Securing Mobile Applications Using Model Driven Architecture

IPASJ International Journal of Computer Science(IIJCS)
Web Site: http://www.ipasj.org/IIJCS/IIJCS.htm

A Publisher for Research Motivation ........ Email: editoriijcs@ipasj.org
Volume 2, Issue 5, May 2014 ISSN 2321-5992

Volume 2 Issue 5 May 2014 Page 41

Abstract
The problem of supporting the secure execution of potentially malicious third-party applications has received a considerable
amount of attention in the past decade. Mobile applications are prone to severe attacks by intruders. The resulting attacks,
frequently reported by the media, can lead to decreased trust in an application or an organization t hat uses them. Although
some application environments have become increasingly standardized and secure, there is considerabl e room for concern and
significant need to provide improved security for mobile applications. In this paper we discuss about emerging security threats
in mobile applications, agents causing security attacks and discuss an architectural solution to overcome security attacks.

Keywords: Mobile applications, security, MDA (Model Driven Architecture).

1. Introduction
In todays business environment, mobile devices such as smartphone and tablets make up the fastest growing segment
of computing devices-outpacing desktops and laptop computers. Mobile applications provide various services to the
users using them .These applications are in widespread use providing flexibility and ease of usage and have grown
beyond anyones expectation. These centralized marketplaces or app stores streamline the process of browsing,
downloading and installing a variety of apps - therein facilitating the use of smartphone.
With the increase in the usage of these applications in the workforce organizations are becoming more concerned with
mobile security. Many, in fact, see this area as a primary technology challenge to address and a main focus for security
initiatives. This is because mobile device applications have the potential to interact with confidential or sensitive
information. Hackers have noticed this fact and have started targeting these applications. However, supporting
applications from potentially untrustworthy sources comes with a serious risk: malicious or buggy applications on a
phone can lead to denial of service, loss of money, leaking of confidential information on the device and so forth.
Reports of personal data being leaked via smartphone apps and web services frequently surface in the media as well as
academic publications[2]. As a user, one has to rely on current smartphone security mechanisms and the privacy policy
of the app or service to keep his data private. However, neither can provide variable guarantees that his information is
indeed handled confidentially .Moreover security based attacks are quite uncommon and can de-privatize the existing
information via malicious messages and navigate users to download the malicious content which can ruin the existing
system state.
Solutions to these security concerns was never deployed in much depth before .The existing security mechanisms
provide some amount of protection but the increasing security attacks were not compatible with the existing security
solutions .Instead of implementing security strategies after attack is being done, we can use modeling techniques to
concrete security strategies during the initial stages, so that we can predict the incoming attacks. MDA (Model Driven
Architecture) is one such approach that ensures security in mobile applications and can be used during initial phase of
application development to reduce these unpredictable attacks.
Our paper is structured as follows. In section 2 we discuss about security issues in mobile application and then move to
section 3 where we will be discussing about MDE(Model Driven Engineering), section 4 talks about security assurance
using MDA and in our last section we discuss future aspects of MDA.

2. Security issues in mobile applications
The role of security mechanism is to ensure privacy and integrity of the data and authenticity of parties involved in the
transaction .Security in the mobile application is entirely based upon the vulnerability of application for which security
constructs are to be designed[1] .Mechanisms that reduce security based attacks are driven on the basis of the mobile
architecture, platform on which applications are used and the important factor is the type of data that is to be
authenticated from accidental or deliberate intrusion . Due, in part, to the aforementioned trends, the usage of mobile
applications will frequently involve the storage of, access to, and communication of sensitive information, making
Securing Mobile Applications Using Model
Driven Architecture

1
NARSIMHA KAMATH A and
2
AKSHEY BHAN

1
Department Of Computer Science and Engineering, PESIT-BSC, Bangalore
2
Department Of Electronics and Communication Engineering, PESIT-BSC, Bangalore



security a serious concern[1].Moreover advancements in mobile technology has enabled the security mechanisms to be
more stronger and this is where MDA finds its origin to ensure security in the architecture level.
A fundamental requirement of a mobile application is the ability to cater to a wide variety of security protocol standards
in order to facilitate interoperability in different environments. [1] While the widespread business use of mobile devices
has enabled new levels of productivity and flexibility in the workplace, it has also introduced new changes and
challenges related to IT management and securitysignificantly disrupting traditional management paradigms. In this
section we present a broad overview of challenges facing mobile devices security, we present an attacker-centric threat
model [2] for mobile platforms.

A. Attack Goals
In this subsection we present three basic motives for breaching mobile application security. The first two goals
described are covert, while the latter is harmful. Covert approach to executing an attack is to perform malicious
operations while avoiding user detection. The goal of such attacks is to disrupt the operation of the device as little as
possible while performing activities useful to the attacker. On the other hand, harmful attacks are aimed at disrupting
the normal operation of a mobile applications[2].

1. Collect private data
Since mobile applications are becoming strong units of personal information storage, they are an attractive target
for breaching users privacy .The attackers target both confidentiality and integrity of the stored information .This
can be done via SMS, MMS, e-mail which try to de-privatize the users data. Additional information can be
gathered by reading Instant Messaging client logs [2], data stored by applications used to access social networks
or data stored by browsers. Any other data located in devices memory or on SD card, like documents, photos or
videos, could also be compromised.

2. Utilizing the resources available
This approach uses the computational resources available in the mobile applications to perform various actions to
access the confidential data. [2]

3. Harmful Malicious actions
Harmful malicious actions are generally injected into the mobile applications to discomfort the user by performing
various actions like draining battery resource, gathering huge network traffic etc. [2]

A. Attack vectors
Mobile application platform provide multiple attack vectors to deliver malicious content into the users application [2,
3].

1. Mobile Network Services
This approach includes delivery of malicious content via SMS and MMS .Frequent incoming of fake messages is
the root cause to indulge security threats into the mobile applications .[3]Responding to these messages makes the
intruder easy to make various actions to destroy the resources available and the private data for his own good.

2. Internet Access
Mobile devices or applications can access internet using Wi-Fi, 3G-2G etc provided by network operators.
Although such high speed internet connection facilitates comfortable browsing, prolonged internet connections
might cause incoming of these malicious contents. Connection to the public Wi-Fi hotspot might increase the
attack rate .Sometimes the attacker can place a faulty URL[3] to trick the users to download malicious content or
navigate them to phishing sites.

3. Bluetooth
Bluetooth attacks are method used for device-device malware spreading. [2] Once the connection is established
between the devices, attacker can send malicious content into the users device to access the required information.
However, the Bluetooth is a limited attack vector for injecting malicious content due to several security factors.
First, the mobile devices usually are not set as discoverable by default and the period in which they can be
discovered is limited. Second, the user has to confirm the file transfer and then manually install the file. [2]



B. Mobile Malware

1. Trojan Horse
By deploying malicious mobile applications the attacker could gain control over the device. [3] Such applications
usually perform some useful functionality while running malicious activities in the background. This way the
Trojan can be used to gather private information or to install other malicious applications like worms or botnets.
In addition, Trojans can be used to commit phishing activities. For example, a false banking application could
collect sensitive data from the user. Such applications can easily spread through unsupervised application stores
or through social networks.

2. Botnets
Botnet is a set of compromised devices which can be controlled and coordinated remotely [3]. This attack strategy
is used to utilize the computing power of compromised devices in order to commit various activities ranging from
sending spam mail to committing DOS attacks. An example of a botnet designed specifically for mobile devices is
Waledac [3]. Waledac uses SMS and MMS messages to exchange the data between nodes therefore enabling the
botnet to remain active even if the nodes are not connected to the Internet.

3. Worm
Is a self-replicating malicious application designed to spread autonomously to uninfected systems. This type of
malware has been ported to mobile platforms since the introduction of Cabir [4]. Cabir is a worm designed to
attack Symbian S60 devices by spreading through Bluetooth links. A more recent example of a worm type
malware for mobile devices is Ikee.B [5] which is used to steal financially sensitive data from jailbroken iPhones.

4. Rootkit
Rootkit is a malicious application which gained rights to run in a privileged mode. Such malicious applications
usually mask their presence from the user by modifying standard operating system functionalities. Although no
current rootkit type threats for mobile devices exist, recent research efforts [6] indicate the potential of this attack
strategy and classify it as an emerging threat to mobile security.

In the next section of the paper we will be discussing about MDE, its origin and usage to prevent security threats in a
mobile application

3. Model Driven Engineering (MDE)
This approach was developed to combat security based attacks in mobile applications by incorporating suitable security
strategies in the specification stage [7].MDS (Model Driven Security) has emerged in the early 2000s as a specialized
Model-Driven Engineering (MDE) approach for supporting the development of security-critical systems[7] .MDE
comprises of tools and loose methodical approaches to develop a quality software .The claim behind MDE is the
abstractions used to represent a system or component belonging to the system .The representation of the system in the
specification phase gives the overall picture of how exactly the component engineering or system engineering process
has to be carried out to develop an error free system. COTS [8](Commercial Off The Shelf) system used during
component development can be incorporated with MDE tools to ensure security in the component phase itself .But the
question is to how exactly use MDE [7] tools and other development kits to get a stringent error free system immune to
security threats .Security based attacks are often unexpected and can be vicious if not taken care of, these attacks can be
on the basis of system vulnerability rate, no of users using the system or application and the availability of
computational resources.
When we talk about MDE, we should be familiar with three keywords i,e model, metamodel and model transformation
[9]. The heart of MDE is a model .Model is process of simplifying the given problem using relevant specification
languages .In case of a car analogy, if an engineer wishes to have a computational model of a car for 3D visualization,
a language such as the one defined by a Computer Assisted Design (Cad) tool will be necessary to express a particular
car design [9]. In the computing world several such languages called metamodels and model transformation allows
passing of relevant information from one formalism to other.

3.1. Model Driven Architecture (MDA)
MDE approaches include MDA (Model Driven Architecture), Aspect oriented modeling, multi-paradigm modeling and
domain-specific modeling .In this paper we will be discussing about MDA an approach introduced by OMG (Object


Management Group) to build a secure error free system [9] .MDA hails its origin from UML (Unified Modeling
Language) and uses the approach of system representation via specialized MDE tools to promote component
development [9]. The MDA process, places formal system models at the core of the interoperability problem. What is
most significant about this approach is the independence of the system specification from the implementation
technology or platform. The system definition in MDA is based on formal specification, which gives us exact idea of
system design unlike the other modeling languages which gives the abstract thought of system design that may or may
not be implemented.
MDA proposes pyramidal construction of model shown in the figure below

Fig1 pyramidal construction of MDE approach

Along with this pyramid MDA has its own vision of software systems development .Requirements are collected in CIM
(Computation Independent Model), PIM (Platform Independent Model) describes the design and analysis of
components. PIM merged into PSM by combining it with PDM and is run on the required platform (domain) [9] .MDA
promotes vertical separation of concerns: system is designed at high level without considering any target platform
specifications .These specificities are integrated using automated generators to pseudo code compliant with each
platform .This approach inspires several MDS proposals to preserve integrity within software applications.

4. MDA to combat security threats
Mobile applications using MDA must ensure a stringent component design phase to verify security threats. Security
threats may exist depending upon the system vulnerability rate and this factor has to be taken care during software
specification to ensure security .As already stated, MDS is a specialization of MDE: it becomes natural to classify MDS
approaches according to their modeling paradigm and modeling languages [9]. The modeling paradigm addresses the
general principle for representing, managing and combining models. For example for standard UML modeling, cross-
cutting concerns are scattered across several related models, and are then combined at different levels, such as is
typically the case in MDA.
The design framework using MDA deploys quality attributes, which can be incorporated during application design .The
important factor causing security threat is the responding nature of applications to the malicious messages, which opens
the gate for security based attacks .This responding nature has to be minimized during requirement specification and
has to be modeled in such a way so that these contents can be aggravated or discarded from the application .However
policy based security constructs provide a generic framework for application deployment, and are much more easier to
look at, but the abstract thoughts or views given by these frameworks makes it difficult to implement an error free
application .MDA gives the practical representation of system ( Since it uses formal modeling approach) it uses
theorem proving tools and model checkers to get a systematic view of components used in the system thus avoiding
software complexity which can be an indirect cause for security based attacks.
The development of suitable mobile application using MDA undergo various stages like specification analysis,
specification validation, verification and system engineering to deploy platform independent application [8] .Prediction
of error happenings in the later stages becomes easy due to frequent component analysis and this attribute in MDA can
confirm security assurance in mobile applications .MDA cannot remove the security threat completely, but can predict
as to what can happen during intruder attacks. MDA is an approach used during architectural design and follows
systematic modeling approach to ensure information security in the component level to prevent security based attacks.

5. Travel Planner Application -A Case Study
The current app stores for the popular mobile platforms such as Android (Google Play Store), iOS (App Store) and
Windows Phone (Windows Phone Store) only provide rudimentary mechanisms and analyses to protect the customer's
privacy from the prying eyes of app developers and associated third parties. One possible application of the MDA


approach is developing applications and apps for an app store that focuses on providing apps with formally guaranteed
privacy properties to its users [10].
This application allow user to choose his holiday destination. Travel Planner is a distributed application modeled with
MDA which allows a user to find and book relevant flights for his journey. Using the Travel Planner app (TP) [10] on
his smartphone, the user can query a Travel Agency web service (TA) for available and suitable flight offers .After
selecting one other, he is able to book the flight directly with the Airline web service (A) with his credit card which is
managed by the Credit Card Center app (CCC) [10] on his smartphone. Travel Planner application that must be
ensured is that the user's confidential credit card data never leaks to the TA. Furthermore, the Airline web service must
only receive this data after an explicit confirmation by the user. These major security issues are to be taken care of
during application design of a travel planner application [10].

Fig2 Schematic description of travel planner application [10]

Using MDA to combat security threats in a TP application must undergo frequent specification analysis to ensure that
the application is error free and can be used without any security issues [10] .The basic idea behind architectural based
solution was the increasing attack rates in commercial android or ios apps .Prediction of these attacks in a subsequent
stage was difficult since the root cause for all these unpredictable attacks ware unknown and moreover the design
framework for application development did not use security strategies that are compatible with constantly changing
attack methodologies .The quest was to develop a stable security solution that can predict the incoming attacks and
avoid these attacks without actually allowing them into mainstream software development arena . Using MDA (Model
Driven Approach) approach in a TP app is helpful in many ways like:

1. Increased productivity: MDA reduces the cost of software development by generating code and artifacts
from models, which increases developer productivity. Note that you must factor in the cost of developing (or
buying) transformations, but careful planning will ensure that there is an overall cost reduction.

2. Maintainability: Technological progress leads to solution components becoming stranded legacies of
previous platform technologies. MDA helps to solve this problem by leading to a maintainable architecture
where changes are made rapidly and consistently, enabling more efficient migration of components onto new
technologies. High-level models are kept free of irrelevant implementation detail. Keeping the models free of
implementation detail makes it easier to handle changes in the underlying platform technology and its
technical architecture. A change in the technical architecture of the implementation is made by updating a
transformation. The transformation is reapplied to the original models to produce implementation artifacts
following the new approach. This flexibility also means that it is possible to try out different ideas before
making a final decision. It also means that bad decisions are easily changed. Software projects are often stuck
with decisions that are a mistake in retrospect but are too costly to fix.

3. Reuse of legacy: You can consistently model existing legacy platforms in UML. If there are many
components implemented on the same legacy platform, you can develop reverse transformations from the
components to UML. Then you have the option of migrating the components to a new platform or generating
wrappers to enable the legacy component to be accessed via integration technologies such as Web services.

4. Adaptability: Adaptability is a key requirement for businesses, and IT systems need to be able to support
it. When using an MDA approach, adding or modifying a business function is quite straight forward since the
investment in automation was already made. When adding new business function, you only develop the
behavior specific to that capability. The remaining information needed to generate implementation artifacts
was captured in transformations.


5. Repeatability: MDA is especially powerful when applied at a program or organization level. This is
because the return on investment from developing the transformations increases each time they are reused.
The use of tried and tested transformations also increases the predictability of developing new functions and
reduces the risk since the architectural and technical issues were already resolved.

6. Improved stakeholder communication: Models omit implementation detail that is not relevant to
understanding the logical behavior of a system. Models are therefore much closer to the problem domain,
reducing the semantic gap between the concepts that are understood by stakeholders and the language in
which the solution is expressed. Improved stakeholder communication facilitates the delivery of solutions that
are better aligned to business objectives.

7. Improved design communication: Models facilitate understanding and reasoning about systems at the
design level. This leads to improved discussion making and communication about a system. The fact that
models are part of the system definition, rather than documentation, means that the models are never out of
date and are reliable.

8. Expertise capture: Projects or organizations often depend on key experts who repeatedly make best
practice decisions. With their expertise captured in patterns and transformations, they do not need to be
present for other members of a project to apply their expertise. An additional benefit, provided sufficient
documentation accompanies the transformations, is that the knowledge of an organization is maintained in the
patterns and transformations even when experts leave the organization.

9. Models as long-term assets: In MDA, models are important assets that capture what the IT systems of an
organization do. High-level models are resilient to changes at the state-of-the-art platform level. They change
only when business requirements change.

10. Ability to delay technology decisions: When using an MDA approach, early application development is
focused on modeling activities. This means that it is possible to delay the choice of a specific technology
platform or product version until a later point when further information is available. In domain with extremely
long development cycles, such as air traffic control systems, this is crucial. The target platforms may not even
exist when development begins. [11]

5.1. Modeling Security level policy
Securing mobile applications from harmful malicious intruder, requires constant monitoring in security, existing
security solutions has to be reshaped or redesigned in such a way as to aggravate security challenges in the architectural
level. Assurance of security in a commercial mobile application requires huge knowledge of previous attack strategies
and based on these statistics, initial specification has to be formulated and this gives the security paradigm of the
application that has to be designed. In the TP application, security based attacks can incur during travel booking or
trick users by navigating them to login fake application .Solutions to network level security attacks is the most
challenging out of all since these attacks are highly unpredictable and previous attack strategies follow a certain
random pattern that is difficult to analyze .Modeling security policies for network level attacks requires ample
knowledge on network security. Since techniques like cryptography is getting obsolete, a stringent security framework
is needed to tackle network level security issues.
Solution to any required problem can be accomplished by classifying the problem type. In a commercial TP application
levels of security attacks can be of three types:
Application level
Network level
User level [12]
Application level security threats can enrage their attack rates depending upon the user count. Security in this level is
directly related to the user level security issues .Application level security was introduced to take care of harmful
malicious applications or fake application, navigates user to download harmful contents into his smartphones or any
portable device to which the application is needed to be installed. Since no sensible user wants to compromise with
security, application level security issues can be tackled by giving apt suggestions and promotions regarding application
usage.


Mobile applications usually offer very limited means to secure the network layer. A reason for this are their limited
resources which often do not allow for transparent encryption (e.g., for a VPN tunnel) and the limited availability of the
necessary software for the chosen platform (e.g., firewall, virus scanner). Network level security attacks can be highly
unpredictable and is difficult to get rid of. Professional hackers play vital role in network level attacks. Privatizing the
available data is one of the solution for network security, since exposure of data can enrage the attack rate. Solutions to
network level attacks can be implemented soon after the attack happening due to their unpredictable nature.
User level security threats majorly occur due to third party involvement who markets fake application. These threats
can be minimized by avoiding third party involvement.
Hence by knowing the levels in security threats, a policy construct is formulated. This construct is incorporated in the
initial model sample and during testing phase these requirements are thoroughly verified and are modeled using
suitable modeling language. Since the requirements contain previous attack statistics, it will be easier to combat
security threats and hence provide more protection to the mobile application.

5.2. Security assurance in MDA
Any mobile application (TP application) using MDD (Model Driven Development) provides a soundly based approach
for developing security-critical software where recurring security requirements (such as secrecy, integrity, authenticity
and others) and security assumptions on the system environment, can be specified either within a UML specification, or
within the source code as annotations [13]. Various analysis plugins in the associated MDA tool framework generate
logical formulas formalizing the execution semantics and the annotated security requirements. Automated theorem
provers and model checkers automatically establish whether the security requirements hold [13]. If not, a Prolog-based
tool automatically generates an attack sequence violating the security requirement which can be examined to determine
and remove the weakness [13]. Thus we encapsulate knowledge on prudent security engineering and make it available
to developers who may not be security experts [14]. Moreover establishment of security framework in the architectural
stage enhances the security requirements of the system and thus provide a stable security protection against incoming
attacks [15].
Security measures in travel planner application
Confirmation of users using the application
Users confidential credit card information is never leaked to the TA
Avoiding third party involvement
Creating awareness about the malicious apps (fake apps)
Enforcing a strong network security to prevent hacking

This case study gives a brief summary of MDD and how MDA is used as an architectural solution to assure mobile
application security

6. Related Works
Work in [7] describes the origin and development of MDA and the usage of MDD in MDA to develop security-critical
software recurring security requirements like secrecy, integrity, authenticity and others. [9] Depicts how MDA is used
to develop a security based system imbibing qualities that can avoid security attacks in the root level. It also describes
various tools and development strategies used in MDA. Work in [10] deploys automatic, language-based information
flow control as well as interactive verification and also describes how IFlow enables the developer to give verifiable
guarantees to the user about how his private data is being treated by the application by taking a Travel Planner
application case study. [11] Describes the advantages of using MDA in a commercial mobile application and [13]
Describes the security mechanisms and security policies of the mobile applications which were analyzed using the
UMLsec method and tools and depicts its contribution in the development of MDE.

7. Future work and conclusion
In this paper we have focused on emerging security threats in mobile applications and agents causing security based
attacks in mobile applications. We have discussed MDE- an approach to combat security threats and have also in brief
discussed MDA an architectural solution to security based attacks in mobile applications and how can it be
incorporated during specification stage to assure mobile security. Currently mobile application is making its move
towards advanced UMLsec and other modeling approaches to ensure information security. Furthermore, by embedding
the security analysis directly into the IT development and management process, a better understanding and clearer
communication of these issues is made possible.



Acknowledgement
We would like to express, our heartiest gratitude to our parents, friends and all who have contributed directly or
indirectly. We express our sincere gratitude to the Editor in Chief of IPASJ for giving opportunity and recognition to all
young upcoming talents, to publish their unpublished work and at last we would like to thank GOD his blessings and
moral support.

References
[1] Anand Raghunathan, Srivaths Ravi, Sunil Hattangady, and Jean-Jacques Quisquater, Securing Mobile
Appliances: New Challenges for the System Designer, NEC Laboratories America, Princeton, NJ, USA Texas
Instruments Inc., Dallas, TX, USA Universite catholique de Louvain, Louvain-la-Neuve, Belgium, Proceedings
of the Design,Automation and Test in Europe Conference and Exhibition (DATE13) 1530-1591/03 $17.00
2013 IEEE
[2] G. Delac, M. Silic and J. Krolo, Emerging Security Threats for Mobile Platforms,Faculty of Electrical
Engineering and Computing, University of Zagreb, Croatia Google Inc., New York, USA {goran.delac,
marin.silic} @fer.hr, jakov@google.com
[3] A. R. Flo and Audun Josang, Consequences of Botnets 4Spreading to Mobile Devices, Short-Paper Proceedings
of the 14th Nordic Conference on Secure IT Systems (NordSec 2009), October 2009, pp. 37-43
[4] K. Dunham, Mobile Malware Attacks and Defense, Syngress Publishing, 2008
[5] F-Secure, Worm:iPhoneOS/Ikee.B, http://www.f-secure.com/v-descs/worm_iphoneos_ikee_b.shtml
[6] J. Bickford, et al., Rootkits on Smart Phones: Attacks, Implications and Opportunities, HotMobile 10
Proceedings of the Eleventh Workshop on Mobile Computing Systems & Application, February 2010, pp. 49-54
[7] Robert France, Bernhard Rumpe, Model-driven Development of Complex Software: A Research Roadmap
Department of Computer Science at Colorado State University, Institute for Software Systems Engineering at the
Braunschweig University of Technology, Germany, ICSE, 2010
[8] Ian Somerville, Software Engineering, Eighth Edition, Pearson Publications, ISBN-0321313798
[9] John D. Poole,Model-Driven Architecture: Vision, Standards And Emerging Technologies, Hyperion Solutions
Corporation, Submitted to ECOOP 2011
[10] IFlow Kuzman Katkalov , Kurt Stenzel, Marian Borek, Wolfgang Reif, Model-Driven Development of
Information Flow-Secure Systems with Iflow Institute for Software and Systems Engineering University of
Augsburg, Germany, ASE 2013
[11] Patterns: Model-Driven Development Using IBM Rational Software Architect, ibm.com/redbooks
[12] Mariantonietta La Polla, Fabio Martinelli, and Daniele Sgandurra, A Survey on Security for Mobile Devices,
IEEE COMMUNICATIONS SURVEYS & TUTORIALS 2012
[13] Jan Jrjens, Jrg Schreck, Peter Bartmann, Model-based Security Analysis for Mobile Communications, The
Open University UK, O2 (Germany), University of Augsburg, Germany,
http://www.jurjens.de/jan,J oerg.Schreck@acm.org, peter.bartmann@wiwi.uniaugsburg.de, ACM 2008
[14] Chaitrali Amrutkar, Patrick Traynor, Short paper: Rethinking Permissions for Mobile Web Apps: Barriers and
the Road Ahead, Converging Infrastructure Security (CISEC) Laboratory Georgia Tech Information Security
Center (GTISC) Georgia Institute of Technology,chaitrali@gatech.edu, traynor@cc.gatech.edu, ACM 2012
[15] Ahmad-Reza Sadeghi ,Mobile Security and Privacy: The Quest for the Mighty Access Control, Intel
Collaborative Research Institute for Secure Computing (ICRI-SC) at TU-Darmstadt, Germany Fraunhofer Institute
for Secure Information Technology (SIT) Darmstadt, Germany ahmad.sadeghi@trust.cased.de.

AUTHORS

Narasimha Kamath A is a student of PESIT-BSC, Bangalore. Presently he is pursuing B.E in Computer Science and
Engineering (CSE) fromthis college. His area of interest includes wireless communication, Software engineering
concepts, mobile security, all current trends and techniques in Computer Science.

Akshey Bhan is a student of PESIT-BSC, Bangalore. Presently he is pursuing B.E in Electronics and Communication
Engineering (ECE) fromthis college. His area of interest includes HDL programming, embedded systems, VLSI design
and all currents techniques used in this field.

Securing Mobile Applications Using Model Driven Architecture

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Securing Mobile Applications Using Model Driven Architecture

Uploaded by

Copyright:

Available Formats

IPASJ International Journal of Computer Science(IIJCS)

Web Site: http://www.ipasj.org/IIJCS/IIJCS.htm

You might also like