skip to main content


Title: Plugin-based Intervention for Secure Software Development
This Innovative Practice Work in Progress presents a plugin tool named DroidPatrol. It can be integrated with the Android Studio to perform tainted data flow analysis of mobile applications. Most vulnerabilities should be addressed and fixed during the development phase. Computer users, managers, and developers agree that we need software and systems that are “more secure”. Such efforts require support from both the educational institutions and learning communities to improve software assurance, particularly in writing secure code. Many open source static analysis tools help developers to maintain and clean up the code. However, they are not able to find potential security bugs. Our work is aimed to checking of security issues within Android applications during implementation. We provide an example hands-on lab based on DroidPatrol prototype and share the initial evaluation feedback from a classroom. The initial results show that the plugin based hands-on lab generates interests among learners and has the promise of acting as an intervention tool for secure software development.  more » « less
Award ID(s):
1723586
NSF-PAR ID:
10165845
Author(s) / Creator(s):
; ; ; ; ; ;
Date Published:
Journal Name:
Proceeding of IEEE Frontiers in Education (FIE) Conference
Page Range / eLocation ID:
4
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. This Innovative Practice Work in Progress presents a plugin tool named DroidPatrol. It can be integrated with the Android Studio to perform tainted data flow analysis of mobile applications. Most vulnerabilities should be addressed and fixed during the development phase. Computer users, managers, and developers agree that we need software and systems that are “more secure”. Such efforts require support from both the educational institutions and learning communities to improve software assurance, particularly in writing secure code. Many open source static analysis tools help developers to maintain and clean up the code. However, they are not able to find potential security bugs. Our work is aimed to checking of security issues within Android applications during implementation. We provide an example hands-on lab based on DroidPatrol prototype and share the initial evaluation feedback from a classroom. The initial results show that the plugin based hands-on lab generates interests among learners and has the promise of acting as an intervention tool for secure software development. 
    more » « less
  2. This Innovative Practice Work in Progress presents a plugin tool named DroidPatrol. It can be integrated with the Android Studio to perform tainted data flow analysis of mobile applications. Most vulnerabilities should be addressed and fixed during the development phase. Computer users, managers, and developers agree that we need software and systems that are “more secure”. Such efforts require support from both the educational institutions and learning communities to improve software assurance, particularly in writing secure code. Many open source static analysis tools help developers to maintain and clean up the code. However, they are not able to find potential security bugs. Our work is aimed to checking of security issues within Android applications during implementation. We provide an example hands-on lab based on DroidPatrol prototype and share the initial evaluation feedback from a classroom. The initial results show that the plugin based hands-on lab generates interests among learners and has the promise of acting as an intervention tool for secure software development. 
    more » « less
  3. The security threats to mobile application are growing explosively. Mobile app flaws and security defects could open doors for hackers to easily attack mobile apps. Secure software development must be addressed earlier in the development life cycle rather than fixing the security holes after attacking. Early eliminating against possible security vulnerability will help us increase the security of software and mitigate the consequence of damages of data loss caused by potential malicious attacking. In this paper, we present a static security analysis approach with open source FindSecurityBugs plugin for Android Studio IDE. We demonstrate that integration of the plugin enables developers secure mobile application and mitigating security risks during implementation time in Android Studio IDE. We demonstrate that integration of the plugin enables developers secure mobile application and mitigating security risks during implementation time. Secure software development must be addressed earlier in the development lifecycle rather than fixing the security holes after attacking. Early eliminating against possible security vulnerability will help us increase the security of software and mitigate the consequence of damages of data loss caused by potential malicious attacking. In this paper, we present a static security analysis approach with open source FindSecurityBugs plugin for Android Studio IDE. We demonstrate that integration of the plugin enables developers secure mobile application and mitigating security risks during implementation time. 
    more » « less
  4. While the number of mobile applications are rapidly growing, these applications are often coming with numerous security flaws due to the lack of appropriate coding practices. Security issues must be addressed earlier in the development lifecycle rather than fixing them after the attacks because the damage might already be extensive. Early elimination of possible security vulnerabilities will help us increase the security of our software and mitigate or reduce the potential damages through data losses or service disruptions caused by malicious attacks. However, many software developers lack necessary security knowledge and skills required at the development stage, and Secure Mobile Software Development (SMSD) is not yet well represented in academia and industry. In this paper, we present a static analysis-based security analysis approach through design and implementation of a plugin for Android Development Studio, namely DroidPatrol. The proposed plugins can support developers by providing list of potential vulnerabilities early. 
    more » « less
  5. The security threats to mobile application are growing explosively. Mobile app flaws and security defects could open doors for hackers to easily attack mobile apps. Secure software development must be addressed earlier in the development lifecycle rather than fixing the security holes after attacking. Early eliminating against possible security vulnerability will help us increase the security of our software, and militate the consequence of damages of data loss caused by potential malicious attacking. However, many software developer professionals lack the necessary security knowledge and skills at the development stage and Secure Mobile Software Development (SMSD) is not yet well represented in current computing curriculum. In this paper we present a static security analysis approach with open source FindSecurityBugs plugin for Android Studio IDE. We categorized the common mobile vulnerability for developers based on OWASP mobile security recommendations and developed detectors to meet the SMSD needs in industry and education. 
    more » « less