Secure Mobile E-Business Applications
Authors: Hala A. Alrumaih
It is widely believed that mobile device is a promising technology for lending the opportunity for the third wave of electronic commerce. Mobile devices have changed the way companies do business. Many applications are under development or being incorporated into business processes. In this day, mobile applications are a vital component of any industry strategy.One of the greatest benefits of selling merchandise and providing services on a mobile application is that it widens a company’s customer base significantly.Mobile applications are accessible to interested customers across regional and international borders in different electronic business (e-business) area. But there is a dark side to this success story. The security risks associated with mobile devices and applications are very significant. This paper introduces a broad risk analysis for the various threats, vulnerabilities, and risks in mobile e-business applications and presents some important risk mitigation approaches. It reviews and compares two different frameworks for security assurance in mobile e-business applications. Based on the comparison, the paper suggests some recommendations for applications developers and business owners in mobile e-business application development process.
Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1099034Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1822
 “IDC Forecasts Worldwide Mobile Applications Revenues to Experience More Than 60% Compound Annual Growth Through 2014,” www.idc.com. (Online). Available: http://www.idc.com/getdoc.jsp?containerId=prUS22617910. (Accessed: 20-Apr-2014).
 “Information Security: Better Implementation of Controls for Mobile Devices Should Be Encouraged.” (Online). Available: http://www.gao.gov/products/GAO-12-757. (Accessed: 20-Apr-2014).
 S. Beji and N. E. Kadhi, “Security Ontology Proposal for Mobile Applications,” 2009, pp. 580–587.
 V. L. Uskov, “Mobile software engineering in mobile computing curriculum,” in Interdisciplinary Engineering Design Education Conference (IEDEC), 2013 3rd, 2013, pp. 93–99.
 Compuware Corporation, “Mobile Apps: What Consumers Really Need and Want.” 2012.
 Compuware Corporation, “Mobile Computing.” 2011.
 K. Burden, “Business Benefits of Industry-Specific Mobile Applications.” Oct-2005.
 M. Gunnarsson, “The business benefits of enterprise mobile solutions.” 2012.
 A. K. Jain and D. Shanbhag, “Addressing security and privacy risks in mobile applications,” IT Prof., vol. 14, no. 5, pp. 0028–33, 2012.
 C. Gates, N. Li, H. Peng, B. Sarma, Y. Qi, R. Potharaju, C. Nita-Rotaru, and I. Molloy, “Generating Summary Risk Scores for Mobile Applications,” IEEE Trans. Dependable Secure Comput., vol. 11, no. 3, pp. 238–251, May 2014.
 S. Moran, “Security for mobile ATE applications,” in AUTOTESTCON, 2012 IEEE, 2012, pp. 204–208.
 J. Swartz, “Security systems for a mobile world,” Technol. Soc., vol. 25, no. 1, pp. 5–25, Jan. 2003.
 S. Motahari, S. Ziavras, M. Naaman, M. Ismail, and Q. Jones, “Social Inference Risk Modeling in Mobile and Social Applications,” 2009, pp. 125–132.
 J. Jang-Jaccard, J. Li, S. Nepal, and L. Alem, “Security analysis of mobile applications: A case study of a collaboration tool in healthcare,” in Collaborative Computing: Networking, Applications and Worksharing (Collaboratecom), 2013 9th International Conference Conference on, 2013, pp. 553–562.
 S. M. Dye and K. Scarfone, “A standard for developing secure mobile applications,” Comput. Stand. Interfaces, vol. 36, no. 3, pp. 524–530, Mar. 2014.
 S. Wankhade, “Ensuring Mobile Application Security.” Enterprise Mobility group at Dell Services, 2013.
 G. Delac, M. Silic, and J. Krolo, “Emerging security threats for mobile platforms,” in MIPRO, 2011 Proceedings of the 34th International Convention, 2011, pp. 1468–1473.
 C. Jianmin, “Research on Behavior-based Detection Method for Mobile Application Security,” 2012, pp. 240–243.
 J. Payne, “Secure mobile application development,” IT Prof., vol. 15, no. 3, pp. 0006–9, 2013.
 “Common Weakness Enumeration.” (Online). Available: http://cwe.mitre.org. (Accessed: 05-May-2014).
 “SANS Information, Network, Computer Security Training, Research, Resources.” (Online). Available: http://www.sans.org. (Accessed: 05-May-2014).
 “The CERT ORACLE Secure Coding Standard for Java.” (Online). Available: https://www.securecoding.cert.org/confluence/display/java/The+CERT+Oracle+Secure+Coding+Standard+for+Java. (Accessed: 05-May-2014).
 “NASA Office of Safety and Mission Assurance (OSMA).” (Online). Available: http://www.hq.nasa.gov/office/codeq/doctree/. (Accessed: 02-May-2014).
 “CLASP (Comprehensive, Lightweight Application Security Process).” (Online). Available: https://buildsecurityin.us-cert.gov/resources/websites/clasp. (Accessed: 10-May-2014).
 “Software Assurance Maturity Model (SAMM): A guide to building security into software development.” (Online). Available: http://www.opensamm.org/. (Accessed: 10-May-2014).
 M. Elkhodr, S. Shahrestani, and K. Kourouche, “A proposal to improve the security of mobile banking applications,” in ICT and Knowledge Engineering (ICT & Knowledge Engineering), 2012 10th International Conference on, 2012, pp. 260–265.
 F. Goncalves, J. Macedo, M. J. Nicolau, and A. Santos, “Security architecture for mobile e-health applications in medication control,” in Software, Telecommunications and Computer Networks (SoftCOM), 2013 21st International Conference on, 2013, pp. 1–8.