FuzzerAPP:The Robustness Test of Application Component Communication in Android
-
摘要: 针对Android应用程序的安全性问题,提出一种基于模糊测试方法的组件通信鲁棒性测试方案.首先构造测试集和测试用例,随后将测试用例发送给目标应用程序并收集测试数据,最后对测试数据进行分析.依据测试方案设计并实现了模糊测试工具FuzzerAPP,进而对常用应用程序进行鲁棒性测试.通过对测试数据的分析,发现发送特殊Intent可以导致应用程序的崩溃,甚至引发系统服务的级联崩溃.此外,发现测试集中多款应用程序存在测试模块暴露的问题,可能会导致隐私泄露、拒绝服务等严重安全问题.最后,通过与其他工具的对比,表明测试方法的有效性和测试工具的实用性.Abstract: The study of Android security has attracted wide attention because of the huge share in operation system market for mobile devices. Aiming at the security issues of Android application, this paper presents a robustness test scheme of application components based on fuzzy testing method. Firstly, a test set and the corresponding test cases are designed. These cases are sent to a target application for collecting and analyzing the test data. Considering the time, efficiency and other factors, the test case is sent to the application components to be tested. Then, the interaction information of the target component in the test process and the statistical analysis of the output data are analyzed. According to the design of test scheme, a platform named as FuzzerAPP is implemented which can test the robustness of the common applications in Android system. Many applications in some famous Android application markets are tested under FuzzerAPP, and the experiments results are collected. By the analysis of the test data, we find that if FuzzerAPP sends a particular Intent to the target application, it will make the application crash or even lead to the cascading breakdown of system services. Besides, there is a test module exposure problem in many applications of the test set, which can cause serious security problems such as privacy leaks and DoS (denial of service attacks). Finally, on contrast of other similar plans in component supporting, test performance, test objectives and Intent construction categories, the results show the effectiveness of the test method and the practicability of the test platform.
-
Keywords:
- Android /
- components communication /
- fuzzy test /
- robustness /
- test module exposure
-
-
期刊类型引用(14)
1. 孙造诣,许苇婧,徐亮,李宏汀. 调节定向对App用户隐私披露的影响. 心理科学进展. 2023(07): 1160-1171 . 
百度学术
2. 王宏. 基于知识图谱的中外用户隐私研究对比分析. 大学图书情报学刊. 2023(04): 136-145 . 百度学术
3. 冯晗,伊华伟,李晓会,李锐. 推荐系统的隐私保护研究综述. 计算机科学与探索. 2023(08): 1814-1832 . 百度学术
4. 李静,赵青杉,高媛. 基于机器学习的大数据隐私非交互式查询研究. 计算机仿真. 2023(08): 334-338 . 百度学术
5. 刘振,吴宇. 基于区块链的自适应权重趋势感知联邦学习方案. 电子设计工程. 2023(24): 75-80 . 百度学术
6. 雷可为,王小辉. 基于微信公众平台的景区个性化推荐系统设计. 信息技术. 2022(01): 56-61 . 百度学术
7. 朱智韬,司世景,王健宗,肖京. 联邦推荐系统综述. 大数据. 2022(04): 105-132 . 百度学术
8. 张洪磊,李浥东,邬俊,陈乃月,董海荣. 基于隐私保护的联邦推荐算法综述. 自动化学报. 2022(09): 2142-2163 . 百度学术
9. 胡至洵,杜宇,刘潇月. 基于用户兴趣分类的书籍自动推荐系统设计. 现代电子技术. 2021(06): 58-62 . 百度学术
10. 马苏杭,龙士工,刘海,彭长根,李思雨. 面向高维数据发布的个性化差分隐私算法. 计算机系统应用. 2021(04): 131-138 . 百度学术
11. 马黛露丝,朱海萍,田锋,冯沛,陈妍,计湘婷,李玉杰. 一种权衡性能与隐私保护的推荐算法. 西安交通大学学报. 2021(07): 117-123 . 百度学术
12. 邓翔天,钱海峰. 标准模型下的灵活细粒度授权密文一致性检测方案. 计算机研究与发展. 2021(10): 2222-2237 . 本站查看
13. 周俊,方国英,吴楠. 联邦学习安全与隐私保护研究综述. 西华大学学报(自然科学版). 2020(04): 9-17 . 百度学术
14. 周艳榕. 基于个性化特征的电子商务智能推荐系统. 现代电子技术. 2020(19): 155-158+162 . 百度学术
其他类型引用(26)
计量
- 文章访问数: 1620
- HTML全文浏览量: 1
- PDF下载量: 567
- 被引次数: 40
下载:
