ICST 2021
Mon 12 - Fri 16 April 2021
You're viewing the program in a time zone which is different from your device's time zone change time zone

Fri 16 Apr

Displayed time zone: Brasilia, Distrito Federal, Brazil change

09:00 - 09:15
Starting INTUITESTBEDSINTUITESTBEDS at Paiva
09:00
15m
Day opening
Welcome and Opening Message
INTUITESTBEDS

09:15 - 10:15
KeynoteINTUITESTBEDS at Paiva

Invited Keynote Dr. Mariano Ceccato University of Verona

Security Testing of Android Apps

Android facilitates apps interoperation and integration through inter-process communication mechanism, by allowing an app to request a task from another app that is installed on the same device. However, this interoperation mechanism poses security risks if an app does not implement it properly, such as permission re-delegation vulnerabilities, i.e., a form of privilege escalation where unprivileged malicious apps exploit vulnerable privileged apps to take privileged actions on the attacker behalf. Static analysis techniques as well as run-time protections have been proposed to detect permission re-delegation vulnerabilities. However, as acknowledged by their authors, most of these approaches are affected by many false positives because they do not discriminate between benign task requests and actual permission re-delegation vulnerabilities. In this keynote, we will present a recent approach aiming at filling this gap and at bridging static and dynamic analysis with security testing for precise detection of permission re-delegation vulnerabilities. Our approach first groups a large set of benign and non-vulnerable apps into different clusters, based on their similarities in terms of functional descriptions. It then generates permission re-delegation model for each cluster, which characterizes common permission re-delegation behaviors of the apps in the cluster. Given an app under test, our approach checks whether it has permission re-delegation behaviors that deviate from the model of the cluster it belongs to. If that is the case, it generates test cases to detect the vulnerabilities, that show how the vulnerabilities can be exploited. Empirical validation suggests that this security testing approach outperforms state-of-the-art in terms of vulnerability detection precision.

09:15
60m
Keynote
Security Testing of Android Apps
INTUITESTBEDS
Mariano Ceccato University of Verona
10:30 - 11:00
INTUITESTBEDS Full research paper INTUITESTBEDS at Paiva
10:30
30m
Paper
Model-based Automated Testing of Mobile Applications: An Industrial Case Study
INTUITESTBEDS
Stefan Karlsson ABB AB, Mälardalen University
Pre-print
11:00 - 11:30
INTUITESTBEDS Full research paper INTUITESTBEDS at Paiva
11:00
30m
Paper
Improving Mobile User Interface Testing with Model Driven Monkey Search
INTUITESTBEDS
11:30 - 11:50
INTUITESTBEDS Position paper INTUITESTBEDS at Paiva
11:30
20m
Paper
A Metric Framework for the Gamification of Web and Mobile GUI Testing
INTUITESTBEDS
Riccardo Coppola Politecnico di Torino
11:50 - 12:15
Closing INTUITESTBEDSINTUITESTBEDS at Paiva
11:50
25m
Day closing
Open Discussion and Closing
INTUITESTBEDS