Android has become the most popular mobile OS, as it enables device manufacturers to introduce customizations to compete with value-added services. However, customizations make the OS less dependable and secure, since they can introduce software flaws. Such flaws can be found by using fuzzing, a popular testing technique among security researchers. This paper presents Chizpurfle, a novel "gray-box" fuzzing tool for vendor-specific Android services. Testing these services is challenging for existing tools, since vendors do not provide source code and the services cannot be run on a device emulator. Chizpurfle has been designed to run on an unmodified Android OS on an actual device. The tool automatically discovers, fuzzes, and profiles proprietary services. This work evaluates the applicability and performance of Chizpurfle on the Samsung Galaxy S6 Edge, and discusses software bugs found in privileged vendor services.
Chizpurfle: A Gray-Box Android Fuzzer for Vendor Service Customizations / Iannillo, Antonio Ken; Natella, Roberto; Cotroneo, Domenico; Nita-Rotaru, Cristina. - 2017:(2017), pp. 1-11. (Intervento presentato al convegno 28th IEEE International Symposium on Software Reliability Engineering, ISSRE 2017 nel 2017) [10.1109/ISSRE.2017.16].
Chizpurfle: A Gray-Box Android Fuzzer for Vendor Service Customizations
Iannillo, Antonio Ken;Natella, Roberto;Cotroneo, Domenico;
2017
Abstract
Android has become the most popular mobile OS, as it enables device manufacturers to introduce customizations to compete with value-added services. However, customizations make the OS less dependable and secure, since they can introduce software flaws. Such flaws can be found by using fuzzing, a popular testing technique among security researchers. This paper presents Chizpurfle, a novel "gray-box" fuzzing tool for vendor-specific Android services. Testing these services is challenging for existing tools, since vendors do not provide source code and the services cannot be run on a device emulator. Chizpurfle has been designed to run on an unmodified Android OS on an actual device. The tool automatically discovers, fuzzes, and profiles proprietary services. This work evaluates the applicability and performance of Chizpurfle on the Samsung Galaxy S6 Edge, and discusses software bugs found in privileged vendor services.| File | Dimensione | Formato | |
|---|---|---|---|
|
08109068.pdf
solo utenti autorizzati
Tipologia:
Documento in Post-print
Licenza:
Accesso privato/ristretto
Dimensione
858.01 kB
Formato
Adobe PDF
|
858.01 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
