Results 61-80 of 97.
Bookmark and Share    
Full Text
Peer Reviewed
See detailProfiling Android Vulnerabilities
Jimenez, Matthieu UL; Papadakis, Mike UL; Bissyande, Tegawendé François D Assise UL et al

in 2016 IEEE International Conference on Software Quality, Reliability and Security (QRS 2016) (2016, August)

In widely used mobile operating systems a single vulnerability can threaten the security and privacy of billions of users. Therefore, identifying vulnerabilities and fortifying software systems requires ... [more ▼]

In widely used mobile operating systems a single vulnerability can threaten the security and privacy of billions of users. Therefore, identifying vulnerabilities and fortifying software systems requires constant attention and effort. However, this is costly and it is almost impossible to analyse an entire code base. Thus, it is necessary to prioritize efforts towards the most likely vulnerable areas. A first step in identifying these areas is to profile vulnerabilities based on previously reported ones. To investigate this, we performed a manual analysis of Android vulnerabilities, as reported in the National Vulnerability Database for the period 2008 to 2014. In our analysis, we identified a comprehensive list of issues leading to Android vulnerabilities. We also point out characteristics of the locations where vulnerabilities reside, the complexity of these locations and the complexity to fix the vulnerabilities. To enable future research, we make available all of our data. [less ▲]

Detailed reference viewed: 356 (30 UL)
Full Text
See detailStatic Analysis of Android Apps: A Systematic Literature Review
Li, Li UL; Bissyande, Tegawendé François D Assise UL; Papadakis, Mike UL et al

Report (2016)

Context: Static analysis approaches have been proposed to assess the security of Android apps, by searching for known vulnerabilities or actual malicious code. The literature thus has proposed a large ... [more ▼]

Context: Static analysis approaches have been proposed to assess the security of Android apps, by searching for known vulnerabilities or actual malicious code. The literature thus has proposed a large body of works, each of which attempts to tackle one or more of the several challenges that program analyzers face when dealing with Android apps. Objective: We aim to provide a clear view of the state-of-the-art works that statically analyze Android apps, from which we highlight the trends of static analysis approaches, pinpoint where the focus has been put and enumerate the key aspects where future researches are still needed. Method: We have performed a systematic literature review which involves studying around 90 research papers published in software engineering, programming languages and security venues. This review is performed mainly in five dimensions: problems targeted by the approach, fundamental techniques used by authors, static analysis sensitivities considered, android characteristics taken into account and the scale of evaluation performed. Results: Our in-depth examination have led to several key findings: 1) Static analysis is largely performed to uncover security and privacy issues; 2) The Soot framework and the Jimple intermediate representation are the most adopted basic support tool and format, respectively; 3) Taint analysis remains the most applied technique in research approaches; 4) Most approaches support several analysis sensitivities, but very few approaches consider path-sensitivity; 5) There is no single work that has been proposed to tackle all challenges of static analysis that are related to Android programming; and 6) Only a small portion of state-of-the-art works have made their artifacts publicly available. Conclusion: The research community is still facing a number of challenges for building approaches that are aware altogether of implicit-Flows, dynamic code loading features, reflective calls, native code and multi-threading, in order to implement sound and highly precise static analyzers. [less ▲]

Detailed reference viewed: 1134 (30 UL)
Full Text
Peer Reviewed
See detailFeature Location Benchmark for Software Families using Eclipse Community Releases
Martinez, Jabier UL; Ziadi, Tewfik; Papadakis, Mike UL et al

in Software Reuse: Bridging with Social-Awareness, ICSR 2016 Proceedings (2016)

Detailed reference viewed: 192 (12 UL)
Full Text
Peer Reviewed
See detailThreats to the validity of mutation-based test assessment
Papadakis, Mike UL; Henard, Christopher; Harman, Mark et al

in International Symposium on Software Testing and Analysis, ISSTA 2016 (2016)

Detailed reference viewed: 148 (14 UL)
Full Text
Peer Reviewed
See detailComparing White-box and Black-box Test Prioritization
Henard, Christopher UL; Papadakis, Mike UL; Harman, Mark et al

in 38th International Conference on Software Engineering (ICSE'16) (2016)

Although white-box regression test prioritization has been well-studied, the more recently introduced black-box prioritization approaches have neither been compared against each other nor against more ... [more ▼]

Although white-box regression test prioritization has been well-studied, the more recently introduced black-box prioritization approaches have neither been compared against each other nor against more well-established white-box techniques. We present a comprehensive experimental comparison of several test prioritization techniques, including well-established white-box strategies and more recently introduced black-box approaches. We found that Combinatorial Interaction Testing and diversity-based techniques (Input Model Diversity and Input Test Set Diameter) perform best among the black-box approaches. Perhaps surprisingly, we found little difference between black-box and white-box performance (at most 4% fault detection rate difference). We also found the overlap between black- and white-box faults to be high: the first 10% of the prioritized test suites already agree on at least 60% of the faults found. These are positive findings for practicing regression testers who may not have source code available, thereby making white-box techniques inapplicable. We also found evidence that both black-box and white-box prioritization remain robust over multiple system releases. [less ▲]

Detailed reference viewed: 262 (14 UL)
Full Text
Peer Reviewed
See detailAnalysing and Comparing the Effectiveness of Mutation Testing Tools: A Manual Study
Kintis, Marinos UL; Papadakis, Mike UL; Papadopoulos, Andreas et al

in International Working Conference on Source Code Analysis and Manipulation (SCAM'16) (2016)

Detailed reference viewed: 158 (11 UL)
Full Text
Peer Reviewed
See detailPIT a Practical Mutation Testing Tool for Java
Coles, Henry; Laurent, Thomas; Henard, Christopher et al

in International Symposium on Software Testing and Analysis, ISSTA 2016 (2016)

Detailed reference viewed: 64 (2 UL)
Full Text
Peer Reviewed
See detailFeatured model-based mutation analysis
Devroey, Xavier; Perrouin, Gilles; Papadakis, Mike UL et al

in 38th International Conference on Software Engineering (ICSE'16) (2016)

Detailed reference viewed: 105 (2 UL)
Full Text
See detailAssessing and Improving the Mutation Testing Practice of PIT
Laurent, Thomas; Ventresque, Anthony; Papadakis, Mike UL et al

E-print/Working paper (2015)

Detailed reference viewed: 159 (3 UL)
Full Text
Peer Reviewed
See detailFlattening or not of the combinatorial interaction testing models
Henard, Christopher UL; Papadakis, Mike UL; Le Traon, Yves UL

in Eighth IEEE International Conference on Software Testing, Verification and Validation, ICST 2015 Workshops (2015, April)

Detailed reference viewed: 122 (2 UL)
Full Text
Peer Reviewed
See detailMetallaxis-FL: mutation-based fault localization
Papadakis, Mike UL; Le Traon, Yves UL

in Software Testing : Verification & Reliability (2015), 25

Detailed reference viewed: 269 (18 UL)
Full Text
Peer Reviewed
See detailCombining Multi-Objective Search and Constraint Solving for Configuring Large Software Product Lines
Henard, Christopher UL; Papadakis, Mike UL; Harman, Mark et al

in 37th International Conference on Software Engineering (ICSE 2015) (2015)

Detailed reference viewed: 234 (11 UL)
Full Text
Peer Reviewed
See detailEmploying second-order mutation for isolating first-order equivalent mutants
Kintis, Marinos; Papadakis, Mike UL; Malevris, Nicos

in Software Testing, Verification & Reliability (2015), 25(5-7), 508-535

The equivalent mutant problem is a major hindrance to mutation testing. Being undecidable in general, it is only susceptible to partial solutions. In this paper, mutant classification is utilised for ... [more ▼]

The equivalent mutant problem is a major hindrance to mutation testing. Being undecidable in general, it is only susceptible to partial solutions. In this paper, mutant classification is utilised for isolating likely to be first-order equivalent mutants. A new classification technique, Isolating Equivalent Mutants (I-EQM), is introduced and empirically investigated. The proposed approach employs a dynamic execution scheme that integrates the impact on the program execution of first-order mutants with the impact on the output of second-order mutants. An experimental study, conducted using two independently created sets of manually classified mutants selected from real-world programs revalidates previously published results and provides evidence for the effectiveness of the proposed technique. Overall, the study shows that I-EQM substantially improves previous methods by retrieving a considerably higher number of killable mutants, thus, amplifying the quality of the testing process. [less ▲]

Detailed reference viewed: 140 (13 UL)
Full Text
Peer Reviewed
See detailTrivial Compiler Equivalence: A Large Scale Empirical Study of a Simple, Fast and Effective Equivalent Mutant Detection Technique
Papadakis, Mike UL; Yue, Jia; Harman, Mark et al

in 37th International Conference on Software Engineering (ICSE 2015) (2015)

Detailed reference viewed: 187 (6 UL)
Full Text
Peer Reviewed
See detailSound and Quasi-Complete Detection of Infeasible Test Requirements
Bardin, Sebastien; Delahaye, Mickaël; Kosmatov, Nikolai et al

in 8th IEEE International Conference on Software Testing, Verification and Validation (ICST'15) (2015)

Detailed reference viewed: 221 (6 UL)
Full Text
Peer Reviewed
See detailSimilarity testing for access control
Bertolino, A.; Daoudagh, S.; El Kateb, Donia UL et al

in Information and Software Technology (2015), 58

Context: Access control is among the most important security mechanisms, and XACML is the de facto standard for specifying, storing and deploying access control policies. Since it is critical that ... [more ▼]

Context: Access control is among the most important security mechanisms, and XACML is the de facto standard for specifying, storing and deploying access control policies. Since it is critical that enforced policies are correct, policy testing must be performed in an effective way to identify potential security flaws and bugs. In practice, exhaustive testing is impossible due to budget constraints. Therefore the tests need to be prioritized so that resources are focused on their most relevant subset. Objective: This paper tackles the issue of access control test prioritization. It proposes a new approach for access control test prioritization that relies on similarity. Method: The approach has been applied to several policies and the results have been compared to random prioritization (as a baseline). To assess the different prioritization criteria, we use mutation analysis and compute the mutation scores reached by each criterion. This helps assessing the rate of fault detection. Results: The empirical results indicate that our proposed approach is effective and its rate of fault detection is higher than that of random prioritization. Conclusion: We conclude that prioritization of access control test cases can be usefully based on similarity criteria. © 2014 Elsevier B.V. All rights reserved. [less ▲]

Detailed reference viewed: 159 (6 UL)
Full Text
Peer Reviewed
See detailMitigating the Effects of Equivalent Mutants with Mutant Classification Strategies
Papadakis, Mike UL; Delamaro, Eduardo Márcio; Le Traon, Yves UL

in Science of Computer Programming (2014), 95

Mutation Testing has been shown to be a powerful technique in detecting software faults. Despite this advantage, in practice there is a need to deal with the equivalent mutants’ problem. Automatically ... [more ▼]

Mutation Testing has been shown to be a powerful technique in detecting software faults. Despite this advantage, in practice there is a need to deal with the equivalent mutants’ problem. Automatically detecting equivalent mutants is an undecidable problem. Therefore, identifying equivalent mutants is cumbersome since it requires manual analysis, resulting in unbearable testing cost. To overcome this difficulty, researchers suggested the use of mutant classification, an approach that aims at isolating equivalent mutants automatically. From this perspective, the present paper establishes and empirically assesses possible mutant classification strategies. A conducted study reveals that mutant classification isolates equivalent mutants effectively when low quality test suites are used. However, it turns out that as the test suites evolve, the benefit of this practice is reduced. Thus, mutant classification is only fruitful in improving test suites of low quality and only up to a certain limit. To this end, empirical results show that the proposed strategies provide a cost-effective solution when they consider a small number of live mutants, i.e., 10-12. At this point they kill 92% of all the killable mutants. [less ▲]

Detailed reference viewed: 186 (12 UL)
Full Text
See detailSimilarity testing for access control
Bertolino, Antonia; daoudagh, said; El Kateb, Donia UL et al

in Information and Software Technology (2014)

Detailed reference viewed: 187 (19 UL)
Full Text
Peer Reviewed
See detailEffective Fault Localization via Mutation Analysis: A Selective Mutation Approach
Papadakis, Mike UL; Le Traon, Yves UL

in ACM Symposium On Applied Computing (SAC'14) (2014)

Detailed reference viewed: 93 (5 UL)
Full Text
Peer Reviewed
See detailSampling Program Inputs with Mutation Analysis: Going Beyond Combinatorial Interaction Testing
Papadakis, Mike UL; Henard, Christopher UL; Le Traon, Yves UL

in 7th International Conference on Software Testing, Verification and Validation (ICST 2014) (2014)

Detailed reference viewed: 142 (10 UL)