Doctor of Philosophy in Electrical and Computer Engineering (PhD)
Protecting Mobile Phone Users Against Malware
G+PS regularly provides virtual sessions that focus on admission requirements and procedures and tips how to improve your application.
The full abstract for this thesis is available in the body of the thesis, and will be available when the embargo expires.
This thesis proposes a solution for automated goal-driven exploration of Android applications – a scenario in which a user, e.g., security auditor, needs to dynamically trigger the functionality of interest in an application, e.g., to check whether user-sensitive info is only sent to recognized third-party servers. As the auditor might need to check hundreds or even thousands of apps, manually exploring each app to trigger the desired behavior is too time-consuming to be feasible. Existing automated application exploration and testing techniques are of limited help in this scenario as well, as their goal is mostly to identify faults by systematically exploring different app paths, rather than swiftly navigating to the target functionality.The goal-driven application exploration approach proposed in this thesis, called GoalExplorer, automatically generates an executable test script that directly triggers the functionality of interest. The core idea behind GoalExplorer is to first statically model the application UI screens and transitions between these screens, producing a Screen Transition Graph (STG). Then, GoalExplorer uses the STG to guide the dynamic exploration of the application to the particular target of interest: an Android activity, API call, or a program statement. The results of our empirical evaluation on 93 benchmark applications and 95 most popular GooglePlay applications show that the STG is substantially more accurate than other Android UI models and that GoalExplorer is able to trigger a target functionality much faster than existing application exploration.
Microservice-based architecture is a principle inspired by service-oriented approaches for building complex systems as a composition of small, loosely coupled components that communicate with each other using language-agnostic APIs. This architectural principle is now becoming increasingly popular in industry due to its advantages, such as greater software development agility and improved scalability of deployed applications. In this thesis, we report on a broad interview study we conducted, which involved practitioners developing microservice-based applications for commercial use for at least two years. By deliberately excluding “newcomers” and focusing the study on “mature” teams, our goal was to collect best practices, lessons learned, and technical challenges practitioners face. Our study helps inform researchers of challenges in developing microservice-based applications, which can inspire novel software engineering methods and techniques. The study also benefits practitioners who are interested to learn from each other, to borrow successful ideas, and to avoid common mistakes.