Test generation for high coverage with abstraction refinement and coarsening (ARC)

Testing is the main approach used in the software industry to expose failures. Producing thorough test suites is an expensive and error prone task that can greatly benefit from automation. Two challenging problems in test automation are generating test input and evaluating the adequacy of test suites: the first amounts to producing a set of test cases that accurately represent the software behavior, the second requires defining appropriate metrics to evaluate the thoroughness of the testing activities. Structural testing addresses these problems by measuring the amount of code elements that are executed by a test suite. The code elements that are not covered by any execution are natural candidates for generating further test cases, and the measured coverage rate can be used to estimate the thoroughness of the test suite. Several empirical studies show that test suites achieving high coverage rates exhibit a high failure detection ability. However, producing highly covering test suites automatically is hard as certain code elements are executed only under complex conditions while other might be not reachable at all. In this thesis we propose Abstraction Refinement and Coarsening (ARC), a goal oriented technique that combines static and dynamic software analysis to automatically generate test suites with high code coverage. At the core of our approach there is an abstract program model that enables the synergistic application of the different analysis components. In ARC we integrate Dynamic Symbolic Execution (DSE) and abstraction refinement to precisely direct test generation towards the coverage goals and detect infeasible elements. ARC includes a novel coarsening algorithm for improved scalability. We implemented ARC-B, a prototype tool that analyses C programs and produces test suites that achieve high branch coverage. Our experiments show that the approach effectively exploits the synergy between symbolic testing and reachability analysis outperforming state of the art test generation approaches. We evaluated ARC-B on industry relevant software, and exposed previously unknown failures in a safety-critical software component

Real-time Adaptive Detection and Recovery against Sensor Attacks in Cyber-physical Systems

Cyber-physical systems (CPSs) utilize computation to control physical objects in real-world environments, and an increasing number of CPS-based applications have been designed for life-critical purposes. Sensor attacks, which manipulate sensor readings to deceive CPSs into performing dangerous actions, can result in severe consequences. This urgent need has motivated significant research into reactive defense. In this dissertation, we present an adaptive detection method capable of identifying sensor attacks before the system reaches unsafe states. Once the attacks are detected, a recovery approach that we propose can guide the physical plant to a desired safe state before a safety deadline.Existing detection approaches tend to minimize detection delay and false alarms simultaneously, despite a clear trade-off between these two metrics. We argue that attack detection should dynamically balance these metrics according to the physical system\u27s current state. In line with this argument, we propose an adaptive sensor attack detection system comprising three components: an adaptive detector, a detection deadline estimator, and a data logger. This system can adapt the detection delay and thus false alarms in real-time to meet a varying detection deadline, thereby improving usability. We implement our detection system and validate it using multiple CPS simulators and a reduced-scale autonomous vehicle testbed. After identifying sensor attacks, it is essential to extend the benefits of attack detection. In this dissertation, we investigate how to eliminate the impact of these attacks and propose novel real-time recovery methods for securing CPSs. Initially, we target sensor attack recovery in linear CPSs. By employing formal methods, we are able to reconstruct state estimates and calculate a conservative safety deadline. With these constraints, we formulate the recovery problem as either a linear programming or a quadratic programming problem. By solving this problem, we obtain a recovery control sequence that can smoothly steer a physical system back to a target state set before a safe deadline and maintain the system state within the set once reached. Subsequently, to make recovery practical for complex CPSs, we adapt our recovery method for nonlinear systems and explore the use of uncorrupted sensors to alleviate uncertainty accumulation. Ultimately, we implement our approach and showcase its effectiveness and efficiency through an extensive set of experiments. For linear CPSs, we evaluate the approach using 5 CPS simulators and 3 types of sensor attacks. For nonlinear CPSs, we assess our method on 3 nonlinear benchmarks

Compensation of distributed delays in integrated communication and control systems

The concept, analysis, implementation, and verification of a method for compensating delays that are distributed between the sensors, controller, and actuators within a control loop are discussed. With the objective of mitigating the detrimental effects of these network induced delays, a predictor-controller algorithm was formulated and analyzed. Robustness of the delay compensation algorithm was investigated relative to parametric uncertainties in plant modeling. The delay compensator was experimentally verified on an IEEE 802.4 network testbed for velocity control of a DC servomotor

Automatically Securing Permission-Based Software by Reducing the Attack Surface: An Application to Android

A common security architecture, called the permission-based security model (used e.g. in Android and Blackberry), entails intrinsic risks. For instance, applications can be granted more permissions than they actually need, what we call a "permission gap". Malware can leverage the unused permissions for achieving their malicious goals, for instance using code injection. In this paper, we present an approach to detecting permission gaps using static analysis. Our prototype implementation in the context of Android shows that the static analysis must take into account a significant amount of platform-specific knowledge. Using our tool on two datasets of Android applications, we found out that a non negligible part of applications suffers from permission gaps, i.e. does not use all the permissions they declare

Programming errors in traversal programs over structured data

Traversal strategies \'a la Stratego (also \'a la Strafunski and 'Scrap Your Boilerplate') provide an exceptionally versatile and uniform means of querying and transforming deeply nested and heterogeneously structured data including terms in functional programming and rewriting, objects in OO programming, and XML documents in XML programming. However, the resulting traversal programs are prone to programming errors. We are specifically concerned with errors that go beyond conservative type errors; examples we examine include divergent traversals, prematurely terminated traversals, and traversals with dead code. Based on an inventory of possible programming errors we explore options of static typing and static analysis so that some categories of errors can be avoided. This exploration generates suggestions for improvements to strategy libraries as well as their underlying programming languages. Haskell is used for illustrations and specifications with sufficient explanations to make the presentation comprehensible to the non-specialist. The overall ideas are language-agnostic and they are summarized accordingly

Security Analysis of System Behaviour - From "Security by Design" to "Security at Runtime" -

The Internet today provides the environment for novel applications and processes which may evolve way beyond pre-planned scope and purpose. Security analysis is growing in complexity with the increase in functionality, connectivity, and dynamics of current electronic business processes. Technical processes within critical infrastructures also have to cope with these developments. To tackle the complexity of the security analysis, the application of models is becoming standard practice. However, model-based support for security analysis is not only needed in pre-operational phases but also during process execution, in order to provide situational security awareness at runtime. This cumulative thesis provides three major contributions to modelling methodology. Firstly, this thesis provides an approach for model-based analysis and verification of security and safety properties in order to support fault prevention and fault removal in system design or redesign. Furthermore, some construction principles for the design of well-behaved scalable systems are given. The second topic is the analysis of the exposition of vulnerabilities in the software components of networked systems to exploitation by internal or external threats. This kind of fault forecasting allows the security assessment of alternative system configurations and security policies. Validation and deployment of security policies that minimise the attack surface can now improve fault tolerance and mitigate the impact of successful attacks. Thirdly, the approach is extended to runtime applicability. An observing system monitors an event stream from the observed system with the aim to detect faults - deviations from the specified behaviour or security compliance violations - at runtime. Furthermore, knowledge about the expected behaviour given by an operational model is used to predict faults in the near future. Building on this, a holistic security management strategy is proposed. The architecture of the observing system is described and the applicability of model-based security analysis at runtime is demonstrated utilising processes from several industrial scenarios. The results of this cumulative thesis are provided by 19 selected peer-reviewed papers

User Experience Enhancement on Smartphones using Wireless Communication Technologies

학위논문 (박사) -- 서울대학교 대학원 : 공과대학 전기·정보공학부, 2020. 8. 박세웅.Recently, various sensors as well as wireless communication technologies such as Wi-Fi and Bluetooth Low Energy (BLE) have been equipped with smartphones. In addition, in many cases, users use a smartphone while on the move, so if a wireless communication technologies and various sensors are used for a mobile user, a better user experience can be provided. For example, when a user moves while using Wi-Fi, the user experience can be improved by providing a seamless Wi-Fi service. In addition, it is possible to provide a special service such as indoor positioning or navigation by estimating the users mobility in an indoor environment, and additional services such as location-based advertising and payment systems can also be provided. Therefore, improving the user experience by using wireless communication technology and smartphones sensors is considered to be an important research field in the future. In this dissertation, we propose three systems that can improve the user experience or convenience by usingWi-Fi, BLE, and smartphones sensors: (i) BLEND: BLE beacon-aided fast Wi-Fi handoff for smartphones, (ii) PYLON: Smartphone based Indoor Path Estimation and Localization without Human Intervention, (iii) FINISH: Fully-automated Indoor Navigation using Smartphones with Zero Human Assistance. First, we propose fast handoff scheme called BLEND exploiting BLE as secondary radio. We conduct detailed analysis of the sticky client problem on commercial smartphones with experiment and close examination of Android source code. We propose BLEND, which exploits BLE modules to provide smartphones with prior knowledge of the presence and information of APs operating at 2.4 and 5 GHz Wi-Fi channels. BLEND operating with only application requires no hardware and Android source code modification of smartphones.We prototype BLEND with commercial smartphones and evaluate the performance in real environment. Our measurement results demonstrate that BLEND significantly improves throughput and video bitrate by up to 61% and 111%, compared to a commercial Android application, respectively, with negligible energy overhead. Second, we design a path estimation and localization system, termed PYLON, which is plug-and-play on Android smartphones. PYLON includes a novel landmark correction scheme that leverages real doors of indoor environments consisting of floor plan mapping, door passing time detection and correction. It operates without any user intervention. PYLON relaxes some requirements for localization systems. It does not require any modifications to hardware or software of smartphones, and the initial location of WiFi APs, BLE beacons, and users. We implement PYLON on five Android smartphones and evaluate it on two office buildings with the help of three participants to prove applicability and scalability. PYLON achieves very high floor plan mapping accuracy with a low localization error. Finally, We design a fully-automated navigation system, termed FINISH, which addresses the problems of existing previous indoor navigation systems. FINISH generates the radio map of an indoor building based on the localization system to determine the initial location of the user. FINISH relaxes some requirements for current indoor navigation systems. It does not require any human assistance to provide navigation instructions. In addition, it is plug-and-play on Android smartphones. We implement FINISH on five Android smartphones and evaluate it on five floors of an office building with the help of multiple users to prove applicability and scalability. FINISH determines the location of the user with extremely high accuracy with in one step. In summary, we propose systems that enhance the users convenience and experience by utilizing wireless infrastructures such as Wi-Fi and BLE and various smartphones sensors such as accelerometer, gyroscope, and barometer equipped in smartphones. Systems are implemented on commercial smartphones to verify the performance through experiments. As a result, systems show the excellent performance that can enhance the users experience.1 Introduction 1 1.1 Motivation 1 1.2 Overview of Existing Approaches 3 1.2.1 Wi-Fi handoff for smartphones 3 1.2.2 Indoor path estimation and localization 4 1.2.3 Indoor navigation 5 1.3 Main Contributions 7 1.3.1 BLEND: BLE Beacon-aided Fast Handoff for Smartphones 7 1.3.2 PYLON: Smartphone Based Indoor Path Estimation and Localization with Human Intervention 8 1.3.3 FINISH: Fully-automated Indoor Navigation using Smartphones with Zero Human Assistance 9 1.4 Organization of Dissertation 10 2 BLEND: BLE Beacon-Aided FastWi-Fi Handoff for Smartphones 11 2.1 Introduction 11 2.2 Related Work 14 2.2.1 Wi-Fi-based Handoff 14 2.2.2 WPAN-aided AP Discovery 15 2.3 Background 16 2.3.1 Handoff Procedure in IEEE 802.11 16 2.3.2 BSS Load Element in IEEE 802.11 16 2.3.3 Bluetooth Low Energy 17 2.4 Sticky Client Problem 17 2.4.1 Sticky Client Problem of Commercial Smartphone 17 2.4.2 Cause of Sticky Client Problem 20 2.5 BLEND: Proposed Scheme 21 2.5.1 Advantages and Necessities of BLE as Secondary Low-Power Radio 21 2.5.2 Overall Architecture 22 2.5.3 AP Operation 23 2.5.4 Smartphone Operation 24 2.5.5 Verification of aTH estimation 28 2.6 Performance Evaluation 30 2.6.1 Implementation and Measurement Setup 30 2.6.2 Saturated Traffic Scenario 31 2.6.3 Video Streaming Scenario 35 2.7 Summary 38 3 PYLON: Smartphone based Indoor Path Estimation and Localization without Human Intervention 41 3.1 Introduction 41 3.2 Background and Related Work 44 3.2.1 Infrastructure-Based Localization 44 3.2.2 Fingerprint-Based Localization 45 3.2.3 Model-Based Localization 45 3.2.4 Dead Reckoning 46 3.2.5 Landmark-Based Localization 47 3.2.6 Simultaneous Localization and Mapping (SLAM) 47 3.3 System Overview 48 3.3.1 Notable RSSI Signature 49 3.3.2 Smartphone Operation 50 3.3.3 Server Operation 51 3.4 Path Estimation 52 3.4.1 Step Detection 52 3.4.2 Step Length Estimation 54 3.4.3 Walking Direction 54 3.4.4 Location Update 55 3.5 Landmark Correction Part 1: Virtual Room Generation 56 3.5.1 RSSI Stacking Difference 56 3.5.2 Virtual Room Generation 57 3.5.3 Virtual Graph Generation 59 3.5.4 Physical Graph Generation 60 3.6 Landmark Correction Part 2: From Floor Plan Mapping to Path Correction 60 3.6.1 Candidate Graph Generation 60 3.6.2 Backbone Node Mapping 62 3.6.3 Dead-end Node Mapping 65 3.6.4 Final Candidate Graph Selection 66 3.6.5 Door Passing Time Detection 68 3.6.6 Path Correction 70 3.7 Particle Filter 71 3.8 Performance Evaluation 73 3.8.1 Implementation and Measurement Setup 73 3.8.2 Step Detection Accuracy 77 3.8.3 Floor Plan Mapping Accuracy 77 3.8.4 Door Passing Time 78 3.8.5 Walking Direction and Localization Performance 81 3.8.6 Impact of WiFi AP and BLE Beacon Number 84 3.8.7 Impact of Walking Distance and Speed 84 3.8.8 Performance on Different Areas 87 3.9 Summary 87 4 FINISH: Fully-automated Indoor Navigation using Smartphones with Zero Human Assistance 91 4.1 Introduction 91 4.2 Related Work 92 4.2.1 Localization-based Navigation System 92 4.2.2 Peer-to-peer Navigation System 93 4.3 System Overview 93 4.3.1 System Architecture 93 4.3.2 An Example for Navigation 95 4.4 Level Change Detection and Floor Decision 96 4.4.1 Level Change Detection 96 4.5 Real-time navigation 97 4.5.1 Initial Floor and Location Decision 97 4.5.2 Orientation Adjustment 98 4.5.3 Shortest Path Estimation 99 4.6 Performance Evaluation 99 4.6.1 Initial Location Accuracy 99 4.6.2 Real-Time Navigation Accuracy 100 4.7 Summary 101 5 Conclusion 102 5.1 Research Contributions 102 5.2 Future Work 103 Abstract (In Korean) 118 감사의 글Docto

Petri Nets Modeling of Dead-End Refinement Problems in a 3D Anisotropic hp-Adaptive Finite Element Method

We consider two graph grammar based Petri nets models for anisotropic refinements of three dimensional hexahedral grids. The first one detects possible dead-end problems during the graph grammar based anisotropic refinements of the mesh. The second one employs an enhanced graph grammar model that is actually dead-end free. We apply the resulting algorithm to the simulation of resistivity logging measurements for estimating the location of underground oil and/or gas formations. The graph grammar based Petri net models allow to fix the self-adaptive mesh refinement algorithm and finish the adaptive computations with the required accuracy needed by the numerical solution

Petri Nets Modeling of Dead-End Refinement Problems in a 3D Anisotropic hp-Adaptive Finite Element Method

We consider two graph grammar based Petri nets models for anisotropic refinements of three dimensional hexahedral grids. The first one detects possible dead-end problems during the graph grammar based anisotropic refinements of the mesh. The second one employs an enhanced graph grammar model that is actually dead-end free. We apply the resulting algorithm to the simulation of resistivity logging measurements for estimating the location of underground oil and/or gas formations. The graph grammar based Petri net models allow to fix the self-adaptive mesh refinement algorithm and finish the adaptive computations with the required accuracy needed by the numerical solution