The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
5G 휴대폰이 상용화되면서 새롭게 등장하는 풍부한 기능의 하드웨어를 대량으로 활용하기 위한 안드로이드 드라이버가 급증하고 있습니다. 이러한 드라이버의 대부분은 타사 공급업체가 개발했으며 적절한 취약점 검토가 부족하여 보안 및 개인 정보 보호에 여러 가지 새로운 잠재적 위험을 초래합니다. 그러나 Android 드라이버의 복잡성과 다양성으로 인해 기존 분석 방법은 비효율적입니다. 예를 들어, 드라이버별 인수 형식으로 인해 기존 syscall fuzzer가 유효한 입력을 생성하기가 어렵고, 포인터가 많은 코드로 인해 정적 분석 결과가 불완전해지며, 포인터 캐스팅으로 인해 실제 유형이 숨겨집니다. Android 드라이버의 깊은 곳에서 코드를 트리거하는 것은 여전히 어려운 일입니다. 유효한 입력을 자동으로 생성하고 드라이버 코드를 탐색하기 위한 커버리지 안내 및 레이아웃 인식 퍼징 도구인 CoLaFUZE를 소개합니다. CoLaFUZE는 커널 모듈을 사용하여 데이터 복사 작업을 캡처하고 이를 퍼징 엔진으로 리디렉션하여 필요한 데이터의 올바른 크기가 드라이버로 전송되도록 합니다. CoLaFUZE는 동적 분석과 기호 실행을 활용하여 드라이버 인터페이스를 복구하고 인터페이스에 대한 유효한 입력을 생성합니다. 또한 CoLaFUZE의 시드 돌연변이 모듈은 적용 범위 정보를 활용하여 더 나은 시드 품질을 달성하고 드라이버 내부의 버그를 노출시킵니다. 우리는 Google, Xiaomi, Samsung, Sony 및 Huawei를 포함한 상위 공급업체의 최신 Android 휴대폰 5개에서 CoLaFUZE를 평가합니다. 결과에 따르면 CoLaFUZE는 최신 퍼저에 비해 더 많은 코드 커버리지를 탐색할 수 있으며, CoLaFUZE는 테스트 장치에서 11개의 취약점을 성공적으로 발견했습니다.
Tianshi MU
China Southern Power Grid
Huabing ZHANG
China Southern Power Grid
Jian WANG
China Southern Power Grid
Huijuan LI
China Southern Power Grid
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
부
Tianshi MU, Huabing ZHANG, Jian WANG, Huijuan LI, "CoLaFUZE: Coverage-Guided and Layout-Aware Fuzzing for Android Drivers" in IEICE TRANSACTIONS on Information,
vol. E104-D, no. 11, pp. 1902-1912, November 2021, doi: 10.1587/transinf.2021NGP0005.
Abstract: With the commercialization of 5G mobile phones, Android drivers are increasing rapidly to utilize a large quantity of newly emerging feature-rich hardware. Most of these drivers are developed by third-party vendors and lack proper vulnerabilities review, posing a number of new potential risks to security and privacy. However, the complexity and diversity of Android drivers make the traditional analysis methods inefficient. For example, the driver-specific argument formats make traditional syscall fuzzers difficult to generate valid inputs, the pointer-heavy code makes static analysis results incomplete, and pointer casting hides the actual type. Triggering code deep in Android drivers remains challenging. We present CoLaFUZE, a coverage-guided and layout-aware fuzzing tool for automatically generating valid inputs and exploring the driver code. CoLaFUZE employs a kernel module to capture the data copy operation and redirect it to the fuzzing engine, ensuring that the correct size of the required data is transferred to the driver. CoLaFUZE leverages dynamic analysis and symbolic execution to recover the driver interfaces and generates valid inputs for the interfaces. Furthermore, the seed mutation module of CoLaFUZE leverages coverage information to achieve better seed quality and expose bugs deep in the driver. We evaluate CoLaFUZE on 5 modern Android mobile phones from the top vendors, including Google, Xiaomi, Samsung, Sony, and Huawei. The results show that CoLaFUZE can explore more code coverage compared with the state-of-the-art fuzzer, and CoLaFUZE successfully found 11 vulnerabilities in the testing devices.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2021NGP0005/_p
부
@ARTICLE{e104-d_11_1902,
author={Tianshi MU, Huabing ZHANG, Jian WANG, Huijuan LI, },
journal={IEICE TRANSACTIONS on Information},
title={CoLaFUZE: Coverage-Guided and Layout-Aware Fuzzing for Android Drivers},
year={2021},
volume={E104-D},
number={11},
pages={1902-1912},
abstract={With the commercialization of 5G mobile phones, Android drivers are increasing rapidly to utilize a large quantity of newly emerging feature-rich hardware. Most of these drivers are developed by third-party vendors and lack proper vulnerabilities review, posing a number of new potential risks to security and privacy. However, the complexity and diversity of Android drivers make the traditional analysis methods inefficient. For example, the driver-specific argument formats make traditional syscall fuzzers difficult to generate valid inputs, the pointer-heavy code makes static analysis results incomplete, and pointer casting hides the actual type. Triggering code deep in Android drivers remains challenging. We present CoLaFUZE, a coverage-guided and layout-aware fuzzing tool for automatically generating valid inputs and exploring the driver code. CoLaFUZE employs a kernel module to capture the data copy operation and redirect it to the fuzzing engine, ensuring that the correct size of the required data is transferred to the driver. CoLaFUZE leverages dynamic analysis and symbolic execution to recover the driver interfaces and generates valid inputs for the interfaces. Furthermore, the seed mutation module of CoLaFUZE leverages coverage information to achieve better seed quality and expose bugs deep in the driver. We evaluate CoLaFUZE on 5 modern Android mobile phones from the top vendors, including Google, Xiaomi, Samsung, Sony, and Huawei. The results show that CoLaFUZE can explore more code coverage compared with the state-of-the-art fuzzer, and CoLaFUZE successfully found 11 vulnerabilities in the testing devices.},
keywords={},
doi={10.1587/transinf.2021NGP0005},
ISSN={1745-1361},
month={November},}
부
TY - JOUR
TI - CoLaFUZE: Coverage-Guided and Layout-Aware Fuzzing for Android Drivers
T2 - IEICE TRANSACTIONS on Information
SP - 1902
EP - 1912
AU - Tianshi MU
AU - Huabing ZHANG
AU - Jian WANG
AU - Huijuan LI
PY - 2021
DO - 10.1587/transinf.2021NGP0005
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E104-D
IS - 11
JA - IEICE TRANSACTIONS on Information
Y1 - November 2021
AB - With the commercialization of 5G mobile phones, Android drivers are increasing rapidly to utilize a large quantity of newly emerging feature-rich hardware. Most of these drivers are developed by third-party vendors and lack proper vulnerabilities review, posing a number of new potential risks to security and privacy. However, the complexity and diversity of Android drivers make the traditional analysis methods inefficient. For example, the driver-specific argument formats make traditional syscall fuzzers difficult to generate valid inputs, the pointer-heavy code makes static analysis results incomplete, and pointer casting hides the actual type. Triggering code deep in Android drivers remains challenging. We present CoLaFUZE, a coverage-guided and layout-aware fuzzing tool for automatically generating valid inputs and exploring the driver code. CoLaFUZE employs a kernel module to capture the data copy operation and redirect it to the fuzzing engine, ensuring that the correct size of the required data is transferred to the driver. CoLaFUZE leverages dynamic analysis and symbolic execution to recover the driver interfaces and generates valid inputs for the interfaces. Furthermore, the seed mutation module of CoLaFUZE leverages coverage information to achieve better seed quality and expose bugs deep in the driver. We evaluate CoLaFUZE on 5 modern Android mobile phones from the top vendors, including Google, Xiaomi, Samsung, Sony, and Huawei. The results show that CoLaFUZE can explore more code coverage compared with the state-of-the-art fuzzer, and CoLaFUZE successfully found 11 vulnerabilities in the testing devices.
ER -