| Popis: |
Sequence covering arrays have demonstrated their usefulness for finding software bugs that propagate via some sequence of events. However, the distribution of t-way event sequence failures has never been reported, and as a result, the practicality of using these methods is not fully known. In this paper, our analysis of the distribution of t-way interactions between events in event sequence bugs provides insight into the practicality and usefulness of this combinatorial testing method. From a developer's perspective, these methods can contribute to finding this particular class of bugs early in the software development process, saving the developers time and money without sacrificing effectiveness. However, an attacker may also leverage these techniques to discover previously undetected vulnerabilities as a means to exploit the system. This work involved analyzing hundreds of vulnerability reports, performing event sequence testing on two different closed source Android applications, as well as developing a combinatorial coverage measurement tool. |
