This is the 4th edition of INTUITESTBEDS (International Workshop on User Interface Test Automation and Testing Techniques for Event Based Software). INTUITESTBEDS is a merge of two workshops with very similar goals and topics, INTUITEST – International Workshop on User Interface Test Automation (organized 3 times before the merge), and TESTBEDS – International Workshop on TESting Techniques for event BasED Software (organized 7 times before the merge).
The workshop aims to bring together the researchers, practitioners and tool developers working on topics related to:
- automated testing of applications through the user interfaces, including but not limited to graphical user interfaces, user interfaces of mobile devices and applications, and user interfaces of web applications, and
- testing of other types of event-driven software, such as network protocols, embedded software, IoT applications and devices, web services and device drivers.
Venue
INTUITESTBEDS will be organized as a workshop of ICST 2021 (IEEE International Conference on Software Testing, Verification and Validation). The whole conference and all the workshop are going to be organized remotely.
Workshop site URL
For additional info and past editions please visit the INTUITESTBEDS web site at: https://www.intuitestbeds.org/
Fri 16 AprDisplayed time zone: Brasilia, Distrito Federal, Brazil change
09:00 - 09:15 | |||
09:00 15mDay opening | Welcome and Opening Message INTUITESTBEDS |
09:15 - 10:15 | KeynoteINTUITESTBEDS at Paiva Invited Keynote Dr. Mariano Ceccato University of Verona Security Testing of Android Apps Android facilitates apps interoperation and integration through inter-process communication mechanism, by allowing an app to request a task from another app that is installed on the same device. However, this interoperation mechanism poses security risks if an app does not implement it properly, such as permission re-delegation vulnerabilities, i.e., a form of privilege escalation where unprivileged malicious apps exploit vulnerable privileged apps to take privileged actions on the attacker behalf. Static analysis techniques as well as run-time protections have been proposed to detect permission re-delegation vulnerabilities. However, as acknowledged by their authors, most of these approaches are affected by many false positives because they do not discriminate between benign task requests and actual permission re-delegation vulnerabilities. In this keynote, we will present a recent approach aiming at filling this gap and at bridging static and dynamic analysis with security testing for precise detection of permission re-delegation vulnerabilities. Our approach first groups a large set of benign and non-vulnerable apps into different clusters, based on their similarities in terms of functional descriptions. It then generates permission re-delegation model for each cluster, which characterizes common permission re-delegation behaviors of the apps in the cluster. Given an app under test, our approach checks whether it has permission re-delegation behaviors that deviate from the model of the cluster it belongs to. If that is the case, it generates test cases to detect the vulnerabilities, that show how the vulnerabilities can be exploited. Empirical validation suggests that this security testing approach outperforms state-of-the-art in terms of vulnerability detection precision. | ||
09:15 60mKeynote | Security Testing of Android Apps INTUITESTBEDS Mariano Ceccato University of Verona |
10:30 - 11:00 | |||
10:30 30mPaper | Model-based Automated Testing of Mobile Applications: An Industrial Case Study INTUITESTBEDS Stefan Karlsson ABB AB, Mälardalen University Pre-print |
11:00 - 11:30 | |||
11:00 30mPaper | Improving Mobile User Interface Testing with Model Driven Monkey Search INTUITESTBEDS |
11:30 - 11:50 | |||
11:30 20mPaper | A Metric Framework for the Gamification of Web and Mobile GUI Testing INTUITESTBEDS Riccardo Coppola Politecnico di Torino |
11:50 - 12:15 | |||
11:50 25mDay closing | Open Discussion and Closing INTUITESTBEDS |
Accepted Papers
Call for Papers
We solicit novel papers related to the following topics (not strictly limited) in the context of testing User Interface and other Event Based Systems:
- Modeling and model inference,
- Test case generation and execution,
- Test oracles,
- Coverage, metrics and evaluation,
- Data analysis and reporting,
- Abstraction and re-usability,
- Interoperability and cross-platform testing,
- Prioritization and optimization,
- Tooling and industrial experiences.
Papers can be of one of the following four types:
- Full research contributions will be 8 pages in two-column IEEE conference publication format.
- Position papers describing an important direction for our community will be a maximum of 4 pages. in two-column IEEE conference publication format.
- Testing tool demos will be 4 pages length in two-column IEEE conference publication format, for researchers who want to present tools relevant to the workshop.
- Industrial presentations will require the submission of a 2 page overview and 4 example slides.
Each paper in the first three categories (full, position and demo) will be reviewed by at least three program committee members. Papers should be submitted as PDF files in two-column IEEE conference publication format. Templates for LaTeX and Microsoft Word are available here. Please use the letter, format template and conference option.
Accepted papers will be published as part of ICST workshops proceedings, through the IEEE digital library.
Papers should be submitted through EasyChair.
Invited Keynote
Dr. Mariano Ceccato University of Verona
Security Testing of Android Apps
Android facilitates apps interoperation and integration through inter-process communication mechanism, by allowing an app to request a task from another app that is installed on the same device. However, this interoperation mechanism poses security risks if an app does not implement it properly, such as permission re-delegation vulnerabilities, i.e., a form of privilege escalation where unprivileged malicious apps exploit vulnerable privileged apps to take privileged actions on the attacker behalf. Static analysis techniques as well as run-time protections have been proposed to detect permission re-delegation vulnerabilities. However, as acknowledged by their authors, most of these approaches are affected by many false positives because they do not discriminate between benign task requests and actual permission re-delegation vulnerabilities. In this keynote, we will present a recent approach aiming at filling this gap and at bridging static and dynamic analysis with security testing for precise detection of permission re-delegation vulnerabilities. Our approach first groups a large set of benign and non-vulnerable apps into different clusters, based on their similarities in terms of functional descriptions. It then generates permission re-delegation model for each cluster, which characterizes common permission re-delegation behaviors of the apps in the cluster. Given an app under test, our approach checks whether it has permission re-delegation behaviors that deviate from the model of the cluster it belongs to. If that is the case, it generates test cases to detect the vulnerabilities, that show how the vulnerabilities can be exploited. Empirical validation suggests that this security testing approach outperforms state-of-the-art in terms of vulnerability detection precision.