STAB Fuzzing: A Study of Android’s Binder IPC and Linux/Android Fuzzing
نویسنده
چکیده
This paper focuses on describing the necessary background to begin working with Binder: Android’s Interprocess Communication (IPC) mechanism, and Linux/Android system call (“syscall”) fuzzing tools. The objective was to study Android and Binder along with system call fuzzing in order to learn more about Android, Binder IPC, and vulnerability detection and analysis. Our study was further concentrated on the ioctl() syscall due to the significant role is plays in handling Binder data and the potential for abuse/misuse. This paper will present our findings in studying the Android OS, specifically the Binder framework, as well a review of existing fuzzing frameworks, as well as describe our efforts in running Trinity-based fuzzing tools against Linux and Android.
منابع مشابه
BinderCracker: Assessing the Robustness of Android System Services
In Android, communications between apps and system services are supported by a transaction-based InterProcess Communication (IPC) mechanism. Binder, as the cornerstone of this IPC mechanism, separates two communicating parties as client and server. As with any client–server model, the server should not make any assumption on the validity (sanity) of client-side transaction. To our surprise, we ...
متن کاملkAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels
Many kinds of memory safety vulnerabilities have been endangering software systems for decades. Amongst other approaches, fuzzing is a promising technique to unveil various software faults. Recently, feedback-guided fuzzing demonstrated its power, producing a steady stream of security-critical software bugs. Most fuzzing efforts—especially feedback fuzzing—are limited to user space components o...
متن کاملA Context-Aware Kernel IPC Firewall for Android
Our phones go wherever we go. Ever present, and with ever more data and connections, smartphones hold as much sensitive data as traditional systems but do not have the same protections. Android’s recent 6.0 (Marshmallow) release introduced much needed dynamic permission checks for applications. However, this does not go far enough in adapting to mobile phone’s unique security needs. Smartphones...
متن کاملH-Fuzzing: A New Heuristic Method for Fuzzing Data Generation
How to efficiently reduce the fuzzing data scale while assuring high fuzzing veracity and vulnerability coverage is a pivotal issue in program fuzz test. This paper proposes a new heuristic method for fuzzing data generation named with H-Fuzzing. H-Fuzzing achieves a high program execution path coverage by retrieving the static information and dynamic property from the program. Our experiments ...
متن کاملThe future of grey-box fuzzing
Society are becoming more dependent on software, and more artifacts are being connected to the Internet each day[31]. This makes the work of tracking down vulnerabilities in software a moral obligation for software developers. Since manual testing is expensive[7], automated bug finding techniques are attractive within the quality assurance field, since it can save companies a lot of money. This...
متن کامل