A Guidance Model for Architecting Secure Mobile Applications

In addition to fast technological advances in the area of mobile devices and its broad adoption in todays developed societies, mobile applications do not only address the consumer electronics market but are also increasingly being used in a business and industry context. Thus, we see a demand for research developing software systems comprising mobile devices with special respect to security concerns. In this paper we want to address this demand from an architectural point of view and make use of the concept of architectural decisions. We present a guidance model that supports on the one hand this decisionmaking process during architecting mobile applications. On the other hand the presented guidance model serves as a tool to evaluate existing architectures. The guidance model has been created based on an adapted version of Zimmermann’s SOAD framework, which is used for in the context of service-oriented architectures. The guidance model itself consists of a set of interrelated architectural decisions for recurring design situations. The application of the guidance model is demonstrated along a real-world scenario. The guidance model also takes into account that security concerns are changing and therefore provides an extension mechanism which is presented in this paper.