Software Test Attacks to Break Mobile and Embedded Devices
[BOOK DESCRIPTION]
Address Errors before Users Find Them Using a mix-and-match approach, Software Test Attacks to Break Mobile and Embedded Devices presents an attack basis for testing mobile and embedded systems. Designed for testers working in the ever-expanding world of "smart" devices driven by software, the book focuses on attack-based testing that can be used by individuals and teams. The numerous test attacks show you when a software product does not work (i.e., has bugs) and provide you with information about the software product under test. The book guides you step by step starting with the basics. It explains patterns and techniques ranging from simple mind mapping to sophisticated test labs. For traditional testers moving into the mobile and embedded area, the book bridges the gap between IT and mobile/embedded system testing. It illustrates how to apply both traditional and new approaches. For those working with mobile/embedded systems without an extensive background in testing, the book brings together testing ideas, techniques, and solutions that are immediately applicable to testing smart and mobile devices.
[TABLE OF CONTENTS]
Foreword xi
Dorothy Graham
Foreword xiii
Lisa Crispin
Preface xv
Acknowledgments xvii
Copyright and Trademarks Declaration Page xix
Introduction xxi
Author xxxiii
Chapter 1 Setting the Mobile and Embedded 1 (12)
Framework
Objectives Of Testing Mobile And Embedded 1 (1)
Software Systems
What Is Embedded Software? 2 (1)
What Are "Smart" Handheld And Mobile 3 (2)
Systems?
Why Mobile And Embedded Attacks? 5 (1)
Framework For Attacks 6 (1)
Beginning Your Test Strategy 6 (2)
Attacks On Mobile And Embedded Software 8 (1)
If You Are New To Testing 9 (1)
An Enlightened Tester Makes A Better 10 (3)
Tester
Chapter 2 Developer Attacks: Taking The 13 (20)
Code Head On
Attack 1 Static Code Analysis 14 (7)
Attack 2 Finding White-Box Data 21 (4)
Computation Bugs
Attack 3 White-Box Structural Logic 25 (3)
Flow Coverage
Test Coverage Concepts For White-Box 28 (1)
Structural Testing
Note Of Concern In Mobile And Embedded 29 (4)
Environments
Chapter 3 Control System Attacks 33 (26)
Attack 4 Finding Hardware-System 33 (6)
Unhandled Uses In Software
Attack 5 Hardware-To-Software And 39 (6)
Software-To-Hardware Signal Interface
Bugs
Attack 6 Long-Duration Control Attack 45 (4)
Runs
Attack 7 Breaking Software Logic And/Or 49 (5)
Control Laws
Attack 8 Forcing The Unusual Bug Cases 54 (5)
Chapter 4 Hardware Software Attacks 59 (30)
Attack 9 Breaking Software With 59 (6)
Hardware And System Operations
Sub-Attack 9.1 Breaking Battery Power 65 (1)
Attack 10 Finding Bugs In 66 (3)
Hardware-Software Communications
Attack 11 Breaking Software Error 69 (5)
Recovery
Attack 12 Interface And Integration 74 (6)
Testing
Sub-Attack 12.1 Configuration 80 (1)
Integration Evaluation
Attack 13 Finding Problems In 80 (9)
Software-System Fault Tolerance
Chapter 5 Mobile And Embedded Software 89 (18)
Attacks
Attack 14 Breaking Digital Software 89 (5)
Communications
Attack 15 Finding Bugs In The Data 94 (3)
Attack 16 Bugs In System-Software 97 (4)
Computation
Attack 17 Using Simulation And 101 (6)
Stimulation To Drive Software Attacks
Chapter 6 Time Attacks: "It's About Time" 107 (36)
Attack 18 Bugs In Timing Interrupts And 108 (6)
Priority Inversions
State Modeling Example 114 (25)
Attack 19 Finding Time-Related Bugs 116 (5)
Attack 20 Time-Related Scenarios, 121 (4)
Stories, And Tours
Attack 21 Performance Testing 125 (14)
Introduction
Supporting Concepts 139 (1)
Completing And Reporting The Performance 140 (1)
Attack
Wrapping Up 140 (3)
Chapter 7 Human User Interface Attacks: 143 (16)
"The Limited (and Unlimited) User Interface
How To Get Started---The UI 144 (15)
Attack 22 Finding Supporting (User) 146 (3)
Documentation Problems
Sub-Attack 22.1 Confirming 149 (1)
Install-Ability
Attack 23 Finding Missing Or Wrong 149 (4)
Alarms
Attack 24 Finding Bugs In Help Files 153 (6)
Chapter 8 Smart And/Or Mobile Phone Attacks 159 (18)
General Notes And Attack Concepts 159 (18)
Applicable To Most Mobile-Embedded Devices
Attack 25 Finding Bugs In Apps 161 (4)
Attack 26 Testing Mobile And Embedded 165 (5)
Games
Attack 27 Attacking App-Cloud 170 (7)
Dependencies
Chapter 9 Mobile/Embedded Security 177 (32)
The Current Situation 178 (1)
Reusing Security Attacks 178 (31)
Attack 28 Penetration Attack Test 180 (6)
Attack 28.1 Penetration Sub-Attacks: 186 (2)
Authentication'password Attack
Attack 28.2 Sub-Attack Fuzz Test 188 (1)
Attack 29 Information Theft-stealing 189 (4)
Device Data
Attack 29.1 Sub-Attack-identity Social 193 (1)
Engineering
Attack 30 Spoofing Attacks 194 (5)
Attack 30.1 Location And/Or User 199 (1)
Profile Spoof Sub-Attack
Attack 30.2 Gps Spoof Sub-Attack 200 (1)
Attack 31 Attacking Viruses On The Run 201 (8)
In Factories Or Plcs
Chapter 10 Generic Attacks 209 (12)
Attack 32 Using Combinatorial Tests 209 (6)
Attack 33 Attacking Functional Bugs 215 (6)
Chapter 11 Mobile And Embedded System Labs 221 (52)
Introduction To Labs 221 (1)
To Start 222 (1)
Test Facilities 223 (1)
Why Should A Tester Care? 224 (1)
What Problem Does A Test Lab Solve? 225 (2)
Staged Evolution Of A Test Lab 227 (1)
Simulation Environments 227 (1)
Prototype And Early Development Labs 228 (1)
Development Support Test Labs 228 (2)
Integration Labs 230 (1)
Pre-Product And Product Release (Full 230 (1)
Test Lab)
Field Labs 230 (2)
Other Places Labs Can Be Realized 232 (1)
Developing Labs: A Project Inside Of A 233 (1)
Project
Planning Labs 233 (1)
Requirement Considerations For Labs 234 (1)
Functional Elements For A Developer 234 (1)
Support Lab
Functional Elements For A Software Test 235 (1)
Lab
Test Lab Design Factors 236 (2)
Lab Implementation 238 (1)
Lab Certification 238 (1)
Operations And Maintenance In The Lab 239 (1)
Lab Lessons Learned 240 (1)
Automation Concepts For Test Labs 241 (1)
Tooling To Support Lab Work 241 (2)
Test Data Set-Up 243 (1)
Test Execution: For Developer Testing 244 (1)
Test Execution: General 245 (2)
Product And Security Analysis Tools 247 (1)
Tools For The Lab Test Results Recording 247 (1)
Performance Attack Tooling 248 (2)
Basic And Generic Test Support Tools 250 (1)
Automation: Test Oracles For The Lab 251 (2)
Using Modeling Tools
Simulation, Stimulation, And Modeling In 253 (3)
The Lab Test Bed
Continuous Real-Time, Closed-Loop 256 (3)
Simulations To Support Lab Test
Environments
Keyword-Driven Test Models And 259 (1)
Environments
Data Collection, Analysis, And Reporting 260 (2)
Posttest Data Analysis 262 (3)
Posttest Data Reporting 265 (2)
Wrap Up: N-Version Testing Problems In 267 (1)
Labs And Modeling
Final Thoughts: Independence, Blind 268 (5)
Spots, And Test Lab Staffing
Chapter 12 Some Parting Advice 273 (6)
Are We There Yet? 273 (1)
Will You Get Started Today? 273 (1)
Advice For The "Never Ever" Tester 273 (1)
Bug Database, Taxonomies, And Learning 274 (1)
From Your History
Lessons Learned And Retrospectives 275 (1)
Implementing Software Attack Planning 275 (2)
Regression And Retest 277 (1)
Where Do You Go From Here? 278 (1)
Appendix A Mobile And Embedded Error Taxonomy: 279 (10)
A Software Error Taxonomy (For Testers)
Appendix B Mobile And Embedded Coding Rules 289 (4)
Appendix C Quality First: "Defending The Source 293 (6)
Code So That Attacks Are Not So Easy,"
Appendix D Basic Timing Concepts 299 (4)
Appendix E Detailed Mapping Of Attacks 303 (4)
Appendix F Ui/Gui And Game Evaluation Checklist 307 (6)
Appendix G Risk Analysis, Fmea, And 313 (6)
Brainstorming
References 319 (4)
Glossary 323 (6)
Index 329
新书报道