Date of Submission
Fall 11-28-2018
Degree Type
Thesis
Degree Name
Master of Science in Computer Science (MSCS)
Department
Computer Science
Committee Chair/First Advisor
Dr. Kai Qian
Track
CyberSecurity
Chair
Dr. Kai Qian
Committee Member
Dr. Hossain Shahriar
Committee Member
Dr. Xiaohua Xu
Abstract
Mobile devices have been growing more and more powerful in recent decades, evolving from a simple device for SMS messages and phone calls to a smart device that can install third party apps. People are becoming more heavily reliant on their mobile devices. Due to this increase in usage, security threats to mobile applications are also growing explosively. Mobile app flaws and security defects can provide opportunities for hackers to break into them and access sensitive information. Defensive coding needs to be an integral part of coding practices to improve the security of our code.
We need to consider data protection earlier, to verify security early in the development lifecycle, rather than fixing the security holes after malicious attacks and data leaks take place. Early elimination of known security vulnerabilities will help us increase the security of our software, reduce the vulnerabilities in the programs, and mitigate the consequences and damage caused by potential malicious attacks.
However, many software developer professionals lack the necessary security knowledge and skills at the development stage, and secure mobile software development is not yet well represented in most schools' computing curriculum.
In this paper, we present a static security analysis approach with the FindSecurityBugs plugin for Android secure mobile software development based on OWASP mobile security recommendations to promote secure mobile software development education and meet the emerging industrial and educational needs.