A Framework for reviewing security related requirements in requirements specification of Android Application Development

Abstract

In this technology-driven era, the demand for software application development, particularly on the Android platform, is soaring. However, the rapid and agile nature of development often leads to insufficient specification of security-related requirements, resulting in significant security risks. Neglecting these crucial elements can have severe consequences for software applications. This paper presents a systematic literature review of state-of-the-art requirements specification methods and frameworks from 97 research articles, with a specific focus on their treatment of security-related requirements. The aim is to gain insights into existing practices and identify potential gaps in addressing security concerns during the early stages of development. The study reveals that overlooking security-related elements in the early stages of development exposes organizations to major security risks. Unauthorized access becomes a critical concern, leaving sensitive data vulnerable to breaches. Inadequate data protection measures, such as weak encryption or improper data storage, increase the risk of data compromises, leading to reputational damage and potential legal repercussions. Moreover, when security requirements fail to address safeguards against privileged insiders abusing their access, insider threats become a significant concern. Additionally, lacking incident response planning hinders effective detection and mitigation of security incidents, resulting in extended downtime and increased damage. To address these risks and enhance the security of Android applications, this paper proposes a novel framework that leverages natural language processing (NLP) techniques in conjunction with the Naive Bayes model. The framework aims to extract and prioritize security-related requirements from raw requirement documents effectively. The Naive Bayes model is well-suited for this task due to its simplicity, efficiency, and ability to handle large volumes of textual data. The model leverages probabilistic principles to classify requirements as security-related or non-security-related based on the likelihood of occurrence of specific security-related terms and patterns in the text. By incorporating the Naive Bayes model within the proposed framework, security analysts can efficiently analyse and categorize requirements, ensuring that security-related elements are adequately addressed from the outset of the development process. Applying the proposed framework early in the development lifecycle empowers organizations to streamline the development process and mitigate potential security breaches and associated costs. By integrating security requirements seamlessly into the development process, teams can identify and address security concerns proactively, reducing the likelihood of vulnerabilities and ensuring robust protection of sensitive data. In conclusion, this research highlights the criticality of considering security-related requirements during Android application development. The proposed framework, powered by the Naive Bayes model, presents a promising solution to tackle the challenges of security specification in an agile development environment. By bridging the gap between security concerns and development activities, the framework enables organizations to develop secure and reliable Android applications, safeguarding both user data and the organization's reputation.