FuzzerAPP:The Robustness Test of Application Component Communication in Android
-
摘要: 针对Android应用程序的安全性问题,提出一种基于模糊测试方法的组件通信鲁棒性测试方案.首先构造测试集和测试用例,随后将测试用例发送给目标应用程序并收集测试数据,最后对测试数据进行分析.依据测试方案设计并实现了模糊测试工具FuzzerAPP,进而对常用应用程序进行鲁棒性测试.通过对测试数据的分析,发现发送特殊Intent可以导致应用程序的崩溃,甚至引发系统服务的级联崩溃.此外,发现测试集中多款应用程序存在测试模块暴露的问题,可能会导致隐私泄露、拒绝服务等严重安全问题.最后,通过与其他工具的对比,表明测试方法的有效性和测试工具的实用性.Abstract: The study of Android security has attracted wide attention because of the huge share in operation system market for mobile devices. Aiming at the security issues of Android application, this paper presents a robustness test scheme of application components based on fuzzy testing method. Firstly, a test set and the corresponding test cases are designed. These cases are sent to a target application for collecting and analyzing the test data. Considering the time, efficiency and other factors, the test case is sent to the application components to be tested. Then, the interaction information of the target component in the test process and the statistical analysis of the output data are analyzed. According to the design of test scheme, a platform named as FuzzerAPP is implemented which can test the robustness of the common applications in Android system. Many applications in some famous Android application markets are tested under FuzzerAPP, and the experiments results are collected. By the analysis of the test data, we find that if FuzzerAPP sends a particular Intent to the target application, it will make the application crash or even lead to the cascading breakdown of system services. Besides, there is a test module exposure problem in many applications of the test set, which can cause serious security problems such as privacy leaks and DoS (denial of service attacks). Finally, on contrast of other similar plans in component supporting, test performance, test objectives and Intent construction categories, the results show the effectiveness of the test method and the practicability of the test platform.
-
Keywords:
- Android /
- components communication /
- fuzzy test /
- robustness /
- test module exposure
-
-
期刊类型引用(10)
1. 郜晨,何升,杭骁骞. 基于申威NMII的锁死故障监测与诊断. 计算机应用研究. 2024(04): 1015-1021 . 
百度学术
2. 范国炜,吴涛,刘壮. 基于新一代神威天气和气候预测系统并行优化. 计算机仿真. 2023(12): 353-358 . 百度学术
3. 陈淑平,何王全,李祎,漆锋滨. InfiniBand中面向有限多播表条目数的多播路由算法. 计算机研究与发展. 2022(04): 864-881 . 本站查看
4. 聂婕,左子杰,黄磊,王志刚,孙正雅,仲国强,王鑫,王玉成,刘安安,张弘,董军宇,魏志强. 面向海洋的多模态智能计算:挑战、进展和展望. 中国图象图形学报. 2022(09): 2589-2610 . 百度学术
5. 张绍晴,林璘,刘才力,杨光,王兆瑛,费云龙,任倩倩,苑诗敏,倪欣宁,王一帆,刘银杏,杨浩宇,任国志,荀皓,宋睿哲,蔡金卓,杨帆,刘博文,郭锦,陈玥,卢绿,李江玉,江应境,王雪,王凯迪,王振明,于洋洋,赵浩然,王静菊,马有为,任斯敏,雍建林. 地球系统数值模拟历史回顾及未来发展之机遇与挑战. 中国海洋大学学报(自然科学版). 2022(11): 1-12 . 百度学术
6. 陈淑平,李祎,何王全,漆锋滨. 胖树拓扑中高效实用的定制多播路由算法. 计算机研究与发展. 2022(12): 2689-2707 . 本站查看
7. 朱雨,庞建民,徐金龙,陶小涵,王军. 面向SW26010处理器的三维Stencil自适应分块参数算法. 计算机科学. 2021(06): 10-18 . 百度学术
8. 范培勤,过武宏,韩梅,唐帅,张驰. 水声环境特征参数并行预报方法研究. 计算机工程与科学. 2021(11): 1920-1925 . 百度学术
9. 庄园,郭强,张洁,曾云辉. 大规模申威众核环境下二维数据计算的可扩展方法. 计算机科学. 2020(08): 87-92 . 百度学术
10. 姜尚志,唐生林,高希然,花嵘,陈莉,刘颖. “神威·太湖之光”上Tend_lin应用的并行优化研究. 计算机工程与科学. 2020(10): 1842-1851 . 百度学术
其他类型引用(8)
计量
- 文章访问数: 1622
- HTML全文浏览量: 1
- PDF下载量: 567
- 被引次数: 18
下载:
