| Foreword |
|
xi | |
|
|
| Foreword |
|
xiii | |
|
|
| Preface |
|
xv | |
| Acknowledgments |
|
xvii | |
| Copyright and Trademarks Declaration Page |
|
xix | |
| Introduction |
|
xxi | |
| Author |
|
xxxiii | |
|
Chapter 1 Setting the Mobile and Embedded Framework |
|
|
1 | (12) |
|
Objectives Of Testing Mobile And Embedded Software Systems |
|
|
1 | (1) |
|
What Is Embedded Software? |
|
|
2 | (1) |
|
What Are "Smart" Handheld And Mobile Systems? |
|
|
3 | (2) |
|
Why Mobile And Embedded Attacks? |
|
|
5 | (1) |
|
|
|
6 | (1) |
|
Beginning Your Test Strategy |
|
|
6 | (2) |
|
Attacks On Mobile And Embedded Software |
|
|
8 | (1) |
|
If You Are New To Testing |
|
|
9 | (1) |
|
An Enlightened Tester Makes A Better Tester |
|
|
10 | (3) |
|
Chapter 2 Developer Attacks: Taking The Code Head On |
|
|
13 | (20) |
|
Attack 1 Static Code Analysis |
|
|
14 | (7) |
|
Attack 2 Finding White-Box Data Computation Bugs |
|
|
21 | (4) |
|
Attack 3 White-Box Structural Logic Flow Coverage |
|
|
25 | (3) |
|
Test Coverage Concepts For White-Box Structural Testing |
|
|
28 | (1) |
|
Note Of Concern In Mobile And Embedded Environments |
|
|
29 | (4) |
|
Chapter 3 Control System Attacks |
|
|
33 | (26) |
|
Attack 4 Finding Hardware-System Unhandled Uses In Software |
|
|
33 | (6) |
|
Attack 5 Hardware-To-Software And Software-To-Hardware Signal Interface Bugs |
|
|
39 | (6) |
|
Attack 6 Long-Duration Control Attack Runs |
|
|
45 | (4) |
|
Attack 7 Breaking Software Logic And/Or Control Laws |
|
|
49 | (5) |
|
Attack 8 Forcing The Unusual Bug Cases |
|
|
54 | (5) |
|
Chapter 4 Hardware Software Attacks |
|
|
59 | (30) |
|
Attack 9 Breaking Software With Hardware And System Operations |
|
|
59 | (6) |
|
Sub-Attack 9.1 Breaking Battery Power |
|
|
65 | (1) |
|
Attack 10 Finding Bugs In Hardware-Software Communications |
|
|
66 | (3) |
|
Attack 11 Breaking Software Error Recovery |
|
|
69 | (5) |
|
Attack 12 Interface And Integration Testing |
|
|
74 | (6) |
|
Sub-Attack 12.1 Configuration Integration Evaluation |
|
|
80 | (1) |
|
Attack 13 Finding Problems In Software-System Fault Tolerance |
|
|
80 | (9) |
|
Chapter 5 Mobile And Embedded Software Attacks |
|
|
89 | (18) |
|
Attack 14 Breaking Digital Software Communications |
|
|
89 | (5) |
|
Attack 15 Finding Bugs In The Data |
|
|
94 | (3) |
|
Attack 16 Bugs In System-Software Computation |
|
|
97 | (4) |
|
Attack 17 Using Simulation And Stimulation To Drive Software Attacks |
|
|
101 | (6) |
|
Chapter 6 Time Attacks: "It's About Time" |
|
|
107 | (36) |
|
Attack 18 Bugs In Timing Interrupts And Priority Inversions |
|
|
108 | (6) |
|
|
|
114 | (25) |
|
Attack 19 Finding Time-Related Bugs |
|
|
116 | (5) |
|
Attack 20 Time-Related Scenarios, Stories, And Tours |
|
|
121 | (4) |
|
Attack 21 Performance Testing Introduction |
|
|
125 | (14) |
|
|
|
139 | (1) |
|
Completing And Reporting The Performance Attack |
|
|
140 | (1) |
|
|
|
140 | (3) |
|
Chapter 7 Human User Interface Attacks: "The Limited (and Unlimited) User Interface |
|
|
143 | (16) |
|
How To Get Started---The UI |
|
|
144 | (15) |
|
Attack 22 Finding Supporting (User) Documentation Problems |
|
|
146 | (3) |
|
Sub-Attack 22.1 Confirming Install-Ability |
|
|
149 | (1) |
|
Attack 23 Finding Missing Or Wrong Alarms |
|
|
149 | (4) |
|
Attack 24 Finding Bugs In Help Files |
|
|
153 | (6) |
|
Chapter 8 Smart And/Or Mobile Phone Attacks |
|
|
159 | (18) |
|
General Notes And Attack Concepts Applicable To Most Mobile-Embedded Devices |
|
|
159 | (18) |
|
Attack 25 Finding Bugs In Apps |
|
|
161 | (4) |
|
Attack 26 Testing Mobile And Embedded Games |
|
|
165 | (5) |
|
Attack 27 Attacking App-Cloud Dependencies |
|
|
170 | (7) |
|
Chapter 9 Mobile/Embedded Security |
|
|
177 | (32) |
|
|
|
178 | (1) |
|
|
|
178 | (31) |
|
Attack 28 Penetration Attack Test |
|
|
180 | (6) |
|
Attack 28.1 Penetration Sub-Attacks: Authentication'password Attack |
|
|
186 | (2) |
|
Attack 28.2 Sub-Attack Fuzz Test |
|
|
188 | (1) |
|
Attack 29 Information Theft-stealing Device Data |
|
|
189 | (4) |
|
Attack 29.1 Sub-Attack-identity Social Engineering |
|
|
193 | (1) |
|
Attack 30 Spoofing Attacks |
|
|
194 | (5) |
|
Attack 30.1 Location And/Or User Profile Spoof Sub-Attack |
|
|
199 | (1) |
|
Attack 30.2 Gps Spoof Sub-Attack |
|
|
200 | (1) |
|
Attack 31 Attacking Viruses On The Run In Factories Or Plcs |
|
|
201 | (8) |
|
Chapter 10 Generic Attacks |
|
|
209 | (12) |
|
Attack 32 Using Combinatorial Tests |
|
|
209 | (6) |
|
Attack 33 Attacking Functional Bugs |
|
|
215 | (6) |
|
Chapter 11 Mobile And Embedded System Labs |
|
|
221 | (52) |
|
|
|
221 | (1) |
|
|
|
222 | (1) |
|
|
|
223 | (1) |
|
Why Should A Tester Care? |
|
|
224 | (1) |
|
What Problem Does A Test Lab Solve? |
|
|
225 | (2) |
|
Staged Evolution Of A Test Lab |
|
|
227 | (1) |
|
|
|
227 | (1) |
|
Prototype And Early Development Labs |
|
|
228 | (1) |
|
Development Support Test Labs |
|
|
228 | (2) |
|
|
|
230 | (1) |
|
Pre-Product And Product Release (Full Test Lab) |
|
|
230 | (1) |
|
|
|
230 | (2) |
|
Other Places Labs Can Be Realized |
|
|
232 | (1) |
|
Developing Labs: A Project Inside Of A Project |
|
|
233 | (1) |
|
|
|
233 | (1) |
|
Requirement Considerations For Labs |
|
|
234 | (1) |
|
Functional Elements For A Developer Support Lab |
|
|
234 | (1) |
|
Functional Elements For A Software Test Lab |
|
|
235 | (1) |
|
|
|
236 | (2) |
|
|
|
238 | (1) |
|
|
|
238 | (1) |
|
Operations And Maintenance In The Lab |
|
|
239 | (1) |
|
|
|
240 | (1) |
|
Automation Concepts For Test Labs |
|
|
241 | (1) |
|
Tooling To Support Lab Work |
|
|
241 | (2) |
|
|
|
243 | (1) |
|
Test Execution: For Developer Testing |
|
|
244 | (1) |
|
|
|
245 | (2) |
|
Product And Security Analysis Tools |
|
|
247 | (1) |
|
Tools For The Lab Test Results Recording |
|
|
247 | (1) |
|
Performance Attack Tooling |
|
|
248 | (2) |
|
Basic And Generic Test Support Tools |
|
|
250 | (1) |
|
Automation: Test Oracles For The Lab Using Modeling Tools |
|
|
251 | (2) |
|
Simulation, Stimulation, And Modeling In The Lab Test Bed |
|
|
253 | (3) |
|
Continuous Real-Time, Closed-Loop Simulations To Support Lab Test Environments |
|
|
256 | (3) |
|
Keyword-Driven Test Models And Environments |
|
|
259 | (1) |
|
Data Collection, Analysis, And Reporting |
|
|
260 | (2) |
|
|
|
262 | (3) |
|
|
|
265 | (2) |
|
Wrap Up: N-Version Testing Problems In Labs And Modeling |
|
|
267 | (1) |
|
Final Thoughts: Independence, Blind Spots, And Test Lab Staffing |
|
|
268 | (5) |
|
Chapter 12 Some Parting Advice |
|
|
273 | (6) |
|
|
|
273 | (1) |
|
Will You Get Started Today? |
|
|
273 | (1) |
|
Advice For The "Never Ever" Tester |
|
|
273 | (1) |
|
Bug Database, Taxonomies, And Learning From Your History |
|
|
274 | (1) |
|
Lessons Learned And Retrospectives |
|
|
275 | (1) |
|
Implementing Software Attack Planning |
|
|
275 | (2) |
|
|
|
277 | (1) |
|
Where Do You Go From Here? |
|
|
278 | (1) |
| Appendix A Mobile And Embedded Error Taxonomy: A Software Error Taxonomy (For Testers) |
|
279 | (10) |
| Appendix B Mobile And Embedded Coding Rules |
|
289 | (4) |
| Appendix C Quality First: "Defending The Source Code So That Attacks Are Not So Easy," |
|
293 | (6) |
| Appendix D Basic Timing Concepts |
|
299 | (4) |
| Appendix E Detailed Mapping Of Attacks |
|
303 | (4) |
| Appendix F Ui/Gui And Game Evaluation Checklist |
|
307 | (6) |
| Appendix G Risk Analysis, Fmea, And Brainstorming |
|
313 | (6) |
| References |
|
319 | (4) |
| Glossary |
|
323 | (6) |
| Index |
|
329 | |
