Deep Reinforcement Learning Driven Applications Testing

Applications have become indispensable in our lives, and ensuring their correctness is now a critical issue. Automatic system test case generation can significantly improve the testing process for these applications, which has recently motivated researchers to work on this problem, defining various approaches. However, most state-of-the-art approaches automatically generate test cases leveraging symbolic execution or random exploration techniques. This led to techniques that lose efficiency when dealing with an increasing number of program constraints and become inapplicable when conditions are too challenging to solve or even to formulate. This Ph.D. thesis proposes addressing current techniques' limitations by exploiting Deep Reinforcement Learning. Deep Reinforcement Learning (Deep RL) is a machine learning technique that does not require a labeled training set as input since the learning process is guided by the positive or negative reward experienced during the tentative execution of a task. Hence, it can be used to dynamically learn how to build a test suite based on the feedback obtained during past successful or unsuccessful attempts. This dissertation presents three novel techniques that exploit this intuition: ARES, RONIN, and IFRIT. Since functional testing and security testing are complementary, this Ph.D. thesis explores both testing techniques using the same approach for test cases generation. ARES is a Deep RL approach for functional testing of Android apps. RONIN addresses the issue of generating exploits for a subset of Android ICC vulnerabilities. Subsequently, to better expose the bugs discovered by previous techniques, this thesis presents IFRIT, a focused testing approach capable of increasing the number of test cases that can reach a specific target (i.e., a precise section or statement of an application) and their diversity. IFRIT has the ultimate goal of exposing faults affecting the given program point

Deep Reinforcement Learning for Black-Box Testing of Android Apps

The state space of Android apps is huge and its thorough exploration during testing remains a major challenge. In fact, the best exploration strategy is highly dependent on the features of the app under test. Reinforcement Learning (RL) is a machine learning technique that learns the optimal strategy to solve a task by trial and error, guided by positive or negative reward, rather than by explicit supervision. Deep RL is a recent extension of RL that takes advantage of the learning capabilities of neural networks. Such capabilities make Deep RL suitable for complex exploration spaces such as the one of Android apps. However, state of the art, publicly available tools only support basic, tabular RL. We have developed ARES, a Deep RL approach for black-box testing of Android apps. Experimental results show that it achieves higher coverage and fault revelation than the baselines, which include state of the art RL based tools, such as TimeMachine and Q-Testing. We also investigated qualitatively the reasons behind such performance and we have identified the key features of Android apps that make Deep RL particularly effective on them to be the presence of chained and blocking activities

Assessing the security of inter-app communications in android through reinforcement learning

A central aspect of the Android platform is Inter-Component Communication (ICC), which allows the reuse of functionality across apps and components through message passing. While ICC is a powerful feature, it also presents a serious attack surface. This paper addresses the issue of generating exploits for a subset of Android ICC vulnerabilities (i.e., IDOS, XAS, and FI) using static analysis, Deep Reinforce-ment Learning-based dynamic analysis, and software instrumentation. Our approach, called RONIN, out-performs state-of-the-art and baseline tools in terms of the number of exploited vulnerabilities.& COPY; 2023 Elsevier Ltd. All rights reserved

GenRL at the SBST 2022 Tool Competition

GenRL is a Deep Reinforcement Learning-based tool designed to generate test cases for Lane-Keeping Assist Systems. In this paper, we briefly presents GenRL, and summarize the results of its participation in the Cyber-Physical Systems (CPS) tool competition at SBST 2022

On the (Un)Reliability of Privacy Policies in Android Apps

Access to privacy-sensitive information on Android is a growing concern in the mobile community. Albeit Google Play recently introduced some privacy guidelines, it is still an open problem to soundly verify whether apps actually comply with such rules. To this aim, in this paper, we discuss a novel methodology based on a fruitful combination of static analysis, dynamic analysis, and machine learning techniques, which allows assessing such compliance. More in detail, our methodology checks whether each app i) contains a privacy policy that complies with the Google Play privacy guidelines, and ii) accesses privacy-sensitive information only upon the acceptance of the policy by the user. Furthermore, the methodology also allows checking the compliance of third-party libraries embedded in the apps w.r.t. the same privacy guidelines. We implemented our methodology in a tool, 3PDroid, and we carried out an assessment on a set of recent and most-downloaded Android apps in the Google Play Store. Experimental results suggest that more than 95% of apps access user's privacy-sensitive information, but just a negligible subset of them (around 1%) fully complies with the Google Play privacy guidelines

SEBASTiAn: A static and extensible black-box application security testing tool for iOS and Android applications

Despite decades of research, the automatic detection of vulnerabilities in mobile apps remains an open challenge. Among the possible solutions, SAST tools uncover source or compiled code security flaws without needing the app to be executed and tested in a controlled environment. However, SAST tools share several limitations, such as the detection of narrowed vulnerability classes, lack of updates, and limited resiliency to obfuscation techniques. This paper presents SEBASTiAn, a black-box automatic static analysis tool for security vetting Android and iOS apps. It relies on a modular approach to cope with new vulnerabilities