4,305 research outputs found
Target Directed Event Sequence Generation for Android Applications
Testing is a commonly used approach to ensure the quality of software, of
which model-based testing is a hot topic to test GUI programs such as Android
applications (apps). Existing approaches mainly either dynamically construct a
model that only contains the GUI information, or build a model in the view of
code that may fail to describe the changes of GUI widgets during runtime.
Besides, most of these models do not support back stack that is a particular
mechanism of Android. Therefore, this paper proposes a model LATTE that is
constructed dynamically with consideration of the view information in the
widgets as well as the back stack, to describe the transition between GUI
widgets. We also propose a label set to link the elements of the LATTE model to
program snippets. The user can define a subset of the label set as a target for
the testing requirements that need to cover some specific parts of the code. To
avoid the state explosion problem during model construction, we introduce a
definition "state similarity" to balance the model accuracy and analysis cost.
Based on this model, a target directed test generation method is presented to
generate event sequences to effectively cover the target. The experiments on
several real-world apps indicate that the generated test cases based on LATTE
can reach a high coverage, and with the model we can generate the event
sequences to cover a given target with short event sequences
Electronic Medical Record Adoption in New Zealand Primary Care Physician Offices
Describes EMR adoption in New Zealand's primary healthcare system, including how government investment was secured and data protection laws, unique patient identifiers, and standards and certification were established, with lessons for the United States
GRADUATION: a GDPR-based mutation methodology
Adopting the General Data Protection Regulation (GDPR) enhances different business and research opportunities that evidence the necessity of appropriate solutions supporting specification, processing, testing, and assessing the overall (personal) data management. This paper proposes GRADUATION (GdpR-bAseD mUtATION) methodology for mutation analysis of data protection policies test cases. The new methodology provides generic mutation operators about the currently applicable EU Data Protection Regulation. The preliminary implementation of the steps involved in the GDPR-based mutant derivation is also described
Deep Reinforcement Learning Driven Applications Testing
Applications have become indispensable in our lives, and ensuring their correctness is now a critical issue. Automatic system test case generation can significantly improve the testing process for these applications, which has recently motivated researchers to work on this problem, defining various approaches. However, most state-of-the-art approaches automatically generate test cases leveraging symbolic execution or random exploration techniques. This led to techniques that lose efficiency when dealing with an increasing number of program constraints and become inapplicable when conditions are too challenging to solve or even to formulate.
This Ph.D. thesis proposes addressing current techniques' limitations by exploiting Deep Reinforcement Learning. Deep Reinforcement Learning (Deep RL) is a machine learning technique that does not require a labeled training set as input since the learning process is guided by the positive or negative reward experienced during the tentative execution of a task. Hence, it can be used to dynamically learn how to build a test suite based on the feedback obtained during past successful or unsuccessful attempts. This dissertation presents three novel techniques that exploit this intuition: ARES, RONIN, and IFRIT.
Since functional testing and security testing are complementary, this Ph.D. thesis explores both testing techniques using the same approach for test cases generation. ARES is a Deep RL approach for functional testing of Android apps. RONIN addresses the issue of generating exploits for a subset of Android ICC vulnerabilities.
Subsequently, to better expose the bugs discovered by previous techniques, this thesis presents IFRIT, a focused testing approach capable of increasing the number of test cases that can reach a specific target (i.e., a precise section or statement of an application) and their diversity. IFRIT has the ultimate goal of exposing faults affecting the given program point
TrusNet: Peer-to-Peer Cryptographic Authentication
Originally, the Internet was meant as a general purpose communication protocol, transferring primarily text documents between interested parties. Over time, documents expanded to include pictures, videos and even web pages. Increasingly, the Internet is being used to transfer a new kind of data which it was never designed for. In most ways, this new data type fits in naturally to the Internet, taking advantage of the near limit-less expanse of the protocol. Hardware protocols, unlike previous data types, provide a unique set security problem. Much like financial data, hardware protocols extended across the Internet must be protected with authentication. Currently, systems which do authenticate do so through a central server, utilizing a similar authentication model to the HTTPS protocol. This hierarchical model is often at odds with the needs of hardware protocols, particularly in ad-hoc networks where peer-to-peer communication is prioritized over a hierarchical model. Our project attempts to implement a peer-to-peer cryptographic authentication protocol to be used to protect hardware protocols extending over the Internet.
The TrusNet project uses public-key cryptography to authenticate nodes on a distributed network, with each node locally managing a record of the public keys of nodes which it has encountered. These keys are used to secure data transmission between nodes and to authenticate the identities of nodes. TrusNet is designed to be used on multiple different types of network interfaces, but currently only has explicit hooks for Internet Protocol connections.
As of June 2016, TrusNet has successfully achieved a basic authentication and communication protocol on Windows 7, OSX, Linux 14 and the Intel Edison. TrusNet uses RC-4 as its stream cipher and RSA as its public-key algorithm, although both of these are easily configurable. Along with the library, TrusNet also enables the building of a unit testing suite, a simple UI application designed to visualize the basics of the system and a build with hooks into the I/O pins of the Intel Edison allowing for a basic demonstration of the system
Enhancing user's privacy : developing a model for managing and testing the lifecycle of consent and revocation
Increasingly, people turn to the Internet for access to services, which often require
disclosure of a significant amount of personal data. Networked technologies have
enabled an explosive growth in the collection, storage and processing of personal
information with notable commercial potential. However, there are asymmetries in
relation to how people are able to control their own information when handled by
enterprises. This raises significant privacy concerns and increases the risk of privacy
breaches, thus creating an imperative need for mechanisms offering information
control functionalities.
To address the lack of controls in online environments, this thesis focuses on
consent and revocation mechanisms to introduce a novel approach for controlling
the collection, usage and dissemination of personal data and managing privacy ex-
pectations. Drawing on an extensive multidisciplinary review on privacy and on
empirical data from focus groups, this research presents a mathematical logic as the
foundation for the management of consent and revocation controls in technological
systems.
More specifically, this work proposes a comprehensive conceptual model for con-
sent and revocation and introduces the notion of 'informed revocation'. Based on
this model, a Hoare-style logic is developed to capture the effects of expressing indi-
viduals' consent and revocation preferences. The logic is designed to support certain
desirable properties, defined as healthiness conditions. Proofs that these conditions
hold are provided with the use of Maude software. This mathematical logic is
then verified in three real-world case study applications with different consent and
revocation requirements for the management of employee data in a business envi-
ronment, medical data in a biobank and identity assurance in government services.
The results confirm the richness and the expressiveness of the logic. In addition, a
novel testing strategy underpinned by this logic is presented. This strategy is able
to generate testing suites for systems offering consent and revocation controls, such
as the EnCoRe system, where testing was carried out successfully and resulted in
identifying faults in the EnCoRe implementation
- …