Browse ORBilu by Open Access
- What it is and what it isn't
- Green Road / Gold Road?
- Ready to Publish. Now What?
- How can I support the OA movement?
- Where can I learn more?
ORBilu is a project developed by
  Study to support the review of Directive (EU) 2016/1148 concerning measures for a high common level of security of network and information systems across the Union (NIS Directive), No. 2020-665; ; et al Report (2021) Detailed reference viewed: 57 (5 UL) A Screening Test for Disclosed Vulnerabilities in FOSS ComponentsDashevskyi, Stanislav  ; ; in IEEE Transactions on Software Engineering (2018) Detailed reference viewed: 103 (8 UL)Towards Black Box Testing of Android Apps; ; Gadyatskaya, Olga et alin Proc. of Software Assurance Workshop at the 10th International Conference on Availability, Reliability and Security (ARES) (2015, August) Many state-of-art mobile application testing frameworks (e.g., Dynodroid, EvoDroid) enjoy Emma or other code coverage libraries to measure the coverage achieved. The underlying assumption for these ... [more ▼] Many state-of-art mobile application testing frameworks (e.g., Dynodroid, EvoDroid) enjoy Emma or other code coverage libraries to measure the coverage achieved. The underlying assumption for these frameworks is availability of the app source code. Yet, application markets and security researchers face the need to test third-party mobile applications in the absence of the source code. There exists a number of frameworks both for manual and automated test generation that address this challenge. However, these frameworks often do not provide any statistics on the code coverage achieved, or provide coarse-grained ones like a number of activities or methods covered. At the same time, given two test reports generated by different frameworks, there is no way to understand which one achieved better coverage if the reported metrics were different (or no coverage results were provided). To address these issues we designed a framework called BBOXTESTER that is able to generate code coverage reports and produce uniform coverage metrics in testing without the source code. Security researchers can automatically execute applications exploiting current stateof- art tools, and use the results of our framework to assess if the security-critical code was covered by the tests. In this paper we report on design and implementation of BBOXTESTER and assess its efficiency and effectiveness. [less ▲] Detailed reference viewed: 120 (1 UL)StaDynA: Addressing the Problem of Dynamic Code Updates in the Security Analysis of Android Applications; ; Gadyatskaya, Olga et alin Proceedings of CODASPY '15 (2015, March) Static analysis of Android applications can be hindered by the presence of the popular dynamic code update techniques: dynamic class loading and reflection. Recent Android malware samples do actually use ... [more ▼] Static analysis of Android applications can be hindered by the presence of the popular dynamic code update techniques: dynamic class loading and reflection. Recent Android malware samples do actually use these mechanisms to conceal their malicious behavior from static analyzers. These techniques defuse even the most recent static analyzers that usually operate under the "closed world" assumption (the targets of reflective calls can be resolved at analysis time; only classes reachable from the class path at analysis time are used at runtime). Our proposed solution allows existing static analyzers to remove this assumption. This is achieved by combining static and dynamic analysis of applications in order to reveal the hidden/updated behavior and extend static analysis results with this information. This paper presents design, implementation and preliminary evaluation results of our solution called StaDynA. [less ▲] Detailed reference viewed: 107 (0 UL)GoCoMM: a governance and compliance maturity modelGheorghe, Gabriela ; ; et alin GoCoMM: a governance and compliance maturity model (2009) Detailed reference viewed: 61 (3 UL) |
||
