Risk-driven security metrics for an Android smartphone application

Publication details

  • Journal: International Journal of Electronic Business, vol. 15, p. 297–324, 2020
  • International Standard Numbers:
    • Printed: 1470-6067
    • Electronic: 1741-5063
  • Link:

Security management in Android smartphone platforms is a challenge.
This challenge can be overcome at least partially by developing systematically
risk-driven security objectives and controls for the target system, and determining
how to offer sufficient evidence of its security performance via metrics. The target
system of our investigation is an Android platform utilised for public safety and
security mobile networks. We develop and analyse the security objectives and
controls for these systems based on a technological risk analysis. In addition,
we investigate how effective and efficient security metrics can be developed
for the target system, and describe implementation details of enhanced security
controls for authentication, authorisation, and integrity objectives. Our analysis
includes implementation details of selected security controls and a discussion
of their security effectiveness. It also includes conceptualisation and description
of adaptive security for an Android platform which can improve the flexibility
and effectiveness of these security controls and end-users confidence in service
providers.