Data vulnerability detection by security testing for Android applications
作者: Sebastien Salva , Stassia R. Zafimiharisoa
DOI: 10.1109/ISSA.2013.6641043
关键词:
摘要: The Android intent messaging is a mechanism that ties components together to build Mobile applications. Intents are kinds of messages composed actions and data, sent by component another perform several operations, e.g., launching user interface. eases the writing applications, but it might also be used as an entry point for security attacks. latter can easily with intents components, indirectly forward attacks other so on. In this context, paper proposes Model-based testing approach attempt detect data vulnerabilities in words, generates test cases check whether vulnerable attacks, through intents, expose personal data. Our method takes applications intent-based formally expressed models called vulnerability patterns. Then, originality our approach, partial specifications automatically generated from configuration files codes. Test then patterns previous specifications. A tool, APSET, presented evaluated experimentations on some
sci-hub.se 参考文章(7)
L. Frantzen, T.A.C. Willemse, G.J. Tretmans, Test Generation Based on Symbolic Specifications Formal approaches to software testing : 4th international workshop, FATES 2004, Linz, Austria, September 21, 2004 : revised selected papers. ,vol. 3395, pp. 1- 15 ,(2005)
Lars Frantzen, Jan Tretmans, Tim A. C. Willemse, Test Generation Based on Symbolic Specifications Formal Approaches to Software Testing. pp. 1- 15 ,(2005) , 10.1007/978-3-540-31848-4_1
Jiagui Zhong, Jianjun Huang, Bin Liang, Android Permission Re-delegation Detection and Test Case Generation international conference on computer science and service system. pp. 871- 874 ,(2012) , 10.1109/CSSS.2012.222
Selin Benli, Anthony Habash, Andy Herrmann, Tyler Loftis, Devon Simmonds, A Comparative Evaluation of Unit Testing Techniques on a Mobile Platform 2012 Ninth International Conference on Information Technology - New Generations. pp. 263- 268 ,(2012) , 10.1109/ITNG.2012.45
Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner, Android permissions demystified Proceedings of the 18th ACM conference on Computer and communications security - CCS '11. pp. 627- 638 ,(2011) , 10.1145/2046707.2046779
Yiming Jing, Gail-Joon Ahn, Hongxin Hu, Model-Based Conformance Testing for Android international workshop on security. pp. 1- 18 ,(2012) , 10.1007/978-3-642-34117-5_1
Warwick B. Mugridge, Myra B. Cohen, Charles J. Colbourn, Peter B. Gibbons, Constructing test suites for interaction testing international conference on software engineering. pp. 38- 48 ,(2003) , 10.5555/776816.776822