Content area
Nowadays, more and more systems become online. And the educational system, in turn, became online by terms like E-Learning or M-Learning. There is the possibility of learning by teleconferencing, there is the possibility of learning by using video tutorials or audio tutorials in which are presented the programming modes of the teachers or the trainers who make the tutorials. Every way of learning is specific to certain people, and each person acquires a certain way of learning according to their capabilities and according to their experience in programming or in the language in which they want to learn new things. Also cloud storage has become very important and more applications keep memory in centralized cloud-oriented servers. The problem with these systems is the security management. For M-Learning systems, the security should be managed both at the application level and at the communication level. Thus, the channel on which the information between the mobile application and the server where the data is stored and centralized are changed, should be secure. And the communication between the two entities must be accomplished without the risk that a third party intervenes on this channel and modifies the interchanged data between the two entities. Within this material are studied and analyzed the methods of increasing the security of mobile applications used in the educational environment. Increasing security is done by testing both the applications and the services provided by the server. For mobile applications made in the educational environment, WhiteBox testing and BlackBox testing are required. The material presents the WhiteBox and BlackBox test methods for mobile educational applications.
Abstract: Nowadays, more and more systems become online. And the educational system, in turn, became online by terms like E-Learning or M-Learning. There is the possibility of learning by teleconferencing, there is the possibility of learning by using video tutorials or audio tutorials in which are presented the programming modes of the teachers or the trainers who make the tutorials. Every way of learning is specific to certain people, and each person acquires a certain way of learning according to their capabilities and according to their experience in programming or in the language in which they want to learn new things. Also cloud storage has become very important and more applications keep memory in centralized cloud-oriented servers. The problem with these systems is the security management. For M-Learning systems, the security should be managed both at the application level and at the communication level. Thus, the channel on which the information between the mobile application and the server where the data is stored and centralized are changed, should be secure. And the communication between the two entities must be accomplished without the risk that a third party intervenes on this channel and modifies the interchanged data between the two entities. Within this material are studied and analyzed the methods of increasing the security of mobile applications used in the educational environment. Increasing security is done by testing both the applications and the services provided by the server. For mobile applications made in the educational environment, WhiteBox testing and BlackBox testing are required. The material presents the WhiteBox and BlackBox test methods for mobile educational applications.
Keywords: Security, mobile, learning systems, quality, mobile application.
(ProQuest: ... denotes formulae omitted.)
I. INTRODUCTION
Quality and security are essential requirements for software products. The market requires quality and secure software, and customers are often interested in buying secure software even if their price is higher.
Developing mobile applications involves besides knowing the programming language and knowing the development frameworks and the types of devices they are developing, so that applications make optimal use of the hardware resources of mobile devices. The development of mobile applications has to be achieved with constant alignment to specific standards and quality characteristics and compliance with quality standards. This has made it necessary to research quality metrics on security of mobile application.
The realization of mobile applications in the field of education is a topical field addressed by a large number of researchers like: [1], [2], [5], [6], [7], [8].
Mobile app testing is divided into two stages:
* emulator testing, which involves verifying the mobile application through software tools that simulate running on a real mobile device; this test is done quickly when the application is developed. After the application has been fully developed and verified in the emulator, it should be tested in real environment on real devices;
* real-world testing involves verifying the vulnerabilities of the mobile application on the mobile devices for which they were designed and developed; In this way, the actual behaviour of apps is tested when handled on mobile devices. Applications are verified in the real world after they have been tested using the emulators.
II. SECURITY FEATURES OF MOBILE APPLICATIONS IN THE EDUCATION SYSTEM
Features related to the security of information, data and transactions within the mobile application are:
* risks and vulnerabilities of mobile application measure the effects of security breaches involuntarily included in the mobile application. Since the behavior of the mobile application is distributed and is influenced by many factors, the vulnerabilities associated with the application are estimated and correlated with its size, expressed as a number of instructions.
* error management is the ability of the mobile application to properly handle operating errors for continuing user activity within the mobile application. Thus, the application has an uninterrupted operation caused by these errors. The user is notified of these errors and the actions taken by the application to correct them.
* data security is the way to ensure data privacy on the mobile device, [4]. Thus, in case of loss or theft of the mobile device, the data used by the application must remain confidential and cannot be accessed by unauthorized persons to do so.
* transaction security is the way to secure the privacy of personal or important data in mapplications transactions on other mobile devices or the server where the database is located, especially because the infrastructure used is wireless. [9]. When the data is transmitted to the server, it is encrypted, and in case of an attack on the transaction between the application on the mobile device and the application on the server, the traded information remains unaltered and unreadable by other persons who do not have this right.
* user security is the feature that highlights the security of the mobile application at the user interface level. Thus, the security of information provided by the user through the interface, such as passwords or other confidential data, is ensured. Providing passwords through the interface is made so that if there are other people next to the user, they will not be able to read and decipher the password typed by the user on the mobile device. Increasing user security eliminates cases where the user himself damages the mobile application.
* administration security is a feature that highlights the security of the mobile application at the level of resource management available for optimal operation and the way data is transmitted through transactions to other mobile or server applications. Administrative security is the workgroup with both the data and the transactions made by the mobile application so that everything is a well-defined and unitary product.
Figure 1 shows the links and influences between application security quality features.
User security and administration security are two features at the extreme limits of degree of influence. Among these are the risks and vulnerabilities along with error management near user security and data security with transactions security influenced by administration security. Data security and transaction security are also influenced by error management.
III. OBTAINING WEIGHT FOR MOBILE SECURITY ASSESSMENT METRICS
In order to achieve mobile security assessment metrics, it is necessary to obtain a weighting system for the quality characteristics identified for mobile applications.
For determining the weight of the quality characteristics, a questionnaire was made up of several questions, one concerning the importance of quality characteristics:_
Respondents were also questioned about their mobile application or mobile application development experience.
The questionnaire was posted on the e-sondaje.ro platform and distributed to both software developers and mobile application users. It was distributed only online through the platform. The questionnaire was answered by 178 people. Of these, 92 are female and the remaining 86 are male.
Based on the questionnaire, the two categories of specialists are distinguished: users and developers. Thus, two sets of weights are determined. A set of weights from the point of view of mobile application developers and a set of weights from the point of view of mobile application users. The two sets of weights highlight the importance of the two categories of features related to user types: the development of mobile applications for developers and how users interact with mobile application specialists.
To determine the set of weights from the point of view of the mobile application developers, the answers given by the developers of mobile applications. There are 42. On the basis of their answers, the obtained weights are presented in Table 1.
To determine the set of weights from the point of view of mobile application users, responses were chosen by mobile application specialists. These are 148. Based on their answers, the weights are presented in Table 2.
IV. BUILDING METRICS TO EVALUATE THE SECURITY QUALITY OF MOBILE APPLICATIONS
For each quality feature of mobile apps, an indicator is included which is part of the software metrics to determine the quality of mobile applications. Table 3 shows the indicators for the security quality of mobile applications.
The IGV vulnerability indicator is calculated according to the expression:
... (1)
where:
NTI - the total number of instructions;
Vi - number of vulnerabilities during the instruction i;
The IGGE error management indicator is defined by the formula:
... (2)
where:
NEGC - number of events managed correctly by the application;
NTEN - the total number of unpredictable and uncontrollable events;
The IGSD data security level indicator is defined by the formula:
... (3)
where:
UDT - time unit.
The security level indicator at IGST transaction level is defined by the formula:
... (4)
where:
NrTr - the number of transactions made through the application.
The user security level indicator, IGSU, is calculated by the relationship:
... (5)
where:
naa - the total number of hits of the mobile application by the user;
nat - the number of hits in which information reaches other people except the user.
The IGSA security level indicator is defined by the formula:
... (6)
where:
nrPerNec - the number of permissions on the hardware resources required for the application;
nrPerEf - the number of permissions on the hardware resources made within the application.
This is an analysis of the efficacy of assigning permissions to the hardware resources for the mobile application.
To determine the quality from the point of view of mobile application developers, we use the weighted system based on responses given by developer respondents and software metrics building formulas. Thus, Table 4 is obtained.
To determine the quality from mobile users' point of view, the weighted system is based on the responses given by respondents who said they are using mobile applications and software metrics building formulas. Thus Table 5 is obtained.
To calculate this aggregate indicator, similar to determining the quality of mobile application developers, the values of all the indicators for the quality characteristics for mobile applications.
V. SECURITY OPTIMIZATION FOR MOBILE LEARNING APPLICATIONS
Bicriterial optimization involves the process of improving the quality of mobile applications against two criteria set before the start of the optimization process. Both criteria are complementary, so the very high increase of a criterion leads to the lowering of the other criterion.
The two features chosen as optimization criteria are User Security and User Satisfaction, Figure 2, [3].
Increasing the security of mobile applications increases the duration of interaction and automatically reduces user satisfaction.
After implementing the application to users, the importance of the two features can be changed by modifying the mobile application.
Modifying the application to optimize its quality implies the consumption of resources and technologies that generate costs for the investor.
The costs incurred by the investor are for:
* human resources represented by programmers making changes within the application; their number and the time they are paid depends directly on the legibility of the source code and the modifiability of the mobile application;
* human resources represented by designers who will build the graphics of the mobile application; the process of optimizing the mobile application involves developing new interfaces or adapting existing interfaces to increase user satisfaction, bring frequently used items closer to the user, and create a natural application.
* hardware and software resources needed by programmers to make changes; for programmers to develop their work they need computers and software for code writing; they must be paid by the investor;
* licenses to use the technologies needed to modify the mobile application to refine its quality;
* advertisement that tells users of the changes made within the app; even if users who use the app will see the modified app, it is necessary to promote new ads to attract new users.
These costs are borne by the investor to optimize the quality of the mobile application through the two quality features: User Security and User Satisfaction.
The cost of optimizing mobile applications is influenced by the direction the developer is going to optimize the application.
If the investor wants an application security optimization, they will increase hardware and software acquisition costs because for increased security, the implementation of new technologies to provide greater security than the technologies previously used.
If the investor wants optimization in terms of user satisfaction, it will increase human resource costs: designers, because a new application interface, a more user-friendly interface and a more natural user interface.
The influence of bicriterial optimization on costs is presented in Table 6.
Costs for designers and promoters are not influenced by the User Security criterion, and the User Satisfaction criterion does not affect the costs for hardware resources and promotion costs.
Costs with programmers are also influenced both for User Security and User Satisfaction. This influence is minor because the costs with the programmers are regardless of the direction in which the mobile application is developed.
VI. CONCLUSIONS
In this research, a model for the management assurance of the security quality of mobile application is proposed. Future research must highlight the verification of this model for simultaneous equalities of weights averages for two or more sets of collectivities and the verification regarding the dispersions equality in the case of different weights' sets from two or more collectivities like normal users or developers.
The indicator's validation requires a long period of time in which can be seen the mobile applications' behavior, comparing the estimated level with the planned and actual level. For situations in which more collectivities' sets are available, for reaching good results, divide et impera procedure is applied to the sets of weights.
To evaluate and verify this model it will be develop a mobile applications. This mobile application it will be tested in real learning environment.
Reference Text and Citations
[1] Ally, M., Samaka, M., 2013. Open Education Resources and Mobile Technology to Narrow the Learning Divide, The International Review in Open and Distance Learning, vol. 14, nr. 2, 2013, pp. 14-27, ISSN 1492-3831
[2] Anderson, T., 2008, The Theory And Practice Of Online Learning, Second Edition, AU Press, Athabasca University, 2008, 472 p., ISBN 978-1-897425-08-4
[3] Boja, C., Doinea, M., 2013. Usability vs. Security in Mobile Applications, Proceedings of the 12th International Conference on Informatics in Economy, Education, Research & Business Technologies, 25-28 April 2013, Bucharest, Romania, pp. 138-142, ISSN 2284-7472
[4] Boja, C., 2011. Security Survey of Internet Browsers Data Managers, Journal Of Mobile, Embedded And Distributed Systems - JMEDS, vol. 3, nr. 3, 2011, pp. 109-119, ISSN 2067-4074
[5] Butoi, A., Tomai, N., Mican, D., Silaghi, Gh. C., 2013 Designing Effective Web-Based M-Learning Systems, In Proceeding of the 12th International Conference on Informatics in Economy (ISSN: 2247 - 1480), Education, Research & Business Technologies. Bucharest: ASE Publishing House.
[6] Lee, K. B., Salman, R., 2012. The Design and Development of Mobile Collaborative Learning Application Using Android, Journal of Information Technology and Application in Education, vol. 1, nr. 1, 2012, pp. 1-8, ISSN 1539-3585 (online)
[7] Mitu, C.-D., 2013. Transforming Education Through Mobile Technology in the Digital Era, The 9th International Scientific Conference eLearning and software for Education Bucharest, April 25-26, 2013, pp. 215-218, ISSN 2066-026X
[8] Parsons, D., Ryu, H., 2006. A Framework for Assessing the Quality of Mobile Learning, International Conference For Process Improvement, Research And Education, 2006, pp. 17-27
[9] Tomai, N., Silaghi, Gh. C., 2012. Tehnologii şi aplicaţii mobile, Editura RISOPRINT, Cluj-Napoca, 2012, 506 p.
Copyright "Carol I" National Defence University 2018