| Android is the most popular operating system of smartphone.It’s convenient to customize the Android for mobile device manufacturers.Related research shows that the Vendor Android,which adds a large number of Services,has expanded the attack surface of Android.In order to ensure the security of the Vendor Android,it is necessary to test its Services effectively.Most related works are mutation-based fuzzers,they have low code coverage of target Services due to the lack of type signature.So we design a reverse engineering method to extracte Service signature in closed-source Vendor Android.We implement a generation-based Service fuzzing tool,to improve the test depth through mocked Android Context,and to test the Service boundary conditions more effectively through abnormal IBinder type.The main work is as follow:· A reverse engineering method to extract the Service signature automatically.From the compiled artifacts of Java and Native Services,the Service signature can be reversely inferred by restoring the structure in the Binder serialization function.· We implement a Service fuzzing tool,CASFuzzer: it can generate and mutate test case based on the Service signature? through Binder IPC interception technology,it can mock Android Context that affects the execution of the service to improve the depth of testing? through dynamic general Service Stub,it can generate abnormal IBinder type for boundary condition testing of the Service.· We evalute our tools with two popular Vendor Android OS.The experimental results show that the Service signature extraction tool Rev Extractor has high accuracy.The simulation of the Android Context makes the testing more in-depth and effective.The abnormal IBinder type can trigger specific Service defects. |
PDF Full Text Request