Blockchain-based public ecosystem for auditing security of software applications

Qinwen Hu, Muhammad Rizwan Asghar, Sherali Zeadally

Research output: Contribution to journalArticlepeer-review

3 Scopus citations

Abstract

Over the years, software applications have captured a big market ranging from smart devices (smartphones, smart wearable devices) to enterprise resource management including Enterprise Resource Planning, office applications, and the entertainment industry (video games and graphics design applications). Protecting the copyright of software applications and protection from malicious software (malware) have been topics of utmost interest for academia and industry for many years. The standard solutions use the software license key or rely on the Operating System (OS) protection mechanisms, such as Google Play Protect. However, some end users have broken these protections to bypass payments for applications that are not free. They have done so by downloading the software from an unauthorised website or by jailbreaking the OS protection mechanisms. As a result, they cannot determine whether the software they download is malicious or not. Further, if the software is uploaded to a third party platform by malicious users, the software developer has no way of knowing about it. In such cases, the authenticity or integrity of the software cannot be guaranteed. There is also a problem of information transparency among software platforms. In this study, we propose an architecture that is based on blockchain technology for providing data transparency, release traceability, and auditability. Our goal is to provide an open framework to allow users, software vendors, and security practitioners to monitor misbehaviour and assess software vulnerabilities for preventing malicious software downloads. Specifically, the proposed solution makes it possible to identify software developers who have gone rogue and are potentially developing malicious software. Furthermore, we introduce an incentive policy for encouraging security engineers, victims and software owners to participate in collaborative works. The outcomes will ensure the wide adoption of a software auditing ecosystem in software markets, specifically for some mobile device manufacturers that have been banned from using the open-source OS such as Android. Consequently, there is a demand for them to verify the application security without completely relying on the OS-specific security mechanisms.

Original languageEnglish
Pages (from-to)2643-2665
Number of pages23
JournalComputing
Volume103
Issue number11
DOIs
StatePublished - Nov 2021

Bibliographical note

Funding Information:
We thank the anonymous reviewers for their valuable comments, which helped us improve the content, organisation, and presentation of this work.

Publisher Copyright:
© 2021, The Author(s), under exclusive licence to Springer-Verlag GmbH Austria, part of Springer Nature.

Keywords

  • Blockchain
  • Security evaluation
  • Software audit
  • Software security

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Software
  • Numerical Analysis
  • Computer Science Applications
  • Computational Theory and Mathematics
  • Computational Mathematics

Fingerprint

Dive into the research topics of 'Blockchain-based public ecosystem for auditing security of software applications'. Together they form a unique fingerprint.

Cite this