Title: Risk-driven security metrics for an Android smartphone application

Authors: Reijo M. Savola; Markku Kylänpää; Habtamu Abie

Addresses: VTT Technical Research Centre of Finland Ltd, Kaitoväylä 1, FI-90590 Oulu, Finland ' VTT Technical Research Centre of Finland Ltd, P.O. Box 1000, FI-02044 VTT, Finland ' Norwegian Computing Center, P.O. Box 114 Blindern, NO-0314 Oslo, Norway

Abstract: Security management in Android smartphone platforms is a challenge. This challenge can be overcome at least partially by developing systematically risk-driven security objectives and controls for the target system, and determining how to offer sufficient evidence of its security performance via metrics. The target system of our investigation is an Android platform utilised for public safety and security mobile networks. We develop and analyse the security objectives and controls for these systems based on a technological risk analysis. In addition, we investigate how effective and efficient security metrics can be developed for the target system, and describe implementation details of enhanced security controls for authentication, authorisation, and integrity objectives. Our analysis includes implementation details of selected security controls and a discussion of their security effectiveness. It also includes conceptualisation and description of adaptive security for an Android platform which can improve the flexibility and effectiveness of these security controls and end-users confidence in service providers.

Keywords: Android; security objectives; security metrics; security effectiveness; risk analysis.

DOI: 10.1504/IJEB.2020.111059

International Journal of Electronic Business, 2020 Vol.15 No.4, pp.297 - 324

Accepted: 02 Aug 2018
Published online: 09 Nov 2020 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article