A Software Security Optimization Architecture (SoSOA) and its Adaptation for Mobile Applications

Security attacks become daily news due to an exposure of a security threat in a widely used software. Taking software security into consideration during the analysis, design, and implementation phases is a must. A software application should be protected against any security threat such as unauthorized distribution or code retrieval. Due to the lack of applying a software security standard architecture, developers may create software that may be vulnerable to many types of security threats. This paper begins by reviewing different types of known software security threats and their countermeasure mechanisms. Then, it proposes a new security optimization architecture for software applications. This architecture is a step towards establishing a standard to guarantee the software's security. Furthermore, it proposes an adapted software security optimization architecture for mobile applications. Besides, it presents an algorithmic implementation of the newly proposed architecture, then it proves its security. Moreover, it builds a secure mobile application based on the newly proposed architecture.

[1]  Mohamed Hadi Habaebi,et al.  IoT Light Weight (LWT) Crypto Functions , 2019, Int. J. Interact. Mob. Technol..

[2]  Haider Th. Salim Alrikabi,et al.  Combination of Hiding and Encryption for Data Security , 2020, Int. J. Interact. Mob. Technol..

[3]  Gail C. Murphy,et al.  Investigating whether and how software developers understand open source software licensing , 2018, Empirical Software Engineering.

[4]  Vivek Balachandran,et al.  AEON: Android Encryption based Obfuscation , 2018, CODASPY.

[5]  Lili Liu,et al.  ProGuard: Detecting Malicious Accounts in Social-Network-Based Online Promotions , 2017, IEEE Access.

[6]  Aniello Cimitile,et al.  Formal Methods Meet Mobile Code Obfuscation Identification of Code Reordering Technique , 2017, 2017 IEEE 26th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE).

[7]  Yuanyuan Zhang,et al.  A Survey of App Store Analysis for Software Engineering , 2017, IEEE Transactions on Software Engineering.

[8]  Zainab S. Alwan,et al.  Detection and Prevention of SQL Injection Attack: A Survey , 2017 .

[9]  Fenlin Liu,et al.  Exception Handling-Based Dynamic Software Watermarking , 2018, IEEE Access.

[10]  Samir Abou El-Seoud,et al.  A Novel Model for Securing Mobile-based Systems against DDoS Attacks in Cloud Computing Environment , 2019, Int. J. Interact. Mob. Technol..

[11]  Mila Dalla Preda,et al.  Testing android malware detectors against code obfuscation: a systematization of knowledge and unified methodology , 2016, Journal of Computer Virology and Hacking Techniques.

[12]  Ernesto Damiani,et al.  Location Privacy Protection Through Obfuscation-Based Techniques , 2007, DBSec.

[13]  Enrico Grosso,et al.  Biometric Authentication and Data Security in Cloud Computing , 2018, Computer and Network Security Essentials.

[14]  Lars C. Wolf,et al.  OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android , 2017, Proc. ACM Interact. Mob. Wearable Ubiquitous Technol..

[15]  Ludovic Mé,et al.  Code obfuscation techniques for metamorphic viruses , 2008, Journal in Computer Virology.

[16]  I. N. Ledovskikh,et al.  On the Representation of Results of Binary Code Reverse Engineering , 2018, Programming and Computer Software.

[17]  Kangbin Yim,et al.  Malware Obfuscation Techniques: A Brief Survey , 2010, 2010 International Conference on Broadband, Wireless Computing, Communication and Applications.

[18]  David A. Cooper,et al.  Protecting Software Integrity Through Code Signing | NIST , 2018 .

[19]  Prabhpreet Kaur,et al.  A Comparative Analysis of Static and Dynamic Java Bytecode Watermarking Algorithms , 2018, Advances in Intelligent Systems and Computing.

[20]  L PavaniV. A Novel Authentication Mechanism to Prevent Unauthorized Service Access for Mobile Device in Distributed Network , 2018, Int. J. Interact. Mob. Technol..

[21]  B. B. Zaidan,et al.  Conceptual framework for the security of mobile health applications on Android platform , 2018, Telematics Informatics.

[22]  Adam Doupé,et al.  Challenges, Opportunities and a Framework for Web Environment Forensics , 2018, IFIP Int. Conf. Digital Forensics.