基于Fuzzing的Android应用通信过程漏洞挖掘技术

doi:10.7523/j.issn.2095-6134.2014.06.015

中国科学院大学学报 ›› 2014, Vol. 31 ›› Issue (6): 827-835.DOI: 10.7523/j.issn.2095-6134.2014.06.015

基于Fuzzing的Android应用通信过程漏洞挖掘技术

王凯, 刘奇旭, 张玉清

中国科学院大学国家计算机网络入侵防范中心, 北京 101408

收稿日期:2013-09-27 修回日期:2014-01-03
通讯作者: 王凯
基金资助:
国家自然科学基金(61272481,61303239)、北京市自然科学基金(4122089)、国家发改委信息安全专项(发改办高技[2012]1424号)和中国科学院大学校长基金资助

Android inter-application communication vulnerability mining technique based on Fuzzing

WANG Kai, LIU Qixu, ZHANG Yuqing

National Computer Network Intrusion Protection Center, University of Chinese Academy of Science, Beijing 101408, China

Received:2013-09-27 Revised:2014-01-03

摘要/Abstract

摘要：

在通信过程中,如果Android应用对其私有组件保护不充分,会导致组件暴露漏洞的存在.以往针对Android应用通信过程的漏洞挖掘方法不能准确发现这种安全威胁.为解决上述问题,提出一种结合Fuzzing技术和逆向分析的漏洞挖掘方法,设计并实现了漏洞挖掘工具KMDroid.实验结果表明,KMDroid可以有效挖掘应用通信过程中存在的安全漏洞.

关键词: Android, Fuzzing, 逆向分析, 应用通信, 安全漏洞

Abstract:

If an Android application could not protect its private components well in the process of inter-application communication, there would exist exposed component vulnerabilities. The current vulnerability mining technique cannot identify such vulnerabilities accurately. To solve this problem, we propose a new vulnerability mining method which combines Fuzzing with reverse analysis, and design a vulnerability mining tool named KMDroid. Experimental results show that KMDroid can discover the vulnerability of inter-application communication effectively.

Key words: Android, Fuzzing, reverse analysis, inter-application communication, vulnerabilities

中图分类号:

TP393.08

王凯, 刘奇旭, 张玉清. 基于Fuzzing的Android应用通信过程漏洞挖掘技术[J]. 中国科学院大学学报, 2014, 31(6): 827-835.

WANG Kai, LIU Qixu, ZHANG Yuqing. Android inter-application communication vulnerability mining technique based on Fuzzing[J]. , 2014, 31(6): 827-835.

参考文献

[1] Lunden I. Nearly 75% of all smartphones sold In Q1 were android, with samsung at 30%; mobile sales overall nearly flat: gartner.[EB/OL]. [2013-06-26]. http://techcrunch.com/2013/05/14/android-nearly-75-of-all-smartphones-shipped-in-q1-samsung-tops-30-mobile-sales-overall-nearly-flat-says-gartner.

[2] AppBrain. Number of available Android applications[EB/OL]. [2013-07-19]. http://www.appbrain.com/stats/number-of-android-apps.

[3] Enck W, Ongtang M, McDaniel P. Understanding android security[J]. Security & Privacy, IEEE, 2009, 7(1): 50-57.

[4] Ding L P. Analysis the security of android[J]. Netinfo Security, 2012(3):28-31 (in Chinese). 丁丽萍. Android操作系统的安全性分析[J]. 信息网络安全, 2012(3): 28-31.

[5] Android Developers. Components[EB/OL]. [2013-06-23]. http://developer.android.com/guide/components/fundamentals.html#Components.

[6] Android Developers. Intents and intent filters[EB/OL]. [2013-06-26]. http://developer.android.com/guide/components/intents-filters.html.Application.

[7] Android Open Source Project. Settings app-security bug[EB/OL]. [2013-06-26]. http://code.google.com/p/android/issues/detail?id=14602.

[8] Miller B P, Fredriksen L, So B. An empirical study of the reliability of UNIX utilities[J]. Communications of the ACM, 1990, 33(12): 32-44.

[9] Liu Q X, Zhang Y Q. TFTP vulnerability exploiting technique based on fuzzing[J]. Computer Engineering, 2007, 33(20):142-147 (in Chinese). 刘奇旭, 张玉清. 基于Fuzzing的TFTP漏洞挖掘技术[J]. 计算机工程, 2007, 33(20): 142-147.

[10] Yu P Y, Huang J F, Gong Y Z. Static code analysis of Android application information leakage[J]. Software, 2012, 33(10): 1-5 (in Chinese). 于鹏洋, 黄俊飞, 宫云战. Android 应用隐私泄露静态代码分析[J]. 软件, 2012, 33(10): 1-5.

[11] Luo C,Zhang Y Q,Wang L,et al. Automatic network protocol analysis and vulnerability discovery based on symbolic expression[J]. Journal of Graduate University of Chinese Academy of Sciences,2013,30(2) :278-284 (in Chinese). 罗成, 张玉清, 王龙, 等. 基于符号表达式的未知协议格式分析及漏洞挖掘[J]. 中国科学院研究生院学报, 2013, 30(2): 278-284.

[12] Android Developers. Manifest[EB/OL]. [2013-06-26]. http://developer.android.com/guide/topics/manifest/manifest-element.html#.

[13] Android Developers. Permissions[EB/OL]. [2013-06-26]. http://developer.android.com/guide/topics/security/permissions.html.

[14] Android Developers. Android debug bridge[EB/OL]. [2013-06-26]. http://developer.android.com/tools/help/adb.html.

[15] Android Developers. Logcat[EB/OL]. [2013-06-26]. http://developer.android.com/tools/help/logcat.html.

[16] iSEC Partners. Intent Fuzzer[EB/OL]. [2013-06-26]. https://www.isecpartners.com/tools/mobile-security/intent-fuzzer.aspx.

[17] Maji A K, Arshad F A, Bagchi S, et al. An empirical study of the robustness of inter-component communication in Android[C]//Dependable Systems and Networks (DSN), 2012 42nd Annual IEEE/IFIP International Conference on. IEEE, 2012: 1-12.

[18] Chin E, Felt A P, Greenwood K, et al. Analyzing inter-application communication in Android[C]//Proceedings of the 9th International Conference on Mobile Systems, Applications, and services. ACM, 2011: 239-252.

[19] Kantola D, Chin E, He W, et al. Reducing attack surfaces for intra-application communication in android[C]//Proceedings of the Second ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. ACM, 2012: 69-80.