ORCID Profile
0000-0001-9696-3626
Current Organisation
University of Adelaide
Does something not look right? The information on this page has been harvested from data sources that may not be up to date. We continue to work with information providers to improve coverage and quality. To report an issue, use the Feedback Form.
Publisher: ACM
Date: 18-08-2021
Publisher: JMIR Publications Inc.
Date: 26-07-2019
Abstract: obile health (mHealth) apps have gained significant popularity over the last few years due to their tremendous benefits, such as lowering health care costs and increasing patient awareness. However, the sensitivity of health care data makes the security of mHealth apps a serious concern. Poor security practices and lack of security knowledge on the developers’ side can cause several vulnerabilities in mHealth apps. n this review paper, we aimed to identify and analyze the reported challenges concerning security that developers of mHealth apps face. Additionally, our study aimed to develop a conceptual framework with the challenges for developing secure apps faced by mHealth app development organizations. The knowledge of such challenges can help to reduce the risk of developing insecure mHealth apps. e followed the systematic literature review method for this review. We selected studies that were published between January 2008 and October 2020 since the major app stores launched in 2008. We selected 32 primary studies using predefined criteria and used a thematic analysis method for analyzing the extracted data. f the 1867 articles obtained, 32 were included in this review based on the predefined criteria. We identified 9 challenges that can affect the development of secure mHealth apps. These challenges include lack of security guidelines and regulations for developing secure mHealth apps (20/32, 63%), developers’ lack of knowledge and expertise for secure mHealth app development (18/32, 56%), lack of stakeholders’ involvement during mHealth app development (6/32, 19%), no/little developer attention towards the security of mHealth apps (5/32, 16%), lack of resources for developing a secure mHealth app (4/32, 13%), project constraints during the mHealth app development process (4/32, 13%), lack of security testing during mHealth app development (4/32, 13%), developers’ lack of motivation and ethical considerations (3/32, 9%), and lack of security experts’ engagement during mHealth app development (2/32, 6%). Based on our analysis, we have presented a conceptual framework that highlights the correlation between the identified challenges. hile mHealth app development organizations might overlook security, we conclude that our findings can help them to identify the weaknesses and improve their security practices. Similarly, mHealth app developers can identify the challenges they face to develop mHealth apps that do not pose security risks for users. Our review is a step towards providing insights into the development of secure mHealth apps. Our proposed conceptual framework can act as a practice guideline for practitioners to enhance secure mHealth app development.
Publisher: Association for Computing Machinery (ACM)
Date: 16-01-2023
DOI: 10.1145/3558001
Abstract: Command, Control, Communication, and Intelligence (C3I) systems are increasingly used in critical civil and military domains for achieving information superiority, operational efficacy, and greater situational awareness. The critical civil and military domains include, but are not limited to, battlefield, healthcare, transportation, and rescue missions. Given the sensitive nature and modernization of tactical domains, the security of C3I systems has recently become a critical concern. This is because cyber-attacks on C3I systems have catastrophic consequences including loss of human lives. Despite the increasing number of cyber-attacks on C3I systems and growing concerns about C3I systems’ security, there is a paucity of a comprehensive review to systematize the body of knowledge on the security of C3I systems. Therefore, in this article, we have gathered, analyzed, and synthesized the body of knowledge on the security of C3I systems. We have identified and reported security vulnerabilities, attack vectors, and countermeasures/defenses for C3I systems. In particular, this article has enabled us to (i) propose a taxonomy for security vulnerabilities, attack vectors, and countermeasures (ii) interrelate attack vectors with security vulnerabilities and countermeasures and (iii) propose future research directions for advancing the state-of-the-art on the security of C3I systems. We believe that our findings will serve as a guideline for practitioners and researchers to advance the state-of-the-practice and state-of-the-art on the security of C3I systems.
Publisher: Springer International Publishing
Date: 2023
Publisher: Elsevier BV
Date: 2021
Publisher: Elsevier BV
Date: 04-2022
Publisher: Association for Computing Machinery (ACM)
Date: 03-12-2022
DOI: 10.1145/3529757
Abstract: Software Vulnerabilities (SVs) are increasing in complexity and scale, posing great security risks to many software systems. Given the limited resources in practice, SV assessment and prioritization help practitioners devise optimal SV mitigation plans based on various SV characteristics. The surges in SV data sources and data-driven techniques such as Machine Learning and Deep Learning have taken SV assessment and prioritization to the next level. Our survey provides a taxonomy of the past research efforts and highlights the best practices for data-driven SV assessment and prioritization. We also discuss the current limitations and propose potential solutions to address such issues.
Publisher: Institute of Electrical and Electronics Engineers (IEEE)
Date: 2022
Publisher: Institute of Electrical and Electronics Engineers (IEEE)
Date: 09-2023
Publisher: JMIR Publications Inc.
Date: 21-06-2021
DOI: 10.2196/15654
Abstract: Mobile health (mHealth) apps have gained significant popularity over the last few years due to their tremendous benefits, such as lowering health care costs and increasing patient awareness. However, the sensitivity of health care data makes the security of mHealth apps a serious concern. Poor security practices and lack of security knowledge on the developers’ side can cause several vulnerabilities in mHealth apps. In this review paper, we aimed to identify and analyze the reported challenges concerning security that developers of mHealth apps face. Additionally, our study aimed to develop a conceptual framework with the challenges for developing secure apps faced by mHealth app development organizations. The knowledge of such challenges can help to reduce the risk of developing insecure mHealth apps. We followed the systematic literature review method for this review. We selected studies that were published between January 2008 and October 2020 since the major app stores launched in 2008. We selected 32 primary studies using predefined criteria and used a thematic analysis method for analyzing the extracted data. Of the 1867 articles obtained, 32 were included in this review based on the predefined criteria. We identified 9 challenges that can affect the development of secure mHealth apps. These challenges include lack of security guidelines and regulations for developing secure mHealth apps (20/32, 63%), developers’ lack of knowledge and expertise for secure mHealth app development (18/32, 56%), lack of stakeholders’ involvement during mHealth app development (6/32, 19%), no/little developer attention towards the security of mHealth apps (5/32, 16%), lack of resources for developing a secure mHealth app (4/32, 13%), project constraints during the mHealth app development process (4/32, 13%), lack of security testing during mHealth app development (4/32, 13%), developers’ lack of motivation and ethical considerations (3/32, 9%), and lack of security experts’ engagement during mHealth app development (2/32, 6%). Based on our analysis, we have presented a conceptual framework that highlights the correlation between the identified challenges. While mHealth app development organizations might overlook security, we conclude that our findings can help them to identify the weaknesses and improve their security practices. Similarly, mHealth app developers can identify the challenges they face to develop mHealth apps that do not pose security risks for users. Our review is a step towards providing insights into the development of secure mHealth apps. Our proposed conceptual framework can act as a practice guideline for practitioners to enhance secure mHealth app development.
Publisher: Springer International Publishing
Date: 2021
Publisher: Association for Computing Machinery (ACM)
Date: 31-12-2021
DOI: 10.1145/3529162
Abstract: In Dynamic Service Composition (DSC), an application can be dynamically composed using web services to achieve its functional and Quality of Services (QoS) goals. DSC is a relatively mature area of research that crosscuts autonomous and services computing. Complex autonomous and self-adaptive computing paradigms (e.g., multi-tenant cloud services, mobile/smart services, services discovery and composition in intelligent environments such as smart cities) have been leveraging DSC to dynamically and adaptively maintain the desired QoS, cost and to stabilize long-lived software systems. While DSC is fundamentally known to be an NP-hard problem, systematic attempts to analyze its scalability have been limited, if not absent, though such analysis is of a paramount importance for their effective, efficient, and stable operations. This article reports on a new application of goal-modeling, providing a systematic technique that can support DSC designers and architects in identifying DSC-relevant characteristics and metrics that can potentially affect the scalability goals of a system. The article then applies the technique to two different approaches for QoS-aware dynamic services composition, where the article describes two detailed exemplars that exemplify its application. The exemplars hope to provide researchers and practitioners with guidance and transferable knowledge in situations where the scalability analysis may not be straightforward. The contributions provide architects and designers for QoS-aware dynamic service composition with the fundamentals for assessing the scalability of their own solutions, along with goal models and a list of application domain characteristics and metrics that might be relevant to other solutions. Our experience has shown that the technique was able to identify in both exemplars application domain characteristics and metrics that had been overlooked in previous scalability analyses of these DSC, some of which indeed limited their scalability. It has also shown that the experiences and knowledge can be transferable: The first exemplar was used as an ex le to inform and ease the work of applying the technique in the second one, reducing the time to create the model, even for a non-expert.
Publisher: ACM
Date: 10-10-2022
Publisher: Association for Computing Machinery (ACM)
Date: 21-10-2024
DOI: 10.1145/3626566
No related grants have been discovered for Muhammad Ali Babar.