Automated support to capture and validate security requirements for mobile apps

Mobile application usage has become widespread and significant as it allows interactions between people and services anywhere and anytime. However, issues related to security have become a major concern among mobile users as insecure applications may lead to security vulnerabilities that make them easily compromised by hackers. Thus, it is important for mobile application developers to validate security requirements of mobile apps at the earliest stage to prevent potential security problems. In this paper, we describe our automated approach and tool, called MobiMEReq that helps to capture and validate the security attributes requirements of mobile apps. We employed the concept of Test Driven Development (TDD) with a model-based testing strategy using Essential Use Cases (EUCs) and Essential User Interface (EUI) models. We also conducted an evaluation to compare the performance and correctness of our tool in various application domains. The results of the study showed that our tool is able to help requirements engineers to easily capture and validate security-related requirements of mobile applications.