Android vulnerability detection
Open-source Android application packages (APK) provide a huge base of applications for users without the need to start creating the application from scratch. This gives the Android system unique advantages and popularity among the other selection of mobile operating systems (OS). Finding vulnerabili...
Saved in:
Main Author: | |
---|---|
Other Authors: | |
Format: | Thesis-Master by Research |
Language: | English |
Published: |
Nanyang Technological University
2022
|
Subjects: | |
Online Access: | https://hdl.handle.net/10356/156850 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Nanyang Technological University |
Language: | English |
id |
sg-ntu-dr.10356-156850 |
---|---|
record_format |
dspace |
spelling |
sg-ntu-dr.10356-1568502022-05-04T10:23:16Z Android vulnerability detection Huang, Wenjie Liu Yang School of Computer Science and Engineering yangliu@ntu.edu.sg Engineering::Computer science and engineering Open-source Android application packages (APK) provide a huge base of applications for users without the need to start creating the application from scratch. This gives the Android system unique advantages and popularity among the other selection of mobile operating systems (OS). Finding vulnerabilities in the open-source APK becomes a critical component in the Android environment. One of the most effective methods for locating vulnerabilities that exist within the applications is to use fuzzing. However, it is challenging to fuzz in the Android environment due to certain limitations. Firstly, there are some fuzzers on the Linux platform; however, no equivalent fuzzer is found in the Android environment. Secondly, a fuzzer requires an executable target program. Some of the APKs are privately maintained such as commercial ones and only nonexecutable shared object files are available. Lastly, it is hardware and computational resource-intensive supporting fuzzing scalability on the Android platform. It is not feasible to get an Android device for each of the fuzzing processes and the physical device requirement is generally not a scalable solution. Furthermore, preparing a software emulation environment to replace the physical device is not cost efficient as it takes up much more resources to simulate the same environment conducted on a different operating system, and the resources wasted accumulate in each of the fuzzing processes run by the fuzzer. This thesis proposes an automated parallel fuzzing solution to detect vulnerabilities in APK. For C libraries, it first extracts shared object (.so) files from APK and obtains the library function names in the “.so” files through feature extraction. Matching the function names against a database consisting of open-source library names and respective function names to get the library name of the functions. For Java libraries, it extracts the “smali” files from APK through the feature extraction. The “smali” files contain the group identity document (ID) of the Java libraries. Hence, the library name can be obtained based on the library group ID. With the library name, the library source code found on Github is downloaded and to be run by a manually prepared test harness. Then, multiple fuzzers are initiated by executing the test harness with 6 crawled seed inputs. Finally, the crashes are triaged and reproduced in the Android application. A bug report is created summarizing the information of crash reproduction. The proposed approach has discovered 198 vulnerabilities in Java libraries and 9 vulnerabilities in C libraries. 3 of the vulnerabilities have been reproduced in the libraries related to Android applications so far. Master of Engineering 2022-04-26T04:45:15Z 2022-04-26T04:45:15Z 2022 Thesis-Master by Research Huang, W. (2022). Android vulnerability detection. Master's thesis, Nanyang Technological University, Singapore. https://hdl.handle.net/10356/156850 https://hdl.handle.net/10356/156850 10.32657/10356/156850 en This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License (CC BY-NC 4.0). application/pdf Nanyang Technological University |
institution |
Nanyang Technological University |
building |
NTU Library |
continent |
Asia |
country |
Singapore Singapore |
content_provider |
NTU Library |
collection |
DR-NTU |
language |
English |
topic |
Engineering::Computer science and engineering |
spellingShingle |
Engineering::Computer science and engineering Huang, Wenjie Android vulnerability detection |
description |
Open-source Android application packages (APK) provide a huge base of applications for users without the need to start creating the application from scratch. This gives the Android system unique advantages and popularity among the other selection of mobile operating systems (OS). Finding vulnerabilities in the open-source APK becomes a critical component in the Android environment. One of the most effective methods for locating vulnerabilities that exist within the applications is to use fuzzing. However, it is challenging to fuzz in the Android environment due to certain limitations. Firstly, there are some fuzzers on the Linux platform; however, no equivalent fuzzer is found in the Android environment. Secondly, a fuzzer requires an executable target program. Some of the APKs are privately maintained such as commercial ones and only nonexecutable shared object files are available. Lastly, it is hardware and computational resource-intensive supporting fuzzing scalability on the Android platform. It is not feasible to get an Android device for each of the fuzzing processes and the physical device requirement is generally not a scalable solution. Furthermore, preparing a software emulation environment to replace the physical device is not cost efficient as it takes up much more resources to simulate the same environment conducted on a different operating system, and the resources wasted accumulate in each of the fuzzing processes run by the fuzzer.
This thesis proposes an automated parallel fuzzing solution to detect vulnerabilities in APK. For C libraries, it first extracts shared object (.so) files from APK and obtains the library function names in the “.so” files through feature extraction. Matching the function names against a database consisting of open-source library names and respective function names to get the library name of the functions. For Java libraries, it extracts the “smali” files from APK through the feature extraction. The “smali” files contain the group identity document (ID) of the Java libraries. Hence, the library name can be obtained based on the library group ID. With the library name, the library source code found on Github is downloaded and to be run by a manually prepared test harness. Then, multiple fuzzers are initiated by executing the test harness with 6 crawled seed inputs. Finally, the crashes are triaged and reproduced in the Android application. A bug report is created summarizing the information of crash reproduction.
The proposed approach has discovered 198 vulnerabilities in Java libraries and 9 vulnerabilities in C libraries. 3 of the vulnerabilities have been reproduced in the libraries related to Android applications so far. |
author2 |
Liu Yang |
author_facet |
Liu Yang Huang, Wenjie |
format |
Thesis-Master by Research |
author |
Huang, Wenjie |
author_sort |
Huang, Wenjie |
title |
Android vulnerability detection |
title_short |
Android vulnerability detection |
title_full |
Android vulnerability detection |
title_fullStr |
Android vulnerability detection |
title_full_unstemmed |
Android vulnerability detection |
title_sort |
android vulnerability detection |
publisher |
Nanyang Technological University |
publishDate |
2022 |
url |
https://hdl.handle.net/10356/156850 |
_version_ |
1734310211938680832 |