A Self-protecting Approach for Service-oriented Mobile Applications

The evolution of software systems in the last 10 years has brought new challenges for the development area, especially for service-oriented Mobile Applications (MobApps). In the mobile computing domain, the integration of MobApps into service-based systems has been a feasible alternative to boost the capacity of processing and storage of such applications. In parallel, this type of application needs monitoring approaches mainly due to the need of dealing with a large number of users, continuous changes in the execution environment, and security threats. Besides that, most MobApps do not present the self-protecting property by default, resulting in a number of adverse situations, such as integrity of execution, reliability, security, and adaptations at runtime. The principal contribution of this paper is an approach based on MAPE-K (Monitor-Analyze-Plan-Execute over Knowledge) loop and machine learning techniques to ensure self-protecting features in MobApps, in particular, those based on services. Experimental results showed that this approach can autonomously and dynamically mitigate threats, making these applications more trustworthy and intrusion-safe. Our approach has good potential to contribute to the development of MobApps, going beyond existing approaches.

[1]  David Sinreich,et al.  An architectural blueprint for autonomic computing , 2006 .

[2]  Bob Martin,et al.  2010 CWE/SANS Top 25 Most Dangerous Software Errors , 2010 .

[3]  Ladan Tahvildari,et al.  Self-adaptive software: Landscape and research challenges , 2009, TAAS.

[4]  Sam Malek,et al.  A taxonomy and survey of self-protecting software systems , 2012, 2012 7th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS).

[5]  Mohammed S. Zahrani Self-Protection and Security in Mobile Cloud Computing , 2016 .

[6]  Evangelina Lara,et al.  Adaptive Security Based on MAPE-K: A Survey , 2019 .

[7]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[8]  Yaser Mowafi,et al.  A Context-aware Adaptive Security Framework for Mobile Applications , 2014, ICCASA.

[9]  Iqbal H. Sarker,et al.  Cybersecurity data science: an overview from machine learning perspective , 2020, Journal of Big Data.

[10]  Sam Malek,et al.  A Systematic Survey of Self-Protecting Software Systems , 2014, ACM Trans. Auton. Adapt. Syst..

[11]  Schahram Dustdar,et al.  A survey on self-healing systems: approaches and systems , 2010, Computing.

[12]  Mohamed Amoud,et al.  Dynamic adaptation and reconfiguration of security in mobile devices , 2017, 2017 International Conference On Cyber Incident Response, Coordination, Containment & Control (Cyber Incident).

[13]  Rami Bahsoon,et al.  A Survey on Self-Adaptive Security for Large-scale Open Environments , 2019, ACM Comput. Surv..

[14]  Jagannath Aghav,et al.  A software architecture for provisioning of mobile services: An OSGi implementation , 2011, Perspective Technologies and Methods in MEMS Design.

[15]  Kai Petersen,et al.  Guidelines for conducting systematic mapping studies in software engineering: An update , 2015, Inf. Softw. Technol..

[16]  Maninder Singh,et al.  SASM- An Approach towards Self-protection in Grid Computing , 2011, ICISTM.

[17]  Marc Lacoste,et al.  A Software Framework for Autonomic Security in Pervasive Environments , 2007, ICISS.

[18]  Qiang Ye,et al.  A Context-Adaptive Security Framework for Mobile Cloud Computing , 2015, 2015 11th International Conference on Mobile Ad-hoc and Sensor Networks (MSN).

[19]  Nitesh Kumar,et al.  Automated Classification of Web-Application Attacks for Intrusion Detection , 2019, SPACE.