Loading [MathJax]/extensions/MathZoom.js
Detecting Vulnerabilities in Android Applications using Event Sequences | IEEE Conference Publication | IEEE Xplore

Detecting Vulnerabilities in Android Applications using Event Sequences


Abstract:

Sequence covering arrays have demonstrated their usefulness for finding software bugs that propagate via some sequence of events. However, the distribution of t-way event...Show More

Abstract:

Sequence covering arrays have demonstrated their usefulness for finding software bugs that propagate via some sequence of events. However, the distribution of t-way event sequence failures has never been reported, and as a result, the practicality of using these methods is not fully known. In this paper, our analysis of the distribution of t-way interactions between events in event sequence bugs provides insight into the practicality and usefulness of this combinatorial testing method. From a developer's perspective, these methods can contribute to finding this particular class of bugs early in the software development process, saving the developers time and money without sacrificing effectiveness. However, an attacker may also leverage these techniques to discover previously undetected vulnerabilities as a means to exploit the system. This work involved analyzing hundreds of vulnerability reports, performing event sequence testing on two different closed source Android applications, as well as developing a combinatorial coverage measurement tool.
Date of Conference: 22-26 July 2019
Date Added to IEEE Xplore: 03 October 2019
ISBN Information:
Conference Location: Sofia, Bulgaria

Contact IEEE to Subscribe

References

References is not available for this document.