Towards Test Coverage Criteria for Visual Contracts

When testing component-based or service-oriented applications we cannot always rely on coverage criteria based on source code. Instead, we have to express our requirements for testing at the interface level. Specifying interfaces by graph transformation rules, so-called visual contracts, we define model-based coverage criteria exploiting the well-known relations of causal dependency and conflict on transformation rules.To this end we establish an observational semantics for graph transformation systems with rule signatures formalising a notion of test execution, and define dependency graphs to provide a structure on which coverage can be analysed

Visual Contracts as Test Oracle in AGG 2.0

A test oracle predicts expected outcomes for a set of test cases, often based on a formal, executable specification. Visual contracts are graph transformation rules describing pre- and post-conditions of a service’s operations. To obtain an oracle based on visual contracts, we use the Attributed Graph Grammar System (AGG) to execute the rules, creating a simulation of the behaviour expected of the system under test.The paper discusses the basic idea, illustrates it by an example, describes the challenges and solutions of its implementation and draws conclusions for the use of graph transformation and AGG in test oracles

Test Case Generation Using Visual Contracts

Visual contracts provide a diagrammatic notation for pre- and postconditionsas alternative to the Object-Constraint Language (OCL) or code-levelcontract languages. Using visual contracts for testing, we benefit from their executabilityand formal background in graph transformation to provide model-basedtest oracles and coverage criteria. Based on a static analysis of their dependenciesand conflicts, in this paper we use visual contracts to generate test cases accordingto these coverage criteria.Together with previous work, this adds up to a comprehensive approach aiming toautomate the three major challenges of testing through the use of models

MalDroid: Secure DL-enabled intelligent malware detection framework

Nowadays, smartphones are provided with an abundance of capabilities. During the last decade, the availability of smartphone users and online mobile payment services and applications have substantially grown. Besides, the Android infotainment market is exponentially growing and thus potentially becoming a primary target for cyber adversaries and attackers. Likewise, varied Android vulnerability exploitation and targeted pervasive malware sophisticated attacks are also becoming a hot spot for both industry and academia. The authors present a secure by design efficient and intelligent Android detection framework against prevalent, sophisticated and persistent malware threats and attacks. A novel and highly proficient Cuda-enabled multi-class malware threat detection and identification Deep Learning (DL)-driven mechanism that leverages ConvLSTM2D and CNN has been proposed. The devised approach has been extensively evaluated on publicly available state-of-the-art datasets of Android applications (i.e. Android Malware Dataset (AMD), Androzoo). Standard and extended assessment metrics have been employed to thoroughly evaluate the proposed technique. Moreover, the performance of the proposed algorithm has been verified both with the constructed hybrid DL-driven algorithms and current benchmarks. Additionally, the proposed scheme is cross validated to explicitly show unbiased results

Model-Based Testing Using Visual Contracts

Web services only expose interface level information, abstracting away implementation details. Testing is a time consuming and resource-intensive activity. Therefore, it is important to minimize the set of test cases executed without compromising quality. Since white-box testing techniques and traditional structural coverage criteria require access to code, we require a model-based approach for web service testing. Testing relies on oracles to provide expected outcomes for test cases and, if implemented manually, they depend on testers’ understanding of functional requirements to decide the correct response of the system on every given test case. As a result, they are costly in creation and maintenance and their quality depends on the correct interpretation of the requirements. Alternatively, if suitable specifications are available, oracles can be generated automatically at lower cost and with better quality. We propose to specify service operations as visual contracts with executable formal specifications as rules of a typed attributed graph transformation system. We associate operation signatures with these rules for providing test oracles. We analyze dependencies and conflicts between visual contracts to develop a dependency graph. We propose model-based coverage criteria, considering this dependency graph, to assess the completeness of test suites. We also propose a mechanism to find out which of the potential dependencies and the conflicts were exercised by a given test case. While executing the tests, the model is simulated and coverage is recorded as well as measured against the criteria. The criteria are formalized and the dynamic detection of conflicts and dependencies is developed. This requires keeping track of occurrences and overlaps of pre- and post-conditions, their enabling and disabling, in successive model states, and interpreting these in terms of the static dependency graph. Systems evolve over time and need retesting each time there is a change. In order to verify that the quality of the system is maintained, we use regression testing. Since regression test suites tend to be large, we isolate the affected part in the system only retesting affected parts by rerunning a selected subset of the total test suite. We analyze the test cases that were executed on both versions and propose a mechanism to transfer the coverage provided by these test cases. This information helps us to assess the completeness of the test suite on the new version without executing all of it

Penetration Frameworks and Development Issues in Secure Mobile Application Development: A Systematic Literature Review

The invention of smartphones has opened a new market for mobile application development. Amateur android app developers often do not possess knowledge of the latest android vulnerabilities and thus create applications with attack surface that hackers exploit. In this literature review, many available frameworks and techniques have been analyzed using ISO/IEC 25010 software quality model and identified challenges that android developers face in designing a secure application for android. This paper also presents a comprehensive survey of different penetration tools, evaluated by using criteria such as code analysis, code review, vulnerability analysis, vulnerability exploit, payload and whether these can be used in vulnerability modeling during the design phase. Our study effectively identifies the issues and gaps which can further help develop a framework/tool for designing a penetration secure mobile application by embedding all the vulnerabilities during the design phase using an android vulnerability repository

Framework for Integrated Use of Agent-Based and Ambient-Oriented Modeling

Agent-based modeling (ABM) is a flexible and simulation-friendly modeling approach. Ambient-oriented modeling is effective for systems containing ambient and spatial representations. In this paper we propose a framework for the integrated use of agent-based modeling and ambient-oriented modeling. We analyze both agents and ambient in detail. We also compare both modeling approaches as well and analyze their similarities and differences. The integrated implementation provides a new link between mathematical modeling and simulations. The model developed using this framework has four parts. The first part constitutes the identification, definition, and relations of agents. In this part, we use agent-based modeling along with the concepts of discrete-event simulations and system dynamics. The second part of the model is the mathematical representation of the relations of agents, i.e., the parent and child relation of agents. The third part of the model is the representation of the messages along with relational symbols where we utilize the concepts and symbols of relations and messages from ambient-oriented modeling. The fourth and final part of the model is the simulation, where we describe the rules that govern the processes represented in first two parts. The framework is helpful in overcoming certain limitations of both approaches. Moreover, we provide a scenario of a bus rapid transit system (BRTS) as a proof of concept, and we examine the generic concept of BRTSs using the proposed framework

Development of online RAW achievement battery test for primary level

Achievement test is a mechanism to measure student’s knowledge and abilities. Numerous categories of achievement tests have been developed by different scholars and psychologists. Since they do not directly consider curriculum adopted during the course of study of students, they do not reflect truly upon the achievements of students. We propose an achievement test which is computerized and is based on assessment of RAW (reading, arithmetic and writing) capabilities considering curriculum used for imparting education. We set compositions and contents according to age group and educational standards. We then conduct a series of experiments to show how an achievement test linked with a curriculum is reflective, in a better manner, of the student’s achievement index then a general one. We call Online RAW Achievement Battery test and we also develop an application which use for conducting our experiment and formulation of results. Finally, we analyze our results with students’ historical records and WRAT-4 which is a well-known standardized test and report our findings

Framework for Integrated Use of Agent-Based and Ambient-Oriented Modeling

Agent-based modeling (ABM) is a flexible and simulation-friendly modeling approach. Ambient-oriented modeling is effective for systems containing ambient and spatial representations. In this paper we propose a framework for the integrated use of agent-based modeling and ambient-oriented modeling. We analyze both agents and ambient in detail. We also compare both modeling approaches as well and analyze their similarities and differences. The integrated implementation provides a new link between mathematical modeling and simulations. The model developed using this framework has four parts. The first part constitutes the identification, definition, and relations of agents. In this part, we use agent-based modeling along with the concepts of discrete-event simulations and system dynamics. The second part of the model is the mathematical representation of the relations of agents, i.e., the parent and child relation of agents. The third part of the model is the representation of the messages along with relational symbols where we utilize the concepts and symbols of relations and messages from ambient-oriented modeling. The fourth and final part of the model is the simulation, where we describe the rules that govern the processes represented in first two parts. The framework is helpful in overcoming certain limitations of both approaches. Moreover, we provide a scenario of a bus rapid transit system (BRTS) as a proof of concept, and we examine the generic concept of BRTSs using the proposed framework