基于Smali Code的移动应用行为模型的自动构建方法

doi:10.11896/j.issn.1002-137X.2017.11.032

摘要/Abstract

摘要： 移动应用数量的快速增长,以及移动应用开发周期短、迭代速度快等特点,使得移动应用的测试面临挑战,许多应用没有经过充分测试就被投放到市场,其中可能包含程序缺陷,从而影响用户体验。模型驱动的测试方法是最有效的测试方法之一,在功能、性能、可用性、安全等测试方面均有应用,能在一定程度上提高测试的自动化程度。移动应用领域与传统研究领域的模型驱动测试方法的最大区别在于模型构建方法的不同,因为移动应用是事件驱动的。提出了一种构建移动应用行为状态机模型的方法。首先通过逆向工程的方法得到移动应用的中间码；然后在中间码上通过动静态结合的方法生成事件表；最后,建模时通过在系统层扫描屏幕变化来判断是否出现新状态,并定义所有出现的状态, 从而组成最终的模型。该方法一方面避免了源代码的限制,另一方面也提高了模型的覆盖度。实验结果表明,所提方法可以准确有效地构建移动应用的行为状态机模型,解决现有移动应用测试中模型构建存在的部分问题。

关键词: 移动应用测试, 模型驱动测试, 模型构建, 移动应用行为模型,逆向工程,状态机

Abstract: With the rapid growth in the number of mobile applications and the speed requirement of mobile application development,mobile application testing faces big challenge.In this case,many applications have been put into the market without adequate testing,which may contain bugs and impact the user’s experience.Model-driven testing method is one of the most effective testing methods,which is widely used in function,performance,availability,security testing,and can greatly improve the automation of testing.The biggest difference between the model-driven testing methods for mobile applications and traditional applications is model building method,because mobile applications are event-driven.In this paper,we proposed a method to build mobile application behavior state machine model.First,the intermediate code of the application is obtained through reverse engineering method.Then intermediate code is used to generate event table by static and dynamic methods.At last,the model is built by scanning the screen in the system layer to discover new states and define all states appeared.Experimental results show that our method can effectively and accurately build mobile application behavior model and solve some of the issues which exist in the mobile application model building.

Key words: Mobile application testing,Model-driven testing,Model building,Mobile application behavior model,Reverse engineering,State machine

余勇,郭骞. 基于Smali Code的移动应用行为模型的自动构建方法[J]. 计算机科学, 2017, 44(11): 207-220. https://doi.org/10.11896/j.issn.1002-137X.2017.11.032

YU Yong and GUO Qian. Behavioral Model Construction Method for Mobile Applications Based on Smali Code[J]. Computer Science, 2017, 44(11): 207-220. https://doi.org/10.11896/j.issn.1002-137X.2017.11.032

参考文献

[1] http://www.cnnic.cn.
[2] WASSERMAN A I.Software engineering issues for mobile application development[C]∥Proceedings of the FSE/SDP Workshop on Future of Software Engineering Research.ACM,2010:397-400.
[3] RIDENE Y,BARBIER F.A model-driven approach for automating mobile applications testing[C]∥Proceedings of the 5th European Conference on Software Architecture:Companion Volu-me.ACM,2011:9.
[4] UTTING M,LEGEARD B.Practical model-based testing:atools approach[M].Morgan Kaufmann,2010.
[5] YOUNG M.Software testing and analysis:process,principles,and techniques[M].John Wiley & Sons,2008.
[6] UTTING M,LEGEARD B.Practical model-based testing:atools approach[M].Morgan Kaufmann,2010.
[7] DALAL S R,JAIN A,KARUNANITHI N,et al.Model-based testing in practice[C]∥Proceedings of the 21st International Conference on Software Engineering.ACM,1999:285-294.
[8] BARNETT M,GRIESKAMP W,NACHMANSON L,et al.Towards a tool environment for model-based testing with AsmL[M]∥Formal Approaches to Software Testing.Springer Berlin Heidelberg,2004:252-266.
[9] GRIESKAMP W,GUREVICH Y,SCHULTE W,et al.Generating finite state machines from abstract state machines[J].ACM SIGSOFT Software Engineering Notes,2002,27(4):112-122.
[10] CAMPBELL C,VEANES M.State Exploration with MultipleState Groupings[M]∥Abstract State Machines.2005:119-130.
[11] CAMPBELL C,VEANES M,HUO J,et al.Multiplexing of partially ordered events[M]∥Testing of Communicating Systems.Springer Berlin Heidelberg,2005:97-110.
[12] GRIESKAMP W,TILLMANN N,V EANES M.Instrumenting scenarios in a model-driven development environment[J].Information and Software Technology,2004,46(15):1027-1036.
[13] NACHMANSON L,VEANES M,S CHULTE W,et al.Optimal strategies for testing nondeterministic systems[J].ACM SIGSOFT Software Engineering Notes,2004,29(4):55-64.
[14] PAIVA A C R,FARIA J C P,TILLMANN N,et al.A model-to-implementation mapping tool for automated model-based GUI testing[M]∥Formal Methods and Software Engineering.Springer Berlin Heidelberg,2005:450-464.
[15] TAKALA T,KATARA M,HARTY J.Experiences of system-level model-based GUI testing of an Android application[C]∥2011 IEEE Fourth International Conference on Software Testing,Verification and Validation (ICST).IEEE,2011:377-386.
[16] RIDENE Y,BARBIER F.A model-driven approach for automating mobile applications testing[C]∥Proceedings of the 5th European Conference on Software Architecture:Companion Vo-lume.ACM,2011:9.
[17] THOMPSON C,WHITE J,DOUGHERTY B,et al.Optimizing mobile application performance with model-driven engineering[M]∥Software Technologies for Embedded and Ubiquitous Systems.Springer Berlin Heidelberg,2009:36-46.
[18] THOMPSON C,SCHMIDT D,TURNER H,et al.Analyzingmobile application software power consumption via model-driven engineering[J].Advances and Applications in Model-Driven Engineering,2013:342.
[19] AMALFITANO D,FASOLINO A R,TRAMONTANA P,et al.MobiGUITAR:Automated Model-Based Testing of Mobile Apps[J].Software,2015,32(5):53-59.
[20] VAN DER MERWE H,VAN DER MERWE B,VISSER W.Execution and property specifications for JPF-android[J].ACM SIGSOFT Software Engineering Notes,2014,39(1):1-5.
[21] JHA A K,LEE W J.Capture and Replay Technique for Reproducing Crash in Android Applications[C]∥Proceedings of the 12th IASTED International Conference in Software Enginee-ring.2013:783-790.
[22] GIANAZZA A,MAGGI F,FATTORI A,et al.Puppetdroid:A user-centric ui exerciser for automatic dynamic analysis of similar android applications[J].arXiv preprint arXiv:1402.4826,2014.
[23] GRIEBE T,GRUHN V.A model-based approach to test automation for context-aware mobile applications[C]∥Proceedings of the 29th Annual ACM Symposium on Applied Computing.ACM,2014:420-427.
[24] MARCHETTO A,TPMELLA P,RICCA F.State-based testing of ajax web applications[C]∥2008 1st International Conference on Software Testing,Verification,and Validation.IEEE,2008:121-130.
[25] YANG W,PRASAD M R,XIE T.A grey-box approach for automated GUI-model generation of mobile applications[M]∥Fundamental Approaches to Software Engineering.Springer Berlin Heidelberg,2013:250-265.
[26] RAUT P,TOMAR S.Android Mobile Automation Framework.http://oaji.net.articles/2015/887-1427185326.pdf.
[27] WALL T.Abbot framework for automated testing of Java GUI components and programs.http://abbot.sourceforge.net/doc/overview.shtml.
[28] MOLINARI D H,STAMBAUGH M A,CAIN P J.Apparatus for testing cellular base stations:U.S.Patent 6,8,065[P].2001.
[29] AMALFITANO D,FASOLINO A R,TRAMONTANA P.A gui crawling-based technique for android mobile application testing[C]∥2011 IEEE Fourth International Conference on Software Testing,Verification and Validation Workshops (ICSTW).IEEE,2011:252-261.
[30] WANG P,LIANG B,YOU W,et al.Automatic Android GUI Traversal with High Coverage[C]∥2014 Fourth International Conference on Communication Systems and Network Technologies (CSNT).IEEE,2014:1161-1166.
[31] CHUN B G,IHM S,MANIATIS P,et al.Clonecloud:elasticexecution between mobile device and cloud[C]∥Proceedings of the Sixth Conference on Computer Systems.ACM,2011:301-314.
[32] ENCK W,GILBERT P,HAN S,et al.TaintDroid:an information-flow tracking system for realtime privacy monitoring on smartphones[J].ACM Transactions on Computer Systems (TOCS),2014,32(2):1-29.
[33] FELT A P,CHIN E,HANNA S,et al.Android permissions demystified[C]∥Proceedings of the 18th ACM Conference on Computer and Communications Security.ACM,2011:627-638.
[34] ANAND S,NAIK M,HARROLD M J,et al.Automated concolictesting of smartphone apps[C]∥Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering.ACM,2012:1-11.
[35] CHOI W,NECULA G,SEN K.Guided gui testing of android apps with minimal restart and approximate learning[J].ACM SIGPLAN Notices,2013,48(10):623-640.
[36] MIRZAEI N,MALEK S,PSREANU C S,et al.Testing Android apps through symbolic execution[J].ACM SIGSOFT Software Engineering Notes,2012,37(6):1-5.
[37] VAN DER MERWE H,VAN DER MERWE B,VSSER W.Verifying android applications using Java PathFinder[J].ACM SIGSOFT Software Engineering Notes,2012,37(6):1-5.
[38] JESUS F.Smali,an assembler/disassembler for Android’s dex format.http://code.google.com/p/smali.
[39] ZHENG M,LEE P P C,LUI J C S.ADAM:an automatic and extensible platform to stress test android anti-virus systems[M]∥Detection of Intrusions and Malware,and Vulnerability Assessment.Springer Berlin Heidelberg,2013:82-101.
[40] APVRILLE A,STRAZZERE T.Reducing the Window of Opportunity for Android Malware Gotta catch’em all[J].Journal in Computer Virology,2012,8(1/2):61-71.
[41] SPREITZENBARTH M,FREILING F,ECHTLER F,et al.Mobile-sandbox:Having a deeper look into android applications[C]∥Proceedings of the 28th Annual ACM Symposium on Applied Computing.ACM,2013:1808-1815.
[42] BATYUK L,HERPICH M,CAMTEPE S A,et al.Using static analysis for automatic assessment and mitigation of unwanted and malicious activities within Android applications[C]∥2011 6th International Conference on Malicious and Unwanted Software (MALWARE).IEEE,2011:66-72.
[43] ZHENG C,ZHU S,DAI S,et al.Smartdroid:an automatic sys-tem for revealing ui-based trigger conditions in android applications[C]∥Proceedings of the Second ACM Workshop on Securi-ty and Privacy in Smartphones and Mobile Devices.ACM,2012:93-104.
[44] KOVACHEVA A.Efficient Code Obfuscation for Android[M]∥Advances in Information Technology.Springer International Publishing,2013:104-119.
[45] BERTHOME P,FECHEROLLE T,GUILLOTEAU N,et al.Repackaging android applications for auditing access to private data[C]∥2012 Seventh International Conference on Availability,Reliability and Security (ARES).IEEE,2012:388-396.
[46] STEVENS R,GIBLER C,CRUSSELL J,et al.Investigatinguser privacy in android ad libraries[C]∥Workshop on Mobile Security Technologies (MoST).2012.

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed