Reference : Don't Trust Me, Test Me: 100% Code Coverage for a 3rd-party Android App
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
Security, Reliability and Trust
http://hdl.handle.net/10993/44480
Don't Trust Me, Test Me: 100% Code Coverage for a 3rd-party Android App
English
Pilgun, Aleksandr mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > PI Mauw >]
2020
2020 27th Asia-Pacific Software Engineering Conference (APSEC)
Pilgun, Aleksandr mailto
375-384
Yes
International
2020 27th Asia-Pacific Software Engineering Conference (APSEC)
01-12-2020 to 04-12-2020
Singapore
Singapore
[en] Android ; Debloating ; Software Testing ; Shrinking ; Code Coverage ; Instrumentation
[en] The incompleteness of 3rd-party app testing is an accepted fact in Software Engineering. This issue makes it impossible to verify the app functionality and to confirm its safety to the end-user. To solve this problem, enterprises developed strict policies. A company, willing to use modern apps, may perform an expensive security analysis, rely on trust or forbid the app. These strategies may lead companies to high direct and indirect spending with no guarantee of safety.

In this work, we present a novel approach, called Dynamic Binary Shrinking, that allows a user to review app functionality and leave only tested code. The shrunk app produces 100% instruction coverage on observed behaviors and in this way guarantees the absence of unexplored, and therefore, potentially malicious code.

On our running examples, we demonstrate that apps use less than 20% of the codebase. We developed an approach and the ACVCut tool to shrink Android apps towards the executed code.

Repository — http://github.com/pilgun/acvcut.
FNR11289380 > Aleksandr Pilgun > > Systematically Exploring Semantic App Models for Android > 15/11/2016 > 14/11/2020 > 2016
http://hdl.handle.net/10993/44480
10.1109/APSEC51365.2020.00046
FnR ; FNR11289380 > Aleksandr Pilgun > > Systematically Exploring Semantic App Models for Android > 15/11/2016 > 14/11/2020 > 2016

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
APSEC20_preprint.pdfAuthor preprint314.97 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.