FuzzerAPP：Android应用程序组件通信鲁棒性测试

张密; 杨力; 张俊伟

doi:10.7544/issn1000-1239.2017.20150993

FuzzerAPP：Android应用程序组件通信鲁棒性测试

(西安电子科技大学网络与信息安全学院西安 710071) (zmic@sina.cn)

基金项目: 国家自然科学基金项目(61671360,61672409,61672415,61672413,61472310,U1135002);中央高校基本科研业务费项目(JB161505,BDZ011402)；信息保障重点实验室开放课题(KJ-14-109)

详细信息

中图分类号: TP39
计量
- 文章访问数: 1617
- HTML全文浏览量: 1
- PDF下载量: 567
出版历程
- 发布日期: 2017-01-31

FuzzerAPP：The Robustness Test of Application Component Communication in Android

(School of Cyber Engineering, Xidian University, Xi'an 710071)

摘要

摘要: 针对Android应用程序的安全性问题，提出一种基于模糊测试方法的组件通信鲁棒性测试方案.首先构造测试集和测试用例，随后将测试用例发送给目标应用程序并收集测试数据，最后对测试数据进行分析.依据测试方案设计并实现了模糊测试工具FuzzerAPP，进而对常用应用程序进行鲁棒性测试.通过对测试数据的分析，发现发送特殊Intent可以导致应用程序的崩溃，甚至引发系统服务的级联崩溃.此外，发现测试集中多款应用程序存在测试模块暴露的问题，可能会导致隐私泄露、拒绝服务等严重安全问题.最后，通过与其他工具的对比，表明测试方法的有效性和测试工具的实用性.
- 安卓 /
- 组件通信 /
- 模糊测试 /
- 鲁棒性 /
- 测试模块暴露
Abstract: The study of Android security has attracted wide attention because of the huge share in operation system market for mobile devices. Aiming at the security issues of Android application, this paper presents a robustness test scheme of application components based on fuzzy testing method. Firstly, a test set and the corresponding test cases are designed. These cases are sent to a target application for collecting and analyzing the test data. Considering the time, efficiency and other factors, the test case is sent to the application components to be tested. Then, the interaction information of the target component in the test process and the statistical analysis of the output data are analyzed. According to the design of test scheme, a platform named as FuzzerAPP is implemented which can test the robustness of the common applications in Android system. Many applications in some famous Android application markets are tested under FuzzerAPP, and the experiments results are collected. By the analysis of the test data, we find that if FuzzerAPP sends a particular Intent to the target application, it will make the application crash or even lead to the cascading breakdown of system services. Besides, there is a test module exposure problem in many applications of the test set, which can cause serious security problems such as privacy leaks and DoS (denial of service attacks). Finally, on contrast of other similar plans in component supporting, test performance, test objectives and Intent construction categories, the results show the effectiveness of the test method and the practicability of the test platform.
- Android /
- components communication /
- fuzzy test /
- robustness /
- test module exposure

HTML全文

参考文献(0)

施引文献(5)

期刊类型引用(3)

1.	苏兆品，张羚，张国富. 低比特率语音流大容量分层隐写方法. 中国图象图形学报. 2022(12): 3461-3475 . 百度学术
2.	李丽惠. 云计算环境下的数据安全传输方式研究. 漳州职业技术学院学报. 2020(04): 80-86 . 百度学术
3.	廖克顺. 基于抗转码视频处理技术的图像隐写算法. 广西师范学院学报(自然科学版). 2019(02): 50-54 . 百度学术