icon-carat-right menu search cmu-wordmark
Carnegie Mellon University

Using Malware Analysis to Tailor SQUARE for Mobile Platforms

Technical Note
By
This technical note explores the development of security requirements for the K-9 Mail application, an open source email client for the Android operating system.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-2014-TN-018
DOI (Digital Object Identifier)
10.1184/R1/6585773.v1
Topic or Tag

Abstract

As the number of mobile-device software applications has grown, so has the amount of malware targeting them. More than 650,000 pieces of malware now target the Android platform. As mobile malware becomes more sophisticated and begins to approach threat levels seen on PC platforms, software development security practices for mobile applications will need to adopt the security practices for PC applications to reduce consumers’ exposure to financial and privacy breaches on mobile platforms. This technical note explores the development of security requirements for the K-9 Mail application, an open source email client for the Android operating system. The project’s case study (1) used the Security Quality Requirements Engineering (SQUARE) methodology to develop K-9 Mail’s security requirements and (2) used malware analysis to identify new security requirements in a proposed extension to the SQUARE process. This second task analyzed the impacts of DroidCleaner, a piece of Android malware, on the security goals of the K-9 Mail application. Based on the findings, new requirements are created to ensure that similar malware cannot compromise the privacy and confidentiality of email contents.

SHARE
Download PDF
Part of a Collection

Cybersecurity Engineering Research: Malware Analysis Collection

Using Malware Analysis in Security Requirements Elicitation
Cite This Technical Note

Alice, G., & Mead, N. (2014, November 18). Using Malware Analysis to Tailor SQUARE for Mobile Platforms . (Technical Note CMU/SEI-2014-TN-018). Retrieved November 23, 2024, from https://doi.org/10.1184/R1/6585773.v1.

@techreport{alice_2014,
author={Alice, Gregory and Mead, Nancy},
title={Using Malware Analysis to Tailor SQUARE for Mobile Platforms },
month={{Nov},
year={{2014},
number={{CMU/SEI-2014-TN-018},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6585773.v1},
note={Accessed: 2024-Nov-23}
}

Alice, Gregory, and Nancy Mead. "Using Malware Analysis to Tailor SQUARE for Mobile Platforms ." (CMU/SEI-2014-TN-018). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, November 18, 2014. https://doi.org/10.1184/R1/6585773.v1.

G. Alice, and N. Mead, "Using Malware Analysis to Tailor SQUARE for Mobile Platforms ," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Note CMU/SEI-2014-TN-018, 18-Nov-2014 [Online]. Available: https://doi.org/10.1184/R1/6585773.v1. [Accessed: 23-Nov-2024].

Alice, Gregory, and Nancy Mead. "Using Malware Analysis to Tailor SQUARE for Mobile Platforms ." (Technical Note CMU/SEI-2014-TN-018). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 18 Nov. 2014. https://doi.org/10.1184/R1/6585773.v1. Accessed 23 Nov. 2024.

Alice, Gregory; & Mead, Nancy. Using Malware Analysis to Tailor SQUARE for Mobile Platforms . CMU/SEI-2014-TN-018. Software Engineering Institute. 2014. https://doi.org/10.1184/R1/6585773.v1

Ask a question about this Technical Note