Verifying Policy Enforcers

Policy enforcers are sophisticated runtime components that can prevent failures by enforcing the correct behavior of the software. While a single enforcer can be easily designed focusing only on the behavior of the application that must be monitored, the effect of multiple enforcers that enforce different policies might be hard to predict. So far, mechanisms to resolve interferences between enforcers have been based on priority mechanisms and heuristics. Although these methods provide a mechanism to take decisions when multiple enforcers try to affect the execution at a same time, they do not guarantee the lack of interference on the global behavior of the system. In this paper we present a verification strategy that can be exploited to discover interferences between sets of enforcers and thus safely identify a-priori the enforcers that can co-exist at run-time. In our evaluation, we experimented our verification method with several policy enforcers for Android and discovered some incompatibilities.Comment: Oliviero Riganelli, Daniela Micucci, Leonardo Mariani, and Yli\`es Falcone. Verifying Policy Enforcers. Proceedings of 17th International Conference on Runtime Verification (RV), 2017. (to appear

Static Taint Analysis Applied to Detecting Bad Programming Practices in Android

Frameworks and Application Programming Interfaces (API) usually come along with a set of guidelines that establish good programming practices in order to avoid pitfalls which could lead, at least, to bad user experiences, and at most, to program crashes. Most often than not, such guidelines are not at all enforced by IDEs. This work investigates whether static taint analysis could be effectively used for automatically detecting bad programming patterns in Android applications. It presents the implemented tool, called CheckDroid, together with the preliminary experimental evaluation carried out.Sociedad Argentina de Informática e Investigación Operativ

Static Taint Analysis Applied to Detecting Bad Programming Practices in Android

Frameworks and Application Programming Interfaces (API) usually come along with a set of guidelines that establish good programming practices in order to avoid pitfalls which could lead, at least, to bad user experiences, and at most, to program crashes. Most often than not, such guidelines are not at all enforced by IDEs. This work investigates whether static taint analysis could be effectively used for automatically detecting bad programming patterns in Android applications. It presents the implemented tool, called CheckDroid, together with the preliminary experimental evaluation carried out.Sociedad Argentina de Informática e Investigación Operativ

Static Taint Analysis Applied to Detecting Bad Programming Practices in Android

Frameworks and Application Programming Interfaces (API) usually come along with a set of guidelines that establish good programming practices in order to avoid pitfalls which could lead, at least, to bad user experiences, and at most, to program crashes. Most often than not, such guidelines are not at all enforced by IDEs. This work investigates whether static taint analysis could be effectively used for automatically detecting bad programming patterns in Android applications. It presents the implemented tool, called CheckDroid, together with the preliminary experimental evaluation carried out.Sociedad Argentina de Informática e Investigación Operativ

Continuous, Evolutionary and Large-Scale: A New Perspective for Automated Mobile App Testing

Mobile app development involves a unique set of challenges including device fragmentation and rapidly evolving platforms, making testing a difficult task. The design space for a comprehensive mobile testing strategy includes features, inputs, potential contextual app states, and large combinations of devices and underlying platforms. Therefore, automated testing is an essential activity of the development process. However, current state of the art of automated testing tools for mobile apps poses limitations that has driven a preference for manual testing in practice. As of today, there is no comprehensive automated solution for mobile testing that overcomes fundamental issues such as automated oracles, history awareness in test cases, or automated evolution of test cases. In this perspective paper we survey the current state of the art in terms of the frameworks, tools, and services available to developers to aid in mobile testing, highlighting present shortcomings. Next, we provide commentary on current key challenges that restrict the possibility of a comprehensive, effective, and practical automated testing solution. Finally, we offer our vision of a comprehensive mobile app testing framework, complete with research agenda, that is succinctly summarized along three principles: Continuous, Evolutionary and Large-scale (CEL).Comment: 12 pages, accepted to the Proceedings of 33rd IEEE International Conference on Software Maintenance and Evolution (ICSME'17

Characterizing and detecting resource leaks in Android applications

Android phones come with a host of hardware components embedded in them, such as Camera, Media Player and Sensor. Most of these components are exclusive resources or resources consuming more memory/energy than general. And they should be explicitly released by developers. Missing release operations of these resources might cause serious problems such as performance degradation or system crash. These kinds of defects are called resource leaks. This paper focuses on resource leak problems in Android apps, and presents our lightweight static analysis tool called Relda, which can automatically analyze an application's resource operations and locate the resource leaks. We propose an automatic method for detecting resource leaks based on a modified Function Call Graph, which handles the features of event-driven mobile programming by analyzing the callbacks defined in Android framework. Our experimental data shows that Relda is effective in detecting resource leaks in real Android apps. © 2013 IEEE.Android phones come with a host of hardware components embedded in them, such as Camera, Media Player and Sensor. Most of these components are exclusive resources or resources consuming more memory/energy than general. And they should be explicitly released by developers. Missing release operations of these resources might cause serious problems such as performance degradation or system crash. These kinds of defects are called resource leaks. This paper focuses on resource leak problems in Android apps, and presents our lightweight static analysis tool called Relda, which can automatically analyze an application's resource operations and locate the resource leaks. We propose an automatic method for detecting resource leaks based on a modified Function Call Graph, which handles the features of event-driven mobile programming by analyzing the callbacks defined in Android framework. Our experimental data shows that Relda is effective in detecting resource leaks in real Android apps. © 2013 IEEE