Over the years, pervasive computing and communication technologies have enabled the emergence of new computing paradigms that have gained importance across a wide spectrum of domains. The three most notable that have witnessed significant advancements and have a solid track record of exponential growth in diverse applications are the Internet of Things (IoT), Cloud, and Mobile Computing. The ubiquity of these paradigms, their expandability, and applicability in different problem spaces have made them invaluable in modern computing solutions. Security becomes a real concern, especially when it comes to the development of applications in these environments, as numerous security issues may arise from potential design flaws. Secure application development across these three technologies can only be achieved when applications and systems are designed and developed with security in mind. This will improve the quality of the solutions and ensure that vulnerabilities are identified. It will also help in defining countermeasures against cyberattacks or mitigate the effects of potential threats to the systems. This article surveys existing approaches, tools, and techniques for attack and system modeling applicable to IoT, Cloud computing, and Mobile Computing. It also evaluates the strengths and limitations of the reviewed approaches and tools, from which it highlights the main existing challenges and open issues in the area.
The adoption and popularization of mobile devices, such as smartphones and tablets, accentuated after the second decade of this century, has been motivated by the growing number of mobile applications, which can solve problems in different areas of contemporary societies. Conversely, the software development industry is motivated by the increasing number and quality of resources that mobile devices possess nowadays (e.g., memory, sensors, processing power or battery). While powerful mobile devices do exist, one of the main driving factors behind the increase of resources is the usage of Cloud technology, which strongly complement mobile computing. As expected, the adoption of measures to mitigate security issues has not accompanied the growth and speed of development for Cloud and Mobile software, to ensure that these are resilient to attacks by design. Aiming to contribute to decrease the gap between software and security engineering, this paper presents a deep approach to attack taxonomy, security mechanisms, and security test specification for the Cloud and Mobile ecosystem of applications. This is also the first time an encompassing and conjoined approach is provided for attack taxonomy and specification of security tests automation tools for this ecosystem.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.