Shengqian Yang,Haowei Wu,Hailong Zhang,Yan Wang,Chandrasekar Swaminathan,Dacong Yan,Atanas Rountev

DOI: https://doi.org/10.1007/s10515-018-0237-6

IF: 1.677

2018-06-16

Automated Software Engineering

Abstract:This work develops a static analysis to create a model of the behavior of an Android application’s GUI. We propose the window transition graph (WTG), a model representing the possible GUI window sequences and their associated events and callbacks. A key component and contribution of our work is the careful modeling of the stack of currently-active windows, the changes to this stack, and the effects of callbacks related to these changes. To the best of our knowledge, this is the first detailed study of this important static analysis problem for Android. We develop novel analysis algorithms for WTG construction and traversal, based on this modeling of the window stack. We also propose WTG extensions to handle certain aspects of asynchronous control flow. We describe an application of the WTG for GUI test generation, using path traversals. The evaluation of the proposed algorithms indicates their effectiveness and practicality.

computer science, software engineering

Taolue Chen,Jinlong He,Fu Song,Guozhen Wang,Zhilin Wu,Jun Yan

2018-01-01

Abstract:In this paper, we propose Android Stack Machine (ASM), a formal model to capture key mechanisms of Android multi-tasking such as activities, back stacks, launch modes, as well as task affinities. The model is based on pushdown systems with multiple stacks, and focuses on the evolution of the back stack of the Android system when interacting with activities carrying specific launch modes and task affinities. For formal analysis, we study the reachability problem of ASM. While the general problem is shown to be undecidable, we identify expressive fragments for which various verification techniques for pushdown systems or their extensions are harnessed to show decidability of the problem.

Desheng Zheng,Xiaoyu Li,Guowu Yang,Hai Wang,Lulu Tian

DOI: https://doi.org/10.1016/j.vlsi.2018.03.009

IF: 1.345

2018-01-01

Integration

Abstract:Generalized Symbolic Trajectory Evaluation (GSTE) is an alternative model checking technique based on particular automata to specify the properties. Despite the success of GSTE, its state explosion remains a major hurdle when applying it to large industrial designs. This paper presents two efficient theoretical underpinning abstraction algorithms based on assertion graph to combat the state explosion problem. We implement these two algorithms as a prototype system for discrete models. Experimental results show that the prototype system is 10× faster than the former without abstraction.

Taolue Chen,Jinlong He,Fu Song,Guozhen Wang,Zhilin Wu,Jun Yan

DOI: https://doi.org/10.1007/978-3-319-96142-2_29

2018-01-01

Abstract:In this paper, we propose Android Stack Machine (ASM), a formal model to capture key mechanisms of Android multi-tasking such as activities, back stacks, launch modes, as well as task affinities. The model is based on pushdown systems with multiple stacks, and focuses on the evolution of the back stack of the Android system when interacting with activities carrying specific launch modes and task affinities. For formal analysis, we study the reachability problem of ASM. While the general problem is shown to be undecidable, we identify expressive fragments for which various verification techniques for pushdown systems or their extensions are harnessed to show decidability of the problem.

Kangfeng Ye,Fang Yan,Simos Gerasimou

2024-03-01

Abstract:Probabilistic model checking is a widely used formal verification technique to automatically verify qualitative and quantitative properties for probabilistic models. However, capturing such systems, writing corresponding properties, and verifying them require domain knowledge. This makes it not accessible for researchers and engineers who may not have the required knowledge. Previous studies have extended UML activity diagrams (ADs), developed transformations, and implemented accompanying tools for automation. The research, however, is incomprehensive and not fully open, which makes it hard to be evaluated, extended, adapted, and accessed. In this paper, we propose a comprehensive verification framework for ADs, including a new profile for probability, time, and quality annotations, a semantics interpretation of ADs in three Markov models, and a set of transformation rules from activity diagrams to the PRISM language, supported by PRISM and Storm. Most importantly, we developed algorithms for transformation and implemented them in a tool, called QASCAD, using model-based techniques, for fully automated verification. We evaluated one case study where multiple robots are used for delivery in a hospital and further evaluated six other examples from the literature. With all these together, this work makes noteworthy contributions to the verification of ADs by improving evaluation, extensibility, adaptability, and accessibility.

Logic in Computer Science,Formal Languages and Automata Theory,Software Engineering

Zhanshuai Meng,Yanyan Jiang,Chang Xu

DOI: https://doi.org/10.1145/2875913.2875937

2015-01-01

Abstract:Mobile apps are prevalent in everyone's daily life. However, apps are oftentimes defective, undermining their convenience, and therefore automated testing and analysis of apps are developed to enhance apps' quality. As these advanced technologies become increasingly effective and complicated, prototyping such a tool also becomes a challenge. To facilitate easy development of high-quality testing and analysis tools that work with real-world apps, we in this paper present the design and implementation of ATT (Android Testing Toolkit), for crafting reusable and scalable testing and analysis on Android apps. ATT consists of integrated tools and APIs for event generation, profiling and program instrumentation, and can be distributed over cloud platforms for scalable testing and analysis. We qualitatively evaluated the applicability of ATT by demonstrating implementation of a series of existing and enhanced work (RERAN, Monkey+ and UGA) upon ATT, and quantitatively studied the scalability of parallelized UGA on a cloud platform with five real-world apps. We believe that our ATT tool would facilitate development of more advanced testing and analysis approaches for Android apps.

Xiangyu Zhang,Lingling Fan,Sen Chen,Yucheng Su,Boyuan Li

2023-08-20

Abstract:Due to the competitive environment, mobile apps are usually produced under pressure with lots of complicated functionality and UI pages. Therefore, it is challenging for various roles to design, understand, test, and maintain these apps. The extracted transition graphs for apps such as ATG, WTG, and STG have a low transition coverage and coarse-grained granularity, which limits the existing methods of graphical user interface (GUI) modeling by UI exploration. To solve these problems, in this paper, we propose SceneDroid, a scene-driven exploration approach to extracting the GUI scenes dynamically by integrating a series of novel techniques including smart exploration, state fuzzing, and indirect launching strategies. We present the GUI scenes as a scene transition graph (SceneTG) to model the GUI of apps with high transition coverage and fine? grained granularity. Compared with the existing GUI modeling tools, SceneDroid has improved by 168.74% in the coverage of transition pairs and 162.42% in scene extraction. Apart from the effectiveness evaluation of SceneDroid, we also illustrate the future potential of SceneDroid as a fundamental capability to support app development, reverse engineering, and GUI regression testing.

Software Engineering,Cryptography and Security,Human-Computer Interaction

Ana Rosario Espada,María del Mar Gallardo,Alberto Salmerón,Pedro Merino

DOI: https://doi.org/10.4204/EPTCS.180.1

2015-04-10

Abstract:The behavior of mobile devices is highly non deterministic and barely predictable due to the interaction of the user with its applications. In consequence, analyzing the correctness of applications running on a smartphone involves dealing with the complexity of its environment. In this paper, we propose the use of model-based testing to describe the potential behaviors of users interacting with mobile applications. These behaviors are modeled by composing specially-designed state machines. These composed state machines can be exhaustively explored using a model checking tool to automatically generate all possible user interactions. Each generated trace model checker can be interpreted as a test case to drive a runtime analysis of actual applications. We have implemented a tool that follows the proposed methodology to analyze Android devices using the model checker Spin as the exhaustive generator of test cases.

Software Engineering

Jue Wang,Yanyan Jiang,Chang Xu,Qiwei Li,Tianxiao Gu,Jun Ma,Xiaoxing Ma,Jian Lu

DOI: https://doi.org/10.1016/j.scico.2018.03.008

2016-01-01

Abstract:Smartphones are indispensable in people's daily lives. As smartphone apps are being increasingly concurrent, developers are increasingly unable to tackle the complexity and to avoid subtle concurrency bugs. To better address this issue, we propose a novel approach to manifesting concurrency bugs in Android apps based on the fact that one can simultaneously generate input events and their schedules for an app. We conduct static-dynamic hybrid analysis to find potentially conflicting resource accesses in an app. The app is then automatically pressure-tested by guided event and schedule generation. We implemented the prototype tool AATT and evaluated it over thirteen popular real-world open-source apps. AATT successfully found 9 concurrency bugs out of which 7 were previously unknown.

Chuangang Ren,Yulong Zhang,Hui Xue,Tao Wei,Peng Liu

2015-01-01

Abstract:Android multitasking provides rich features to enhance user experience and offers great flexibility for app developers to promote app personalization. However, the security implication of Android multitasking remains under-investigated. With a systematic study of the complex tasks dynamics, we find design flaws of Android multitasking which make all recent versions of Android vulnerable to task hijacking attacks. We demonstrate proof-of-concept examples utilizing the task hijacking attack surface to implement UI spoofing, denialof-service and user monitoring attacks. Attackers may steal login credentials, implement ransomware and spy on user’s activities. We have collected and analyzed over 6.8 million apps from various Android markets. Our analysis shows that the task hijacking risk is prevalent. Since many apps depend on the current multitasking design, defeating task hijacking is not easy. We have notified the Android team about these issues and we discuss possible mitigation techniques in this paper.

Xiao Li,Nana Chang,Yan Wang,Haohua Huang,Yu Pei,Linzhang Wang,Xuandong Li

DOI: https://doi.org/10.1109/icst.2017.22

2017-01-01

Abstract:The importance of regression testing in assuring the integrity of a program after changes is well recognized. One major obstacle in practicing regression testing is in maintaining tests that become obsolete due to evolved program behavior or specification. For mobile apps, the problem of maintaining obsolete GUI test scripts for regression testing is even more pressing. Mobile apps rely heavily on the correct functioning of their GUIs to compete on the market and provide good user experiences. But on the one hand, GUI tests break easily when changes happen to the GUI, On the other hand, mobile app developers often need to fight for a tight feedback loop and are left with limited time for test maintenance. In this paper, we propose a novel approach, called ATOM, to automatically maintain GUI test scripts of mobile apps for regression testing. ATOM uses an event sequence model to abstract possible event sequences on a GUI and a delta ESM to abstract the changes made to the GUI. Given both models as input, ATOM automatically updates the test scripts written for a base version app to reflect the changes. In an experiment with 22 versions from 11 production Android apps, ATOM updated all the test scripts affected by the version change, the updated scripts achieve over 80% of the coverage by the original scripts on the base version app, all except one set of updated scripts preserve over 60% of the actions in the original test scripts.

Tianxiao Gu,Chun Cao,Tianchi Liu,Chengnian Sun,Jing Deng,Xiaoxing Ma,Jian Lu

DOI: https://doi.org/10.1109/icsme.2017.72

2017-01-01

Abstract:Activities are the fundamental components of Android applications (apps). However, existing approaches to automated testing for Android apps cannot effectively manage the transitions between activities, e.g., too rarely or too often. Besides, some techniques need to repeatedly restart from scratch and revisit every intermediate activity to reach a specific one, which leads to unnecessarily long transitions and wasted time. To address these problems, we propose AimDroid, a practical model-based approach to automated testing for Android apps that aims to manage the exploration of activities and meantime minimize unnecessary transitions between them. Specifically, AimDroid applies an activity-insulated multi-level strategy during testing and replaying. It systematically discovers unexplored activities and then intensively exploits every discovered individual with a reinforcement learning guided random algorithm. We conduct comprehensive experiments on 50 popular closed-source commercial apps that in total have billions of daily usages in China. The results demonstrate that AimDroid outperforms both Sapienz and Monkey in activity, method and instruction coverage, respectively. In addition, AimDroid also reports more crashes than the other two.

Jiaping Gui,Ding Li,Zhengzhang Chen,Junghwan Rhee,Xusheng Xiao,Mu Zhang,Kangkook Jee,Zhichun Li,Haifeng Chen

DOI: https://doi.org/10.1109/ICDE48307.2020.00151

2020-01-01

Abstract:While backtracking analysis has been successful in assisting the investigation of complex security attacks, it faces a critical dependency explosion problem. To address this problem, security analysts currently need to tune backtracking analysis manually with different case-specific heuristics. However, existing systems fail to fulfill two important system requirements to achieve effective backtracking analysis. First, there need flexible abstractions to express various types of heuristics. Second, the system needs to be responsive in providing updates so that the progress of backtracking analysis can be frequently inspected, which typically involves multiple rounds of manual tuning. In this paper, we propose a novel system, APTrace, to meet both of the above requirements. As we demonstrate in the evaluation, security analysts can effectively express heuristics to reduce more than 99.5% of irrelevant events in the backtracking analysis of real-world attack cases. To improve the responsiveness of backtracking analysis, we present a novel execution-window partitioning algorithm that significantly reduces the waiting time between two consecutive updates (especially, 57 times reduction for the top 1% waiting time).

Kai Hu,Teng Zhang,Zhibin Yang,Wei-Tek Tsai

DOI: https://doi.org/10.1016/j.sysarc.2015.02.003

2015-01-01

Abstract:hitecture Analysis and Design Language (AADL) is often used to model safety-critical real-time systems. Model transformation is widely used to extract a formal specification so that AADL models can be verified and analyzed by existing tools. Timed Abstract State Machine (TASM) is a formalism not only able to specify behavior and communication but also timing and resource aspects of the system. To verify functional and nonfunctional properties of AADL models, this paper presents a methodology for translating AADL to TASM. Our main contribution is to formally define the translation rules from an adequate subset of AADL (including thread component, port communication, behavior annex and mode change) into TASM. Based on these rules, a tool called AADL2TASM is implemented using Atlas Transformation Language (ATL). Finally, a case study from an actual data processing unit of a satellite is provided to validate the transformation and illustrate the practicality of the approach.

Jinlong He,Taolue Chen,Ping Wang,Zhilin Wu,Jun Yan

DOI: https://doi.org/10.1007/978-3-030-34175-6_15

2019-01-01

Abstract:In this paper we formalize the semantics of the Android multitasking mechanism and develop efficient static analysis methods with automated tool supports. For the formalization, we propose an extension of the existing Android Stack Machine model to capture all the core elements of the mechanism, in particular, the intent flags used in inter-component communication. For the static analysis, we consider the configuration reachability and stack boundedness problem, designing new algorithms and developing a prototype tool TaskDroid to fully support automated model construction and analysis of Android apps. The experimental results show that TaskDroid is effective and efficient in analyzing Android apps in practice.

Zhao-xia Wang,Jian-min Wang,Xiao-chen Zhu,Li-jie Wen

DOI: https://doi.org/10.1631/jzus.c1100364

2012-01-01

Journal of Zhejiang University SCIENCE C

Abstract:Workflow management is concerned with automated support for business processes. Workflow management systems are driven by process models specifying the tasks that need to be executed, the order in which they can be executed, which resources are authorised to perform which tasks, and data that is required for, and produced by, these tasks. As workflow instances may run over a sustained period of time, it is important that workflow specifications be checked before they are deployed. Workflow verification is usually concerned with control-flow dependencies only; however, transition conditions based on data may further restrict possible choices between tasks. In this paper we extend workflow nets where transitions have concrete conditions associated with them, called WTC-nets. We then demonstrate that we can determine which execution paths of a WTC-net that are possible according to the control-flow dependencies, are actually possible when considering the conditions based on data. Thus, we are able to more accurately determine at design time whether a workflow net with transition conditions is sound.

Guowu Yang,William N. N. Hung,Xiaoyu Song,Wensheng Guo

DOI: https://doi.org/10.1155/2013/709071

2013-01-01

Journal of Applied Mathematics

Abstract:Generalized symbolic trajectory evaluation (GSTE) is a model checking approach and has successfully demonstrated its powerful capacity in formal verification of VLSI systems. GSTE is an extension of symbolic trajectory evaluation (STE) to the model checking of ω-regular properties. It is an alternative to classical model checking algorithms where properties are specified as finite-state automata. In GSTE, properties are specified as assertion graphs, which are labeled directed graphs where each edge is labeled with two labeling functions: antecedent and consequent. In this paper, we show the complement relation between GSTE assertion graphs and finite-state automata with the expressiveness of regular languages and ω-regular languages. We present an algorithm that transforms a GSTE assertion graph to a finite-state automaton and vice versa. By applying this algorithm, we transform the problem of GSTE assertion graphs implication to the problem of automata language containment. We demonstrate our approach with its application to verification of an FIFO circuit.

Yousra Aafer,Jianjun Huang,Yi Sun,Xiangyu Zhang,Ninghui Li,Chen Tian

DOI: https://doi.org/10.14722/ndss.2018.23121

2018-01-01

Abstract:The Android framework has raised increased security concerns with regards to its access control enforcement. Particularly, existing research efforts successfully demonstrate that framework security checks are not always consistent across appaccessible APIs. However, existing efforts fall short in addressing peculiarities that characterize the complex Android access control and the diversity introduced by the heavy vendor customization. In this paper, we develop a new analysis framework AceDroid that models Android access control in a path-sensitive manner and normalizes diverse checks to a canonical form. We applied our proposed modeling to perform inconsistency analysis for 12 images. Our tool proved to be quite effective, enabling to detect a significant number of inconsistencies introduced by various vendors and to suppress substantial false alarms. Through investigating the results, we uncovered high impact attacks enabling to write a key logger, send premium sms messages, bypass user restrictions, perform a major denial of services and other critical operations.

Junyan Qian,Baowen Xu

2007-01-01

Abstract:we present a methodology for automatically verifying programs against safety specifications based on finite state machine. Firstly, computing the abstract transition between abstract states is done by calling a theorem prover, and then an initial abstract model automatically is extracted from concrete program using predicate abstraction. However, the process of abstraction can be exponential in the number of predicates used. Program slicing, predicate inference and partitioning the set of candidate predicates into subsets make abstract model construction effective. By counterexample-guided abstraction refinement scheme, the abstraction refines incrementally until the specification is either satisfied or refuted. Finally, our methods can be extended to verifying concurrency programs by parallel composition.

Tianxiang Chen,Tao Song,Shusheng He,Alei Liang

DOI: https://doi.org/10.1007/978-981-13-0344-9_44

2018-01-01

Abstract:Android application testing has always been a serious problem for mobile developers. To support developers, this paper presents GATS, a GUI-based automated test system for Android apps. This tool uses finite-state machine to learn a model of the app during testing, then uses the learned model to generate user inputs or system event to visit the rest states of the app, and then uses the result of the input to refine the model. The goal of the tool is to trigger crashes. When a crash is happened, GATS will generate a crash report containing screenshot, logcat info with stack trace crash, reproduction steps, and so on. We evaluate GATS on ten Android applications from the top list of several app markets with Monkey, a fuzzing tool from Android platform, and Dynodroid, a previous research. Our result shows that our system has less running time and more bugs found.