publication . Preprint . 2016

Context-aware System Service Call-oriented Symbolic Execution of Android Framework with Application to Exploit Generation

Luo, Lannan; Zeng, Qiang; Cao, Chen; Chen, Kai; Liu, Jian; Liu, Limin; Gao, Neng; Yang, Min; Xing, Xinyu; Liu, Peng;
Open Access English
  • Published: 02 Nov 2016
Abstract
Android Framework is a layer of software that exists in every Android system managing resources of all Android apps. A vulnerability in Android Framework can lead to severe hacks, such as destroying user data and leaking private information. With tens of millions of Android devices unpatched due to Android fragmentation, vulnerabilities in Android Framework certainly attract attackers to exploit them. So far, enormous manual effort is needed to craft such exploits. To our knowledge, no research has been done on automatic generation of exploits that take advantage of Android Framework vulnerabilities. We make a first step towards this goal by applying symbolic ex...
Subjects
acm: ComputerSystemsOrganization_COMPUTERSYSTEMIMPLEMENTATION
free text keywords: Computer Science - Software Engineering, Computer Science - Cryptography and Security
Download from
33 references, page 1 of 3

K. W. Y. Au, Y. F. Zhou, Z. Huang, and D. Lie. PScout: analyzing the android permission specification. In CCS, 2012.

T. Avgerinos, S. K. Cha, B. L. T. Hao, and D. Brumley. AEG: automatic exploit generation. In Communications of the ACM, 2014.

D. Brumley, P. Poosankam, D. Song, and J. Zheng. Automatic patchbased exploit generation is possible: Techniques and implications. In USENIX Security, 2008.

C. Cadar, D. Dunbar, and D. R. Engler. KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In OSDI, 2008.

C. Cadar and D. Engler. Execution generated test cases: how to make systems code crash itself. Model Checking Software, 2005.

EXE: automatically generating inputs of death. In CCS, 2006.

C. Cao, N. Gao, P. Liu, and J. Xiang. Towards analyzing the input validation vulnerabilities associated with android system services. In ACSAC, 2015.

Y. Cao, Y. Fratantonio, A. Bianchi, M. Egele, C. Kruegel, G. Vigna, and Y. Chen. EdgeMiner: automatically detecting implicit control flow transitions through the android framework. In NDSS, 2015.

V. Chipounov, V. Kuznetsov, and G. Candea. S2E: a platform for in-vivo multi-path analysis of software systems. In ASPLOS, 2011. [OpenAIRE]

M. Costa, M. Castro, L. Zhou, L. Zhang, and M. Peinado. Bouncer: securing software by blocking bad input. In SOSP, 2007.

CVE-2015-6628. https://www.cvedetails.com/cve/CVE-2015-6628/.

CVE-2016-2496. https://www.cvedetails.com/cve/CVE-2016-2496/.

CVE-2016-3750. https://www.cvedetails.com/cve/CVE-2016-3750/.

CVE-2016-3759. https://www.cvedetails.com/cve/CVE-2016-3759/.

W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In OSDI, 2010. [OpenAIRE]

33 references, page 1 of 3
Related research
Abstract
Android Framework is a layer of software that exists in every Android system managing resources of all Android apps. A vulnerability in Android Framework can lead to severe hacks, such as destroying user data and leaking private information. With tens of millions of Android devices unpatched due to Android fragmentation, vulnerabilities in Android Framework certainly attract attackers to exploit them. So far, enormous manual effort is needed to craft such exploits. To our knowledge, no research has been done on automatic generation of exploits that take advantage of Android Framework vulnerabilities. We make a first step towards this goal by applying symbolic ex...
Subjects
acm: ComputerSystemsOrganization_COMPUTERSYSTEMIMPLEMENTATION
free text keywords: Computer Science - Software Engineering, Computer Science - Cryptography and Security
Download from
33 references, page 1 of 3

K. W. Y. Au, Y. F. Zhou, Z. Huang, and D. Lie. PScout: analyzing the android permission specification. In CCS, 2012.

T. Avgerinos, S. K. Cha, B. L. T. Hao, and D. Brumley. AEG: automatic exploit generation. In Communications of the ACM, 2014.

D. Brumley, P. Poosankam, D. Song, and J. Zheng. Automatic patchbased exploit generation is possible: Techniques and implications. In USENIX Security, 2008.

C. Cadar, D. Dunbar, and D. R. Engler. KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In OSDI, 2008.

C. Cadar and D. Engler. Execution generated test cases: how to make systems code crash itself. Model Checking Software, 2005.

EXE: automatically generating inputs of death. In CCS, 2006.

C. Cao, N. Gao, P. Liu, and J. Xiang. Towards analyzing the input validation vulnerabilities associated with android system services. In ACSAC, 2015.

Y. Cao, Y. Fratantonio, A. Bianchi, M. Egele, C. Kruegel, G. Vigna, and Y. Chen. EdgeMiner: automatically detecting implicit control flow transitions through the android framework. In NDSS, 2015.

V. Chipounov, V. Kuznetsov, and G. Candea. S2E: a platform for in-vivo multi-path analysis of software systems. In ASPLOS, 2011. [OpenAIRE]

M. Costa, M. Castro, L. Zhou, L. Zhang, and M. Peinado. Bouncer: securing software by blocking bad input. In SOSP, 2007.

CVE-2015-6628. https://www.cvedetails.com/cve/CVE-2015-6628/.

CVE-2016-2496. https://www.cvedetails.com/cve/CVE-2016-2496/.

CVE-2016-3750. https://www.cvedetails.com/cve/CVE-2016-3750/.

CVE-2016-3759. https://www.cvedetails.com/cve/CVE-2016-3759/.

W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. TaintDroid: An information-flow tracking system for realtime privacy monitoring on smartphones. In OSDI, 2010. [OpenAIRE]

33 references, page 1 of 3
Related research
Powered by OpenAIRE Open Research Graph
Any information missing or wrong?Report an Issue