DESIGN AND IMPLEMENTATION SECURE M-LEARNING ANDROID APPLICATION USING MASVS OWASP STANDARD 1.0 APPROACH
Mobile-learning (m-learning) system provides plentiful of convenience. Users can access learning resources from anywhere at anytime. However, the convenience offered by the m-learning system is also accompanied by the information security threats on mobile devices, which are very diverse. Therefo...
Saved in:
| Main Author: | |
|---|---|
| Format: | Theses |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/39658 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| Summary: | Mobile-learning (m-learning) system provides plentiful of convenience. Users can
access learning resources from anywhere at anytime. However, the convenience
offered by the m-learning system is also accompanied by the information security
threats on mobile devices, which are very diverse. Therefore, application of security
implementation is very important when designing and implementing a mobile
application, including the m-learning application. Some of security challenges in
developing the m-learning application are confidentiality, data integrity, and
authenticity. This study aims to address the challenges of developing secure mlearning
applications on the Android platform with the standard approach of
Mobile Application Security Verification Standard (MASVS) 1.0 issued by OWASP.
Adopted research method to produce a prototype simulation of secure m-learning
applications was systems engineering. Security design of seurity m-learning
application employed Problem Frames method to produce a security catalog
according to the results of minimal asset identification, threats, and security
techniques performed. The design of software development in this study uses MUML
which is an extension of UML modeling for agent-based software systems.
The implementation of risk mitigation at each abuse frame in this study focused on
the security techniques of android-based applications using the OWASP MASVS
standard approach. While the implementation of the backend server was developed
as a provider of learning resources to be accessible by mobile applications through
the RESTful web service API. Tests conducted on the results of the implementation
of secure m-learning applications using the Mobile Security Testing Guide (MSTG)
testing guidelines, so that it can be shown the suitability result of the security
techniques performed from the risk mitigation approach of each identified abuse
frame. |
|---|