Please use this identifier to cite or link to this item:
|Title:||Android vulnerability detection||Authors:||Huang, Wenjie||Keywords:||Engineering::Computer science and engineering||Issue Date:||2022||Publisher:||Nanyang Technological University||Source:||Huang, W. (2022). Android vulnerability detection. Master's thesis, Nanyang Technological University, Singapore. https://hdl.handle.net/10356/156850||Abstract:||Open-source Android application packages (APK) provide a huge base of applications for users without the need to start creating the application from scratch. This gives the Android system unique advantages and popularity among the other selection of mobile operating systems (OS). Finding vulnerabilities in the open-source APK becomes a critical component in the Android environment. One of the most effective methods for locating vulnerabilities that exist within the applications is to use fuzzing. However, it is challenging to fuzz in the Android environment due to certain limitations. Firstly, there are some fuzzers on the Linux platform; however, no equivalent fuzzer is found in the Android environment. Secondly, a fuzzer requires an executable target program. Some of the APKs are privately maintained such as commercial ones and only nonexecutable shared object files are available. Lastly, it is hardware and computational resource-intensive supporting fuzzing scalability on the Android platform. It is not feasible to get an Android device for each of the fuzzing processes and the physical device requirement is generally not a scalable solution. Furthermore, preparing a software emulation environment to replace the physical device is not cost efficient as it takes up much more resources to simulate the same environment conducted on a different operating system, and the resources wasted accumulate in each of the fuzzing processes run by the fuzzer. This thesis proposes an automated parallel fuzzing solution to detect vulnerabilities in APK. For C libraries, it first extracts shared object (.so) files from APK and obtains the library function names in the “.so” files through feature extraction. Matching the function names against a database consisting of open-source library names and respective function names to get the library name of the functions. For Java libraries, it extracts the “smali” files from APK through the feature extraction. The “smali” files contain the group identity document (ID) of the Java libraries. Hence, the library name can be obtained based on the library group ID. With the library name, the library source code found on Github is downloaded and to be run by a manually prepared test harness. Then, multiple fuzzers are initiated by executing the test harness with 6 crawled seed inputs. Finally, the crashes are triaged and reproduced in the Android application. A bug report is created summarizing the information of crash reproduction. The proposed approach has discovered 198 vulnerabilities in Java libraries and 9 vulnerabilities in C libraries. 3 of the vulnerabilities have been reproduced in the libraries related to Android applications so far.||URI:||https://hdl.handle.net/10356/156850||DOI:||10.32657/10356/156850||Rights:||This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License (CC BY-NC 4.0).||Fulltext Permission:||open||Fulltext Availability:||With Fulltext|
|Appears in Collections:||SCSE Theses|
Updated on May 20, 2022
Updated on May 20, 2022
Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.