References of "Pilgun, Aleksandr 50025421"
     in
Bookmark and Share    
Full Text
Peer Reviewed
See detailDon't Trust Me, Test Me: 100% Code Coverage for a 3rd-party Android App
Pilgun, Aleksandr UL

in Pilgun, Aleksandr (Ed.) Don't Trust Me, Test Me: 100% Code Coverage for a 3rd-party Android App (in press)

The incompleteness of 3rd-party app testing is an accepted fact in Software Engineering. This issue makes it impossible to verify the app functionality and to confirm its safety to the end-user. To solve ... [more ▼]

The incompleteness of 3rd-party app testing is an accepted fact in Software Engineering. This issue makes it impossible to verify the app functionality and to confirm its safety to the end-user. To solve this problem, enterprises developed strict policies. A company, willing to use modern apps, may perform an expensive security analysis, rely on trust or forbid the app. These strategies may lead companies to high direct and indirect spending with no guarantee of safety. In this work, we present a novel approach, called Dynamic Binary Shrinking, that allows a user to review app functionality and leave only tested code. The shrunk app produces 100% instruction coverage on observed behaviors and in this way guarantees the absence of unexplored, and therefore, potentially malicious code. On our running examples, we demonstrate that apps use less than 20% of the codebase. We developed an approach and the ACVCut tool to shrink Android apps towards the executed code. Repository — http://github.com/pilgun/acvcut. [less ▲]

Detailed reference viewed: 51 (0 UL)
See detail[GitHub] pilgun/acvcut: ACVCut 1.0
Pilgun, Aleksandr UL

Software (2020)

ACVCut shrinks Android apps towards executed code. The tool is based on ACVTool instruction coverage.

Detailed reference viewed: 51 (0 UL)
Full Text
Peer Reviewed
See detailFine-grained Code Coverage Measurement in Automated Black-box Android Testing
Pilgun, Aleksandr UL; Gadyatskaya, Olga UL; Zhauniarovich, Yury et al

in ACM Transactions on Software Engineering and Methodology (2020), 29(4), 1-35

Today, there are millions of third-party Android applications. Some of them are buggy or even malicious. To identify such applications, novel frameworks for automated black-box testing and dynamic ... [more ▼]

Today, there are millions of third-party Android applications. Some of them are buggy or even malicious. To identify such applications, novel frameworks for automated black-box testing and dynamic analysis are being developed by the Android community. Code coverage is one of the most common metrics for evaluating effectiveness of these frameworks. Furthermore, code coverage is used as a fitness function for guiding evolutionary and fuzzy testing techniques. However, there are no reliable tools for measuring fine-grained code coverage in black-box Android app testing. We present the Android Code coVerage Tool, ACVTool for short, that instruments Android apps and measures code coverage in the black-box setting at class, method and instruction granularity. ACVTool has successfully instrumented 96.9% of apps in our experiments. It introduces a negligible instrumentation time overhead, and its runtime overhead is acceptable for automated testing tools. We demonstrate practical value of ACVTool in a large-scale experiment with Sapienz, a state-of-art automated testing tool. Using ACVTool on the same cohort of apps, we have compared different coverage granularities applied by Sapienz in terms of the found amount of crashes. Our results show that none of the applied coverage granularities clearly outperforms others in this aspect. [less ▲]

Detailed reference viewed: 28 (1 UL)
Full Text
Peer Reviewed
See detailDEMO: An Effective Android Code Coverage Tool
Pilgun, Aleksandr UL; Gadyatskaya, Olga UL; Dashevskyi, Stanislav UL et al

Poster (2018, October 15)

The deluge of Android apps from third-party developers calls for sophisticated security testing and analysis techniques to inspect suspicious apps without accessing their source code. Code coverage is an ... [more ▼]

The deluge of Android apps from third-party developers calls for sophisticated security testing and analysis techniques to inspect suspicious apps without accessing their source code. Code coverage is an important metric used in these techniques to evaluate their effectiveness, and even as a fitness function to help achieving better results in evolutionary and fuzzy approaches. Yet, so far there are no reliable tools for measuring fine-grained bytecode coverage of Android apps. In this work we present ACVTool that instruments Android apps and measures the smali code coverage at the level of classes, methods, and instructions. Tool repository: https://github.com/pilgun/acvtool [less ▲]

Detailed reference viewed: 73 (16 UL)
See detail[GitHub] pilgun/acvtool: ACVTool v0.2
Pilgun, Aleksandr UL; Zhauniarovich, Yury; Gadyatskaya, Olga

Software (2018)

ACVTool (Android Code Coverage Tool) is a tool to measure fine-grained code coverage of 3rd-party Android apps.

Detailed reference viewed: 35 (0 UL)
Full Text
Peer Reviewed
See detailThe Influence of Code Coverage Metrics on Automated Testing Efficiency in Android
Dashevskyi, Stanislav UL; Gadyatskaya, Olga UL; Pilgun, Aleksandr UL et al

Poster (2018, October)

Code coverage is an important metric that is used by automated Android testing and security analysis tools to guide the exploration of applications and to assess efficacy. Yet, there are many different ... [more ▼]

Code coverage is an important metric that is used by automated Android testing and security analysis tools to guide the exploration of applications and to assess efficacy. Yet, there are many different variants of this metric and there is no agreement within the Android community on which are the best to work with. In this paper, we report on our preliminary study using the state-of-the-art automated test design tool Sapienz. Our results suggest a viable hypothesis that combining different granularities of code coverage metrics can be beneficial for achieving better results in automated testing of Android applications. [less ▲]

Detailed reference viewed: 134 (23 UL)