Systematic Mapping Study on Verification and Validation of Industrial Third-party Iot Applications

2020;
: pp. 30 - 44
Authors:
1
Siemens Corporate Technology

The next industrial revolution commonly known as Industry 4.0 represents the idea of interconnected manufacturing, where intelligent devices, systems and processes exchange information, resources and artifacts to optimize the complete value-added chain and to reduce costs and time-to- market. Industrial software ecosystems are a good example how the latest digitalization trends are applied in the industry domain and how with the help of industrial IoT applications the production process can be optimized. However, the use of third- party applications exposes to a risk the systems and devices part of the manufacturing process. To address these risks a set of quality measures must be carried out in the ecosystem. This paper presents the results of a systematic mapping study carried out in the area of verification and validation of industrial IoT third-party applications. The goal of the study is to structure the scientific landscape and to provide an up-to-date snapshot of the current state of the research field.

  1. Federal Ministry for Economic Affairs and Energy, “What is Industry 4.0?,” 2019.
  2. Fraunhofer, "Begriffsdefinitionen rund um Industrie 4.0,“Fraunhofer Institute, 2015.
  3. “Series Y: Global Information Infrastructure, Internet Protocol Aspects and Next-Generation Networks,” ITU-T Y.2060, 2012.
  4. D. Messerschmitt and C. A. Szyperski, Software Ecosystem: Understanding an Indispensable Technology and Industry. MIT Press, 2003.
  5. J. Bosch; and P. Bosch-Sijsema, “Software Product Lines, Global Development and Ecosystems: Collaboration in Software Engineering,” in Collaborative Software Engineering, Springer Verlag, 2010.
  6. S. Jansen, A. Finkelstein, and S. Brinkkemper, “A sense of community: A research agenda for software ecosystems,” 2009 31st Int. Conf. Softw. Eng. — Companion Vol. ICSE 2009, pp. 187–190, 2009.
  7. K. Manikas and K. M. Hansen, “Software ecosystems-A systematic literature review,” J. Syst. Softw., vol. 86, no. 5, pp. 1294–1306, 2013.
  8. S. Jansen, S. Brinkkemper, and A. Finkelstein, “Business network management as a survival strategy: A tale of two software ecosystems,” CEUR Workshop Proc., vol. 505, no. 2, pp. 34–48, 2009.
  9. B. Kitchenham, “Guidelines for performing Systematic Literature Reviews in Software Engineering ppt,” 2001.
  10. K. Petersen, R. Feldt, S. Mujtaba, and M. Mattsson, “Systematic Mapping Studies in Software Engineering,” in International Journal of Software Engineering & Knowledge Engineering, vol. 17, no. 1, pp. 33–55, 2008.
  11. A. García-Holgado and F. J. García-Peñalvo, “Mapping the systematic literature studies about software ecosystems,” ACM Int. Conf. Proceeding Ser., 2018, pp. 910–918.
  12. O. Barbosa and C. Alves, “A Systematic Mapping Study on Software Ecosystems through a Three-dimensional Perspective,” in Software Ecosystems: Analyzing and Managing Business Networks in the Software Industry, Edward Elgar Publishing, 2013, pp. 59–81.
  13. F. Fotrousi, S. A. Fricker, M. Fiedler, and F. Le-Gall, “KPIs for Software Ecosystems: A Systematic Mapping Study,” in Lecture Notes in Business Information Processing, vol. 182 LNBIP, no. June, Springer, Cham, pp. 194–211, 2014.
  14. A. Vegendla, A. N. Duc, S. Gao, and G. Sindre, “A Systematic Mapping Study on Requirements Engineering in Software Ecosystems,” J. Inf. Technol. Res., vol. 11, no. 1, pp. 49–69, 2018.
  15. A. De Lima Fontao, R. P. Dos Santos, and A. C. Dias-Neto, “Mobile Software Ecosystem (MSECO): A Systematic Mapping Study,” Proc. — Int. Comput. Softw. Appl. Conf., vol. 2, pp. 653–658, 2015.
  16. A. (RWTH A. U. Wortmann and O. (Universite de R. Barais, “A Systematic Mapping Study on Modeling for Industry 4.0,” in 2017 ACM/IEEE 20th International Conference on Model Driven Engineering Languages and Systems (MODELS), 2017.
  17. S. Zein, N. Salleh, and J. Grundy, “A systematic mapping study of mobile application testing techniques,” J. Syst. Softw., vol. 117, no. Jul, pp. 334–356, 2016.
  18. M. Petticrew and H. Roberts, “Systematic reviews — do they ‘work’ in informing decision-making around health inequalities?,” Heal. Econ. Policy Law, vol. 3, no. 2, pp. 197— 211, 2008.
  19. M. Tsujimoto, Y. Kajikawa, J. Tomita, and Y. Matsumoto, “A review of the ecosystem concept — Towards coherent ecosystem design,” Technol. Forecast. Soc. Change, vol. 136, no. December 2015, pp. 49–58, 2018.
  20. R. Wieringa, N. Maiden, N. Mead, and C. Rolland, “Requirements engineering paper classification and evaluation criteria: A proposal and a discussion,” Requir. Eng., vol. 11, no. 1, pp. 102–107, 2006.
  21. A. R. Hevner, S. T. March, J. Park, and S. Ram, “Design science in information systems research,” MIS Q. Manag. Inf. Syst., vol. 28, no. 1, pp. 75–105, 2004.
  22. E. Engström and P. Runeson, “Software product line testing — A systematic mapping study,” Inf. Softw. Technol., vol. 53, no. 1, pp. 2–13, 2011.
  23. A. Salman, I. H. Elhajj, A. Chehab, and A. Kayssi, “DAIDS: An architecture for modular mobile IDS,” Proc. — 2014 IEEE 28th Int. Conf. Adv. Inf. Netw. Appl. Work. IEEE WAINA 2014, no. May, pp. 328–333, 2014.
  24. A. Armando et al., “Mobile App Security Assessment with the MAVeriC Dynamic Analysis Module,” no. January 2015, pp. 41–49, 2015.
  25. D. Feng, W. Wang, J. Liu, X. Wang, X. Zhang, and Z. Han, “Exploring Permission-Induced Risk in Android Applications for Malicious Application Detection,” IEEE Trans. Inf. Forensics Secur., vol. 9, no. 11, pp. 1869–1882, 2014.
  26. G. Russello, A. B. Jimenez, H. Naderi, and W. van der Mark, “FireDroid,” pp. 319–328, 2014.
  27. R. Ando, Y. Takano, and S. Miwa, “An empirical study of third party APK’s URL using scriptable API and fast identifier- specific filter,” 2017 9th IEEE Int. Conf. Commun. Softw. Networks, ICCSN 2017, vol. 2017-Janua, pp. 1501–1506, 2017.
  28. A. Choliy, F. Li, and T. Gao, “Obfuscating function call topography to test structural malware detection against evasion attacks,” 2017 Int. Conf. Comput. Netw. Commun. ICNC 2017, pp. 808–813, 2017.
  29. W. Li, J. Ge, and G. Dai, “Detecting Malware for Android Platform: An SVM-Based Approach,” Proc. — 2nd IEEE Int. Conf. Cyber Secur. Cloud Comput. CSCloud 2015 — IEEE Int. Symp. Smart Cloud, IEEE SSC 2015, no. January, pp. 464— 469, 2016.
  30. T.-H. Ho, D. Dean, X. Gu, and W. Enck, “PREC: Practical Root Exploit Containment for Android Devices,” Proc. 4th ACM Conf. Data Appl. Secur. Priv., pp. 187–198, 2014.
  31. W. Yang, J. Li, Y. Zhang, Y. Li, J. Shu, and D. Gu, “APKLancet,” no. June 2014, pp. 483–494, 2014.
  32. W. Hu, D. Octeau, P. D. McDaniel, and P. Liu, “Duet: Library Integrity Verification for Android Applications,” Proc. 2014 ACM Conf. Secur. Priv. Wirel. Mob. networks — WiSec ’14, pp. 141–152, 2014.
  33. A. Martín, H. D. Menéndez, and D. Camacho, “MOCDroid: multi-objective evolutionary classifier for Android malware detection,” Soft Comput., vol. 21, no. 24, pp. 7405–7415, 2017.
  34. S. Oberoi, W. Song, and A. M. Youssef, “AndroSAT: Security Analysis Tool for Android applications,” Secur. 2014 — 8th Int. Conf. Emerg. Secur. Information, Syst. Technol., no. c, pp. 124–131, 2014.
  35. G. Bai et al., “Towards Model Checking Android Applications,” IEEE Trans. Softw. Eng., vol. 44, no. 6, pp. 595–612, 2018.
  36. L. Onwuzurike, M. Almeida, E. Mariconti, J. Blackburn, G. Stringhini, and E. De Cristofaro, “A Family of Droids-Android Malware Detection via Behavioral Modeling: Static vs Dynamic Analysis,” 2018 16th Annu. Conf. Privacy, Secur. Trust. PST 2018, no. Pst, 2018.
  37. L. Li et al., “On Locating Malicious Code in Piggybacked Android Apps,” J. Comput. Sci. Technol., vol. 32, no. 6, pp. 1108–1124, 2017.
  38. G. Sarwar and O. Mehani, “On the Effectiveness of Dynamic Taint Analysis for Protecting against Private Information Leaks on Android-based Devices,” no. July, pp. 461–468, 2013.
  39. R. Johnson, Z. Wang, A. Stavrou, and J. Voas, “Exposing software security and availability risks for commercial mobile devices,” Proc. — Annu. Reliab. Maintainab. Symp., 2013.
  40. M. Ghorbanzadeh, Y. Chen, Z. Ma, T. C. Clancy, and R. McGwier, “A neural network approach to category validation of Android applications,” 2013 Int. Conf. Comput. Netw. Commun. ICNC 2013, no. June 2015, pp. 740–744, 2013.
  41. L. X. Min and Q. H. Cao, “Runtime-Based Behavior Dynamic Analysis System for Android Malware Detection,” Adv. Mater. Res., vol. 756–759, no. Iccia, pp. 2220–2225, 2013.
  42. G.-H. Lai, Y.-H. Lee, T.-H. Chu, and T.-H. Cheng, “A Structure Similarity-based Approach to Malicious Android App Detection,” Pacis 2015 Proc., 2015.
  43. Z. Han, Xinhui; Ding, Yijing; Wang, Dongqi; Li, Tonghin; Ye, “Android malicious AD threat analysis and detection techniques.”
  44. A. Hamed, H. Kaffel-Ben Ayed, and D. Machfar, “Assessment for Android apps permissions a proactive approach toward privacy risk,” 2017 13th Int. Wirel. Commun. Mob. Comput. Conf. IWCMC 2017, no. October, pp. 1465–1470, 2017.
  45. M. Li et al., “Large-scale Third-party Library Detection in Android Markets.”
  46. S. Siboni, V. Sachidananda, A. Shabtai, and Y. Elovici, “Security Testbed for the Internet of Things,” 2016.
  47. M. Nobakht, Y. Sui, A. Seneviratne, and W. Hu, “Permission Analysis of Health and Fitness Apps in IoT Programming Frameworks,” Proc. — 17th IEEE Int. Conf. Trust. Secur. Priv. Comput. Commun. 12th IEEE Int. Conf. Big Data Sci. Eng. Trust. 2018, pp. 533–538, 2018.
  48. J. Hernández-Serrano et al., “On the road to secure and privacy- preserving IoT ecosystems,” Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 10218 LNCS, pp. 107–122, 2017.
  49. J. H. Jung, J. Y. Kim, H. C. Lee, and J. H. Yi, “Repackaging attack on android banking applications and its countermeasures,” Wirel. Pers. Commun., vol. 73, no. 4, pp. 1421–1437, 2013.
  50. J. Cho, G. Cho, and H. Kim, “Keyboard or keylogger?: A security analysis of third-party keyboards on Android,” 2015 13th Annu. Conf. Privacy, Secur. Trust. PST 2015, pp. 173— 176, 2015.
  51. E. Anthi and G. Theodorakopoulos, “Sensitive data in smartphone applications: Where does it go? Can it be intercepted?,” Lect. Notes Inst. Comput. Sci. Soc. Telecommun. Eng. LNICST, vol. 239, pp. 301–319, 2018.
  52. K. A. C. Faria, E. N. de A. Freitas, and A. M. R. Vincenzi, “Collaborative economy for testing cost reduction on Android ecosystem,” no. December, pp. 11–18, 2017.
  53. Y. Zhauniarovich, A. Philippov, O. Gadyatskaya, B. Crispo, and F. Massacci, “Towards black box testing of android apps,” Proc. — 10th Int. Conf. Availability, Reliab. Secur. ARES 2015, no. November, pp. 501–510, 2015.
  54. B. Deka, Z. Huang, C. Franzen, J. Nichols, Y. Li, and R. Kumar, “Zipt,” pp. 727–736, 2017.
  55. M. Anisetti, C. Ardagna, E. Damiani, and F. Gaudenzi, “A semi-automatic and trustworthy scheme for continuous cloud service certification,” IEEE Trans. Serv. Comput., vol. 1374, no. c, pp. 1–1, 2017.
  56. A. Immonen, E. Ovaska, and T. Paaso, “Towards certified open data in digital service ecosystems,” Softw. Qual. J., vol. 26, no. 4, pp. 1257–1297, 2018.
  57. Y. Falcone, S. Currea, and M. Jaber, “Runtime verification and enforcement for android applications with RV-droid,” Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 7687 LNCS, pp. 88–95, 2013.
  58. A. Avancini and M. Ceccato, “Security testing of the communication among Android applications,” 2013 8th Int. Work. Autom. Softw. Test, AST 2013 — Proc., no. November 2017, pp. 57–63, 2013.
  59. L. Antão, R. Pinto, J. Reis, and G. Gonçalves, “Requirements for testing and validating the industrial internet of things,” Proc. — 2018 IEEE 11th Int. Conf. Softw. Testing, Verif. Valid. Work. ICSTW 2018, no. April, pp. 110–115, 2018.
  60. A. F. Cattoni et al., “An end-to-end testing ecosystem for 5G the TRIANGLE testing house test bed,” J. Green Eng., vol. 6, no. 3, pp. 285–316, 2016.
  61. L. Gazzola, L. Mariani, F. Pastore, and M. Pezze, “An Exploratory Study of Field Failures,” Proc. — Int. Symp. Softw. Reliab. Eng. ISSRE, vol. 2017-Octob, pp. 67–77, 2017.
  62. S. Thorve, C. Sreshtha, and N. Meng, “An empirical study of flaky tests in android apps,” Proc. — 2018 IEEE Int. Conf. Softw. Maint. Evol. ICSME 2018, pp. 534–538, 2018.
  63. S. Hyrynsalmi, M. Seppänen, and A. Suominen, “Sources of value in application ecosystems,” J. Syst. Softw., vol. 96, no. October, pp. 61–72, 2014.
  64. A. Benlian, D. Hilkert, and T. Hess, “How open is this platform? The meaning and measurement of platform openness from the complementors’ perspective,” J. Inf. Technol., vol. 30, no. 3, pp. 209–228, 2015.
  65. L. O. Colombo-Mendoza, G. Alor-Hernández, A. Rodríguez- González, and R. Valencia-García, “MobiCloUP!: A PaaS for cloud services-based mobile applications,” Autom. Softw. Eng., vol. 21, no. 3, pp. 391–437, 2014.
  66. C. Stritzke, C. Priesterjahn, and P. A. A. Gutiérrez, “Towards a Method for End-to-End SDN App Development,” Proc. — Eur. Work. Softw. Defin. Networks, EWSDN, pp. 107–108, 2015.
  67. M. Song, “Supporting Effective Reuse and Safe Evolution in Metadata-Driven Software Development,” 2013.
  68. N. Bidargaddi, Y. Van Kasteren, P. Musiat, and M. Kidd, “Developing a third-party analytics application using Australia’s national personal health records system: Case study,” J. Med. Internet Res., vol. 20, no. 4, pp. 1–17, 2018.
  69. I. Cabral, P. Espadinha-Cruz, A. Grilo, A. Gonçalves-Coelho, and A. Mourão, “A methodology for designing an interoperable industrial ecosystems, using the axiomatic design theory,” IEEE Int. Conf. Ind. Eng. Eng. Manag., 2014, pp. 1324–1328.
  70. P. Arjunan, N. Batra, H. Choi, and A. Singh, “SensorActl: A Privacy and Security Aware Federated Middleware for Building Management”, Proc. in BuildSys, 2012, pp. 80–87.
  71. N. M. Tiwari, G. Upadhyaya, H. A. Nguyen and H. Rajan, “Candoia: A Platform for Building and Sharing Mining Software Repositories Tools as Apps,” 2017 IEEE/ACM 14th International Conference on Mining Software Repositories (MSR), Buenos Aires, 2017, pp. 53-63, doi: 10.1109/MSR.2017.56.
  72. Y Yan Wang and Atanas Rountev, “Who changed you? obfuscator identification for Android,” Proc. in MOBILESoft, 2017, pp. 154–164, doi:https://doi.org/10.1109/ MOBILESoft.2017.18 .
  73. W. Ahmad, C. Kästner, J. Sunshine, and J. Aldrich, “Inter-app communication in Android,” 2016, pp. 177–188.
  74. Apple Inc., “iOS Security iOS 12,” White Paper, no.September, 2018, p. 93.
  75. “The Step-By-Step Guide to App Store Submission and Optimization,” Clearbridge Mobile, 2015.
  76. Apple, “iOS Lifecycle Management Contents,” 2017, pp. 1–18. [77] J. Shimagaki, Y. Kamei, N. Ubayashi, and A. Hindle, “Automatic topic classification of test cases using text mining at an Android smartphone vendor,” 2018, pp. 1–10.