Vita Santa, Caivano, Danilo, and Scalera, Michele

Subjects

COMPUTER software development, SOURCE code, SYSTEMS software, PRIVACY, ARCHITECTURAL design, COMPUTER security vulnerabilities, SOFTWARE refactoring

Abstract

As a consequence to factors such as progress made by the attackers, release of new technologies and use of increasingly complex systems, and threats to applications security have been continuously evolving. Security of code and privacy of data must be implemented in both design and programming practice to face such scenarios. In such a context, this paper proposes a software development approach, Privacy Oriented Software Development (POSD), that complements traditional development processes by integrating the activities needed for addressing security and privacy management in software systems. The approach is based on 5 key elements (Privacy by Design, Privacy Design Strategies, Privacy Pattern, Vulnerabilities, Context). The approach can be applied in two directions forward and backward, for developing new software systems or re-engineering an existing one. This paper presents the POSD approach in the backward mode together with an application in the context of an industrial project. Results show that POSD is able to discover software vulnerabilities, identify the remediation patterns needed for addressing them in the source code, and design the target architecture to be used for guiding privacy-oriented system re-engineering. [ABSTRACT FROM AUTHOR]

Published

2020

50. The Mediating Role of Trust in the Relationship Between Corporate Image, Security, Word of Mouth and Loyalty in MBanking Using among the Millennial Generation in Indonesia.

Author

PURWANTO, Edi, DEVINY, July, and MUTAHAR, Ahmed M.

Subjects

CORPORATE image, MILLENNIALS, MOBILE banking industry, LOYALTY, STRUCTURAL equation modeling

Abstract

Millennials have a lifestyle that is different from previous generations. Millennial Generation lives and grows together with rapid technological growth and currently dominates the population in Indonesia. The purpose of this study is to empirically determine the factors that influence the millennial generation's loyalty to mobile banking applications. Elements used to analyze the millennial generation's loyalty are corporate image, application security, word of mouth (WoM), and trust. Data collected through questionnaires from a sample of 395mobile banking users in Indonesia. The study uses structural equation modeling (SEM) to test the hypotheses with Amos 24 as the analysis tool. The results of the study proved that all predictions are proven significant. The trust in mobile banking mediates the effects of corporate image, application security, and word of mouth on millennial's loyalty. The respondent of the research was millennial mobile banking users in Indonesia. Therefore, the model should be replicated among other mobile banking users in other countries. Banks have to maintain an excellent corporate image and get a positive transmission because, in this digitalization era, information can spread very quickly between friends, relatives, family, or through the internet, digital media, and social media. Banking also needs to include a guaranteed level of application security in the mobile banking application provided to gain the trust of users and be able to foster and increase their loyalty. However, there are still other factors that can influence millennial's loyalty to a mobile banking application. [ABSTRACT FROM AUTHOR]

Published

2020