Test4Enforcers: Test Case Generation for Software Enforcers

Software enforcers can be used to modify the runtime behavior of software applications to guarantee that relevant correctness policies are satisfied. Indeed, the implementation of software enforcers can be tricky, due to the heterogeneity of the situations that they must be able to handle. Assessing their ability to steer the behavior of the target system without introducing any side effect is an important challenge to fully trust the resulting system. To address this challenge, this paper presents Test4Enforcers, the first approach to derive thorough test suites that can validate the impact of enforcers on a target system. The paper also shows how to implement the Test4Enforcers approach in the DroidBot test generator to validate enforcers for Android apps.

[1]  Daniela Micucci,et al.  Verifying Policy Enforcers , 2017, RV.

[2]  Fabio Massacci,et al.  Do you really mean what you actually enforced? , 2011, International Journal of Information Security.

[3]  Deepinder P. Sidhu,et al.  Formal Methods for Protocol Testing: A Detailed Study , 1989, IEEE Trans. Software Eng..

[4]  Guney Gonenc,et al.  A Method for the Design of Fault Detection Experiments , 1970, IEEE Transactions on Computers.

[5]  Jay Ligatti,et al.  A Theory of Runtime Enforcement, with Results , 2010, ESORICS.

[6]  Alexander Pretschner,et al.  Model-Based Testing in Practice , 2005, FM.

[7]  Daniela Micucci,et al.  Policy Enforcement with Proactive Libraries , 2017, 2017 IEEE/ACM 12th International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS).

[8]  Ross J. Anderson,et al.  Aurasium: Practical Policy Enforcement for Android Applications , 2012, USENIX Security Symposium.

[9]  Atif M. Memon,et al.  The first decade of GUI ripping: Extensions, applications, and broader impacts , 2013, 2013 20th Working Conference on Reverse Engineering (WCRE).

[10]  Daniela Micucci,et al.  Controlling Interactions with Libraries in Android Apps Through Runtime Enforcement , 2019, ACM Trans. Auton. Adapt. Syst..

[11]  Yuan-Shun Dai,et al.  Self-healing and Hybrid Diagnosis in Cloud Computing , 2009, CloudCom.

[12]  Daniela Micucci,et al.  Increasing the Reusability of Enforcers with Lifecycle Events , 2018, ISoLA.

[13]  David Lee,et al.  Principles and methods of testing finite state machines-a survey , 1996, Proc. IEEE.

[14]  Ana R. Cavalli,et al.  FSM-based conformance testing methods: A survey annotated with experimental evaluation , 2010, Inf. Softw. Technol..

[15]  Jay Ligatti,et al.  Modeling runtime enforcement with mandatory results automata , 2014, International Journal of Information Security.

[16]  Thierry Jéron,et al.  Runtime enforcement of timed properties. (Enforcement à l'éxécution de propriétés temporisées) , 2012, RV.

[17]  Nina Yevtushenko,et al.  An Improved Conformance Testing Method , 2005, FORTE.

[18]  Tsun S. Chow,et al.  Testing Software Design Modeled by Finite-State Machines , 1978, IEEE Transactions on Software Engineering.

[19]  Duminda Wijesekera,et al.  Status-Based Access Control , 2008, TSEC.

[20]  Fevzi Belli,et al.  Fault domain-based testing in imperfect situations: a heuristic approach and case studies , 2014, Software Quality Journal.

[21]  Krishan K. Sabnani,et al.  A Protocol Test Generation Procedure , 1988, Comput. Networks.

[22]  Akihito Iwai,et al.  RV-Android: Efficient Parametric Android Runtime Verification, a Brief Tutorial , 2015, RV.

[23]  Lujo Bauer,et al.  Edit automata: enforcement mechanisms for run-time security policies , 2005, International Journal of Information Security.

[24]  Nadia Tawbi,et al.  Which security policies are enforceable by runtime monitors? A survey , 2012, Comput. Sci. Rev..

[25]  Lujo Bauer,et al.  Run-Time Enforcement of Nonsafety Policies , 2009, TSEC.

[26]  Bedir Tekinerdogan,et al.  Model-based testing for software safety: a systematic mapping study , 2017, Software Quality Journal.

[27]  Yuanchun Li,et al.  DroidBot: A Lightweight UI-Guided Test Input Generator for Android , 2017, 2017 IEEE/ACM 39th International Conference on Software Engineering Companion (ICSE-C).

[28]  Ezio Bartocci,et al.  Lectures on Runtime Verification: Introductory and Advanced Topics , 2018 .

[29]  Daniela Micucci,et al.  Healing Data Loss Problems in Android Apps , 2016, 2016 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW).

[30]  Robert M. Hierons,et al.  Parallel Algorithms for Generating Harmonised State Identifiers and Characterising Sets , 2016, IEEE Transactions on Computers.

[31]  Rajesh Subramanyan,et al.  A survey on model-based testing approaches: a systematic review , 2007, WEASELTech '07.

[32]  Yliès Falcone,et al.  Runtime Verification and Enforcement for Android Applications with RV-Droid , 2012, RV.

[33]  Leonardo Mariani,et al.  Runtime Failure Prevention and Reaction , 2018, Lectures on Runtime Verification.

[34]  Ferhat Khendek,et al.  Test Selection Based on Finite State Models , 1991, IEEE Trans. Software Eng..

[35]  Nadia Tawbi,et al.  Corrective Enforcement: A New Paradigm of Security Policy Enforcement by Monitors , 2012, TSEC.

[36]  Bruno Legeard,et al.  A taxonomy of model‐based testing approaches , 2012, Softw. Test. Verification Reliab..

[37]  Yliès Falcone,et al.  Runtime enforcement monitors: composition, synthesis, and enforcement abilities , 2011, Formal Methods Syst. Des..

[38]  G. Bochmann,et al.  Testing deterministic implementations from nondeterministic FSM specifications , 1996 .

[39]  Alexandre Petrenko,et al.  Selecting test sequences for partially-specified nondeterministic finite state machines , 1995 .

[40]  Nancy A. Lynch,et al.  An introduction to input/output automata , 1989 .

[41]  Angelos D. Keromytis,et al.  ASSURE: automatic software self-healing using rescue points , 2009, ASPLOS.

[42]  João Paulo Magalhães,et al.  SHõWA: A Self-Healing Framework for Web-Based Applications , 2015, TAAS.

[43]  Yliès Falcone,et al.  You Should Better Enforce Than Verify , 2010, RV.