During my recent visit to China, I visited the Software Engineering Laboratory, Software School at Fudan University in Shanghai. It has always a great pleasure visiting Professor Xin Peng and his team who are conducting an excellent research on challenging and important topics of Software Product Lines, Software Maintenance and Evolution, and Requirements Engineering. This was my second visit to the group and I always find quite useful and important research threads being followed by different graduate students and academic staff associated with the laboratory under the direction of Professor Xin Peng. I was also invited to give a talk to the group. I chose to present our work on privacy in mobile devices and data exfiltration challenges and countermeasures using Evidence Based Software Engineering. This work is ongoing and we are continuing updating the work on privacy issues in mobile computing and now this work would have collaborators from Open University UK. The abstract of the talk can give some ideas about our ongoing work in these areas:
Mobile devices have become pervasive computing and storage environments for work, leisure, and socialization. One of the key concerns is the cyber attacks targeting the privacy and data of mobile computing users. One of our main research goals is to systematically build a cohesive body of knowledge from the outcomes of the research efforts aimed at understanding the privacy invasion attack and data stealing tactics and devising appropriate countermeasures. To this end, we have been leveraging Systematic Literature Review method of Evidence-Based Software Engineering (EBSE). In this talk, I’ll present the findings from our effort to systemize the existing literature on the types of privacy invasion attacks and data stealing tactics and the reported countermeasures. The findings will be presented using the taxonomic frameworks built to help not only identify the areas where technological and organisational resources can be allocated but also provide knowledge-based guidance for the future efforts to devise and evaluate appropriate solutions.