CATE: Concolic Android Testing Using Java PathFinder for Android Applications

McAfee, Patrick; Mkaouer, Mohamed Wiem; Krutz, Daniel E.

doi:10.1109/mobilesoft.2017.35

Cited by 5 publications

(5 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…JPF-Android [6], JPF-Mobile [7] and CATE [10] are model-based testing approaches. JPF-Android provides a simplified model of the Android framework on which an Android application can run.…”

Section: Related Workmentioning

confidence: 99%

“…Thus, it raised the need of starting from a solid ground to deliver a robust solution into our context. Thus, before we decided to develop and implement AETing, we evaluated the feasibility of reusing the following solutions: JPF-Android [6], JPF-Mobile [7], EHBDroid [8], DroidWalker [9] and CATE [10]. However, none of these solutions supported up-to-date Android versions, which is crucial in our context.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

An automated Android exploratory testing based on code evolution coverage

Oliveira,

Mota,

Reis

2024

Preprint

View full text Add to dashboard Cite

Testers face challenges to have their test suites up-to-update related to the application source code evolution to be tested. These challenges are greater in a global distributed software development context. The growing daily testing demand also makes difficult the maintenance of such suites. These test suites are also continuously automated to save the time of human testers, but they require maintenance as well. Exploratory testing comes as a trade-off between test case maintenance and human expertise and flexibility. Unfortunately, it is a manual task in general. In this work, we specifically designed a strategy called AETing, which automatically performs screen navigations and Monkey testing aiming to maximize coverage of code changes evolution between two versions of a given Android application. We developed and evaluated our approach in a real testing operation environment related to Motorola Mobility, through an agreement between CIn-UFPE and this company supported by the Informatics Law. The evaluation consisted of testing four different Motorola Android applications. Through the evaluation, we obtained promising results concerning the comparison between AETing and expert exploratory testers’ code coverage. We discuss in detail how AETing works and the results achieved.

show abstract

“…JPF-Android [6], JPF-Mobile [7] and CATE [10] are model-based testing approaches. JPF-Android provides a simplified model of the Android framework on which an Android application can run.…”

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

An automated Android exploratory testing based on code evolution coverage

Oliveira,

Mota,

Reis

2024

Preprint

View full text Add to dashboard Cite

show abstract

“…This limitation can result in the generation of path constraints that are feasible within the abstract model but not in the actual runtime environment. We might be able to use concolic technique similar to [59]- [62], obtaining environmental context through concrete execution. Furthermore, to improve the handling of native code, one promising direction would be to integrate tools like Angr [36], which specializes in handling native code.…”

Section: A Analysis Accuracymentioning

confidence: 99%

PolyScope: Multi-Policy Access Control Analysis to Triage Android Scoped Storage

Lee,

Chen,

Enck

et al. 2024

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

Filesystem vulnerabilities persist as a significant threat to Android systems, despite various proposed defenses and testing techniques. The complexity of program behaviors and access control mechanisms in Android systems makes it challenging to effectively identify these vulnerabilities. In this paper, we present PathSentinel, which overcomes the limitations of previous techniques by combining static program analysis and access control policy analysis to detect three types of filesystem vulnerabilities: path traversals, hijacking vulnerabilities, and luring vulnerabilities. By unifying program and access control policy analysis, PathSentinel identifies attack surfaces accurately and prunes many impractical attacks to generate input payloads for vulnerability testing. To streamline vulnerability validation, PathSentinel leverages large language models (LLMs) to generate targeted exploit code based on the identified vulnerabilities and generated input payloads. The LLMs serve as a tool to reduce the engineering effort required for writing test applications, demonstrating the potential of combining static analysis with LLMs to enhance the efficiency of exploit generation and vulnerability validation. Evaluation on Android 12 and 14 systems from Samsung and OnePlus demonstrates PathSentinel's effectiveness, uncovering 51 previously unknown vulnerabilities among 217 apps with only 2 false positives. These results underscore the importance of combining program and access control policy analysis for accurate vulnerability detection and highlight the promising direction of integrating LLMs for automated exploit generation, providing a comprehensive approach to enhancing the security of Android systems against filesystem vulnerabilities.

show abstract

“…Some of the main examples are KLEE [21] and EXE [22]. Also, there are tools based on concolic execution such as DART [35], CUTE [73] or JDart [58] or even more modern techniques such as CATE [60] for Android.…”

Section: Popular Toolsmentioning

confidence: 99%

Software Testing or The Bugs’ Nightmare

Menéndez¹

2021

Open Journal of Software Engineering

View full text Add to dashboard Cite

Software development is not error-free. For decades, bugs –including physical ones– have become a significant development problem requiring major maintenance efforts. Even in some cases, solving bugs led to increment them. One of the main reasons for bug’s prominence is their ability to hide. Finding them is difficult and costly in terms of time and resources. However, software testing made significant progress identifying them by using different strategies that combine knowledge from every single part of the program. This paper humbly reviews some different approaches from software testing that discover bugs automatically and presents some different state-of-the-art methods and tools currently used in this area. It covers three testing strategies: search-based methods, symbolic execution, and fuzzers. It also provides some income about the application of diversity in these areas, and common and future challenges on automatic test generation that still need to be addressed.

show abstract

CATE: Concolic Android Testing Using Java PathFinder for Android Applications

Cited by 5 publications

References 5 publications

An automated Android exploratory testing based on code evolution coverage

An automated Android exploratory testing based on code evolution coverage

PolyScope: Multi-Policy Access Control Analysis to Triage Android Scoped Storage

Software Testing or The Bugs’ Nightmare

Contact Info

Product

Resources

About