Vulcan: lessons on reliability of wearables through state-aware fuzzing

@article{Yi2020VulcanLO,
  title={Vulcan: lessons on reliability of wearables through state-aware fuzzing},
  author={Edgardo Barsallo Yi and Heng Zhang and Amiya Kumar Maji and Kefan Xu and Saurabh Bagchi},
  journal={Proceedings of the 18th International Conference on Mobile Systems, Applications, and Services},
  year={2020}
}
  • Edgardo Barsallo Yi, Heng Zhang, S. Bagchi
  • Published 15 June 2020
  • Computer Science
  • Proceedings of the 18th International Conference on Mobile Systems, Applications, and Services
As we look to use Wear OS (formerly known as Android Wear) devices for fitness and health monitoring, it is important to evaluate the reliability of its ecosystem. The goal of this paper is to understand the reliability weak spots in Wear OS ecosystem. We develop a state-aware fuzzing tool, Vulcan, without any elevated privileges, to uncover these weak spots by fuzzing Wear OS apps. We evaluate the outcomes due to these weak spots by fuzzing 100 popular apps downloaded from Google Play Store… 
A Black Box Tool for Robustness Testing of REST Services
TLDR
A tool (named bBOXRT) is presented for performing robustness tests over REST services, solely based on minimal information expressed in their interface descriptions, which shows that REST services are being deployed preserving software defects that harm service integration, and also carrying security vulnerabilities that can be exploited by malicious users.
A Systematic Review on Software Robustness Assessment
TLDR
The state of the art on software robustness assessment is discussed, with emphasis on key aspects like types of systems being evaluated, assessment techniques used, the target of the techniques, the types of faults used, and how system behavior is classified.
A Systematic Review on Soware Robustness Assessment
TLDR
The state of the art on software robustness assessment is discussed, with emphasis on key aspects like types of systems being evaluated, assessment techniques used, the target of the techniques, the types of faults used, and how system behavior is classied.
AHPCap: A Framework for Automated Hardware Profiling and Capture of Mobile Application States
TLDR
A framework is described and developed, AHPCap, to better understand application behavior at the hardware level at the time of a notification, and an example of a hardware profile that can be generated on mobile devices and the time required to capture and record the profile data.
Vulcan: a state-aware fuzzing tool for wear OS ecosystem
TLDR
Vulcan, a fuzz testing tool for evaluating the robustness of wearable device by injecting intra-device and inter-device communication messages, was able to trigger 45 unique crashes and 18 system reboots by testing a set of 100 popular Wear OS apps.

References

SHOWING 1-10 OF 46 REFERENCES
Practical GUI Testing of Android Applications Via Model Abstraction and Refinement
TLDR
On 15 large, widely-used apps from the Google Play Store, APE outperforms the state-of-the-art Android GUI testing tools in terms of both testing coverage and the number of detected unique crashes.
How Reliable is My Wearable: A Fuzz Testing-Based Study
TLDR
An extensive fault injection study of the reliability of Android Wear apps by mutating inter-process communication messages and UI events and direct about 1.5M such mutated events at 46 apps, which shows some patterns distinct from prior studies of Android.
An empirical study of the robustness of Inter-component Communication in Android
TLDR
This paper presents an empirical evaluation of the robustness of Inter-component Communication (ICC) in Android through fuzz testing methodology, whereby, parameters of the inter-component communication are changed to various incorrect values.
Android Developers
  • 2019
Android Developers. Intent Specification
  • 2019
Calendar for Wear OS
  • 2019
Vulcan: A Wearable App Fuzzing Tool
  • 2019
Detection of energy inefficiencies in Android wear watch faces
TLDR
This work proposes a control-flow model and static analysis algorithms to identify instances of several energy-inefficiency patterns of watch face behavior, focusing on two energy-intensive resources: sensors and displays.
Analysis and Testing of Notifications in Android Wear Applications
  • Hailong Zhang, A. Rountev
  • Computer Science
    2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE)
  • 2017
TLDR
This work defines a formal semantics of AW notifications in order to capture the core features and behavior of the notification mechanism, and describes a constraint-based static analysis to build a model of this run-time behavior.
Automated Test Input Generation for Android: Towards Getting There in an Industrial Case
  • Haibing Zheng, Dengfeng Li, Tao Xie
  • Computer Science
    2017 IEEE/ACM 39th International Conference on Software Engineering: Software Engineering in Practice Track (ICSE-SEIP)
  • 2017
TLDR
Two optimization techniques to improve the effectiveness and efficiency of the previous approach of applying Monkey on WeChat are explored and manual categorization of not-covered activities and two automatic coverage-analysis techniques are conducted to provide insightful information about the not- covered code entities.
...
1
2
3
4
5
...